From nobody Sun Dec 14 07:59:09 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1751371829; cv=none; d=zohomail.com; s=zohoarc; b=Lduj1vCzvTfRV9SSO3OHVt2MEaahZ69gBf7E5Af+gBSK7ySRtDTfaHjYDIS+l8afwyvcd/3Yzn3xKGX7Hc2ve8QRh3Z9KGdSeL/feDIh+jkM42nvjXfd0OMgfcNvAaH7ygqL5FVqSUvzqqooytQvoHu9+a1S4LnP0Pby8CdNqhQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1751371829; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=XhV1x4TUwM446sb900Ri3I6EN9rDV0SgKsdbTt+iwAs=; b=XvOr7hUyOxOxJLxSRp/rHHB7TRM2/af9HgjSZU4plI/vMCK/cWBC9q6AVYNCFN+6bdMPa4nEgHLXbSEHyGp6m+hwh8lnsuJ4A+SwrF2mS/1r0RLbaR4j51+Kl15TRrjYzDo5etnrh/h9njvy7DrWEfjHmkBQi/Ql81AerI05ayk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1751371829826243.27825626507172; Tue, 1 Jul 2025 05:10:29 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id CF96C15C8; Tue, 1 Jul 2025 08:10:28 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 7ED631656; Tue, 1 Jul 2025 08:09:02 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9B22015F4; Tue, 1 Jul 2025 08:08:56 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id DFC8315EB for ; Tue, 1 Jul 2025 08:08:50 -0400 (EDT) Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-548-q26kk4vyM9mlxHpa9Ecdcg-1; Tue, 01 Jul 2025 08:08:49 -0400 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 6EF791978C9A for ; Tue, 1 Jul 2025 12:08:48 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A7AE3180045B for ; Tue, 1 Jul 2025 12:08:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE,UPPERCASE_50_75 autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1751371730; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=161CeCBl+sq+a9W9Q3/SNnYDKQacQzgxUA2fj2LpyJg=; b=eunQXOgFgLDAKPocZXPUfJxQfRPwpE+C440OkY+2uhWaagT2IJnEbCdSN+wmEhQFeBD0Iz 52FUrVIUKPgP05BiHTQp5FJeqq/ouIyJlDkSGWQyAzmbHYAgnIk/uasyxGsO6x/KgRvKCV 9vnM0+b5FRVphtNBe6kskY7NigzqW/Y= X-MC-Unique: q26kk4vyM9mlxHpa9Ecdcg-1 X-Mimecast-MFC-AGG-ID: q26kk4vyM9mlxHpa9Ecdcg_1751371728 To: devel@lists.libvirt.org Subject: [PATCH v2 3/3] tests: virnettls*test: Drop use of GNUTLS_KEY_KEY_ENCIPHERMENT Date: Tue, 1 Jul 2025 14:08:42 +0200 Message-ID: <7ae93a13c19d981ebece34b3fb7f37d375bb13f4.1751371167.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: e-h2XmFKwK8Xdl8LUYLatHeiJKDCfiJ5ReA4CPuTaYI_1751371728 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 6K3ZZ6YU6HB3UPA5FKOYRERZGQ4YPKYO X-Message-ID-Hash: 6K3ZZ6YU6HB3UPA5FKOYRERZGQ4YPKYO X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1751371831409116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa It's not needed with TLS 1.3 any more. Signed-off-by: Peter Krempa --- tests/virnettlscontexttest.c | 36 ++++++++++++++++++------------------ tests/virnettlssessiontest.c | 14 +++++++------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index 2311524db8..48bdefdd76 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -156,13 +156,13 @@ mymain(void) TLS_CERT_REQ(servercertreq, cacertreq, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); TLS_CERT_REQ(clientcertreq, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, 0, 0); @@ -182,7 +182,7 @@ mymain(void) TLS_CERT_REQ(servercert1req, cacert1req, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); @@ -196,7 +196,7 @@ mymain(void) TLS_CERT_REQ(servercert2req, cacert2req, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); @@ -210,7 +210,7 @@ mymain(void) TLS_CERT_REQ(servercert3req, cacert3req, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); @@ -230,7 +230,7 @@ mymain(void) TLS_CERT_REQ(servercert4req, cacert4req, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); /* no-basic */ @@ -243,7 +243,7 @@ mymain(void) TLS_CERT_REQ(servercert5req, cacert5req, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); /* Key usage:dig-sig:critical */ @@ -256,7 +256,7 @@ mymain(void) TLS_CERT_REQ(servercert6req, cacert6req, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); @@ -284,7 +284,7 @@ mymain(void) TLS_CERT_REQ(servercert8req, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT | GNUTLS_KEY_KEY_CERT_SIGN, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _CERT_SIGN, false, false, NULL, NULL, 0, 0); /* usage:cert-sign:not-critical */ @@ -372,7 +372,7 @@ mymain(void) TLS_CERT_REQ(clientcert2req, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT | GNUTLS_KEY_KEY_CERT_SIGN, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _CERT_SIGN, false, false, NULL, NULL, 0, 0); /* usage:cert-sign:not-critical */ @@ -459,19 +459,19 @@ mymain(void) TLS_CERT_REQ(servercertexpreq, cacertexpreq, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); TLS_CERT_REQ(servercertexp1req, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, -1); TLS_CERT_REQ(clientcertexp1req, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, 0, -1); @@ -491,19 +491,19 @@ mymain(void) TLS_CERT_REQ(servercertnewreq, cacertnewreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); TLS_CERT_REQ(servercertnew1req, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 1, 2); TLS_CERT_REQ(clientcertnew1req, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, 1, 2); @@ -538,13 +538,13 @@ mymain(void) TLS_CERT_REQ(servercertlevel3areq, cacertlevel2areq, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); TLS_CERT_REQ(clientcertlevel2breq, cacertlevel1breq, "UK", "libvirt client level 2b", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, 0, 0); diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c index 285cde57d8..459e17c52c 100644 --- a/tests/virnettlssessiontest.c +++ b/tests/virnettlssessiontest.c @@ -314,20 +314,20 @@ mymain(void) TLS_CERT_REQ(servercertreq, cacertreq, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); TLS_CERT_REQ(clientcertreq, cacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, 0, 0); TLS_CERT_REQ(clientcertaltreq, altcacertreq, "UK", "libvirt", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, 0, 0); @@ -342,14 +342,14 @@ mymain(void) TLS_CERT_REQ(servercertalt1req, cacertreq, "UK", "libvirt.org", "www.libvirt.org", "libvirt.org", "1= 92.168.122.1", "fec0::dead:beaf", true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); /* This intentionally doesn't replicate */ TLS_CERT_REQ(servercertalt2req, cacertreq, "UK", "libvirt.org", "www.libvirt.org", "wiki.libvirt.org= ", "192.168.122.1", "fec0::dead:beaf", true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); @@ -433,13 +433,13 @@ mymain(void) TLS_CERT_REQ(servercertlevel3areq, cacertlevel2areq, "UK", "libvirt.org", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); TLS_CERT_REQ(clientcertlevel2breq, cacertlevel1breq, "UK", "libvirt client level 2b", NULL, NULL, NULL, NULL, true, true, false, - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY= _ENCIPHERMENT, + true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, 0, 0); --=20 2.49.0