This series adds support for multiple certificate identities.
This is intended to aid in the transition to post-quantum
cryptography by allowing use of certs with RSA in parallel
with certs using MLDSA algorithms.

Daniel P. Berrangé (10):
  remote: use g_strfreev for free()ing lists of strings
  rpc: change 'isServer' parameter from 'int' to 'bool'
  rpc: refactor TLS sanity checking to support many cert files
  rpc: add support for loading multiple certs & keys
  remote: support specifying multiple keys/certs in libvirtd.conf
  rpc: skip fallback when using custom PKI path
  rpc: move file access checks into TLS config API
  rpc: reduce duplication when locating credentials
  rpc: support loading multiple certificate identities
  docs: describe support for multiple certs & PQC config

 docs/kbase/tlscerts.rst           |  88 +++++++++
 po/POTFILES                       |   1 +
 src/libvirt_probes.d              |   3 +-
 src/remote/libvirtd.aug.in        |   2 +
 src/remote/libvirtd.conf.in       |  16 ++
 src/remote/remote_daemon.c        |  24 +--
 src/remote/remote_daemon_config.c |  66 ++++---
 src/remote/remote_daemon_config.h |   4 +-
 src/remote/test_libvirtd.aug.in   |   8 +
 src/rpc/virnettlscert.c           |  35 ++--
 src/rpc/virnettlscert.h           |   2 +-
 src/rpc/virnettlsconfig.c         | 302 +++++++++++++++++++++++++-----
 src/rpc/virnettlsconfig.h         |  44 +++--
 src/rpc/virnettlscontext.c        | 231 +++++++++++------------
 src/rpc/virnettlscontext.h        |  26 +--
 tests/virnettlscontexttest.c      |  10 +-
 tests/virnettlssessiontest.c      |   9 +-
 tools/virt-pki-validate.c         |   3 +-
 18 files changed, 612 insertions(+), 262 deletions(-)

-- 
2.51.1

On 11/6/25 15:50, Daniel P. Berrangé via Devel wrote:
> This series adds support for multiple certificate identities.
> This is intended to aid in the transition to post-quantum
> cryptography by allowing use of certs with RSA in parallel
> with certs using MLDSA algorithms.
> 
> Daniel P. Berrangé (10):
>   remote: use g_strfreev for free()ing lists of strings
>   rpc: change 'isServer' parameter from 'int' to 'bool'
>   rpc: refactor TLS sanity checking to support many cert files
>   rpc: add support for loading multiple certs & keys
>   remote: support specifying multiple keys/certs in libvirtd.conf
>   rpc: skip fallback when using custom PKI path
>   rpc: move file access checks into TLS config API
>   rpc: reduce duplication when locating credentials
>   rpc: support loading multiple certificate identities
>   docs: describe support for multiple certs & PQC config
> 
>  docs/kbase/tlscerts.rst           |  88 +++++++++
>  po/POTFILES                       |   1 +
>  src/libvirt_probes.d              |   3 +-
>  src/remote/libvirtd.aug.in        |   2 +
>  src/remote/libvirtd.conf.in       |  16 ++
>  src/remote/remote_daemon.c        |  24 +--
>  src/remote/remote_daemon_config.c |  66 ++++---
>  src/remote/remote_daemon_config.h |   4 +-
>  src/remote/test_libvirtd.aug.in   |   8 +
>  src/rpc/virnettlscert.c           |  35 ++--
>  src/rpc/virnettlscert.h           |   2 +-
>  src/rpc/virnettlsconfig.c         | 302 +++++++++++++++++++++++++-----
>  src/rpc/virnettlsconfig.h         |  44 +++--
>  src/rpc/virnettlscontext.c        | 231 +++++++++++------------
>  src/rpc/virnettlscontext.h        |  26 +--
>  tests/virnettlscontexttest.c      |  10 +-
>  tests/virnettlssessiontest.c      |   9 +-
>  tools/virt-pki-validate.c         |   3 +-
>  18 files changed, 612 insertions(+), 262 deletions(-)
> 

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal