Re: [PATCH] crypto: allow client/server cert chains

["Daniel P. Berrangé" <berrange@redhat.com>]

On Thu, Feb 23, 2023 at 01:54:56PM -0500, matoro wrote:
> On 2023-02-20 10:44, Daniel P. Berrangé wrote:
> > On Mon, Feb 13, 2023 at 01:00:49PM -0500, matoro_mailinglist_qemu--- via
> > wrote:
> > > From: matoro <matoro@users.noreply.github.com>
> > > 
> > > The existing implementation assumes that client/server certificates
> > > are
> > > single individual certificates.  If using publicly-issued
> > > certificates,
> > > or internal CAs that use an intermediate issuer, this is unlikely to
> > > be
> > > the case, and they will instead be certificate chains.  While this can
> > > be worked around by moving the intermediate certificates to the CA
> > > certificate, which DOES currently support multiple certificates, this
> > > instead allows the issued certificate chains to be used as-is, without
> > > requiring the overhead of shuffling certificates around.
> > > 
> > > Corresponding libvirt change is available here:
> > > https://gitlab.com/libvirt/libvirt/-/merge_requests/222
> > > 
> > > Signed-off-by: matoro <matoro_mailinglist_qemu@matoro.tk>
> > 
> > I'm afraid that because the Signed-off-by is intended as a legal
> > statement that you're permitted to contribute this change, we
> > require it to use the person's legal recognised real name (both
> > forename + surname), not a psuedo-name, nor merely a partial
> > name. Could you either resend this submission, or just reply
> > to this mail giving a new Signed-off-by.
> > 
> > The email address can be of your choosing, but should generally
> > be matched to the git commit authorship
> 
> Hi Daniel, unfortunately I am unable to use my real name with contributions
> due to my employment.  Is there any way for me to release copyright on this,
> or have someone else submit it on my behalf?  (I have done the latter with
> kernel contributions before)

Sadly I can't see how to credibly release copyright while remaining
anonymous. In terms of someone submitting it on your behalf, that
depends on the person's willingly to add their own Signed-off-by.
This could be viable for changes which can be considered trivial,
and thus effectively uncopyrightable, but I don't think that applies
here. An alternative would be if some other contributor knows you
well enough to be confident in adding their SoB.

If not, I'll keep this RFE on my list of TODO items to write a
new patch myself.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|