[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] crypto: allow client/server cert chains
From: |
Daniel P . Berrangé |
Subject: |
Re: [PATCH] crypto: allow client/server cert chains |
Date: |
Mon, 20 Feb 2023 15:44:58 +0000 |
User-agent: |
Mutt/2.2.9 (2022-11-12) |
On Mon, Feb 13, 2023 at 01:00:49PM -0500, matoro_mailinglist_qemu--- via wrote:
> From: matoro <matoro@users.noreply.github.com>
>
> The existing implementation assumes that client/server certificates are
> single individual certificates. If using publicly-issued certificates,
> or internal CAs that use an intermediate issuer, this is unlikely to be
> the case, and they will instead be certificate chains. While this can
> be worked around by moving the intermediate certificates to the CA
> certificate, which DOES currently support multiple certificates, this
> instead allows the issued certificate chains to be used as-is, without
> requiring the overhead of shuffling certificates around.
>
> Corresponding libvirt change is available here:
> https://gitlab.com/libvirt/libvirt/-/merge_requests/222
>
> Signed-off-by: matoro <matoro_mailinglist_qemu@matoro.tk>
I'm afraid that because the Signed-off-by is intended as a legal
statement that you're permitted to contribute this change, we
require it to use the person's legal recognised real name (both
forename + surname), not a psuedo-name, nor merely a partial
name. Could you either resend this submission, or just reply
to this mail giving a new Signed-off-by.
The email address can be of your choosing, but should generally
be matched to the git commit authorship
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|