]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: da1ee77) | patch
tlscert: Don't force 'keyEncipherment' for ECDSA and ECDH
authorPeter Krempa <pkrempa@redhat.com>
Tue, 17 Jun 2025 13:01:26 +0000 (15:01 +0200)
committerPeter Krempa <pkrempa@redhat.com>
Wed, 18 Jun 2025 10:14:32 +0000 (12:14 +0200)
commit11867b0224a2b8dc34755ff0ace446b6842df1c1
tree1e782b1d90b314f50e07c3acc9644ee3dd2aeefftree
parentda1ee7799a01b0f942667d44a690d4d91eac0cb5commit | diff
tlscert: Don't force 'keyEncipherment' for ECDSA and ECDH

Per RFC8813 [1] which amends RFC5580 [2] ECDSA, ECDH, and ECMQV
algorithms must not have 'keyEncipherment' present, but our code did
check it. Add exemption for known algorithms which don't use it.

[1] https://datatracker.ietf.org/doc/rfc8813/
[2] https://datatracker.ietf.org/doc/rfc5480

Closes: https://gitlab.com/libvirt/libvirt/-/issues/691
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
src/rpc/virnettlscert.c diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git