59d640378f
- virSystemdCreateMachine: Document @maxthreds (RHEL-95361) - cgroup: Unexport 'virDomainCgroupInitCgroup' (RHEL-95361) - qemu: conf: Store 'autoShutdown' config in virDomainDriverAutoShutdownConfig (RHEL-95361) - hypervisor: domain: Extract logic for auto shutdown to virDomainDriverAutoShutdownActive (RHEL-95361) - virSystemdCreateMachine: Add flag to invert machined unit dependencies (RHEL-95361) - cgroup: Plumb the 'daemonDomainShutdown' parameter of 'virSystemdCreateMachine' to drivers (RHEL-95361) - qemu: Fix auto-shutdown of qemu VMs by the qemu driver (RHEL-95361) - hypervisor: Split out individual steps out of virDomainDriverAutoShutdown (RHEL-95196) - virDomainDriverAutoShutdownDoSave: Don't attempt to save transient VMs (RHEL-95196) - virDomainDriverAutoShutdown: Refactor selection logic for VMs (RHEL-95196) - tls: Don't require 'keyEncipherment' to be enabled altoghther (RHEL-100711) - kbase: tlscerts: Drop 'encryption_key' feature request (RHEL-100711) - tests: virnettls*test: Drop use of GNUTLS_KEY_KEY_ENCIPHERMENT (RHEL-100711) - qemu_tpm: Rename qemuTPMHasSharedStorage -> qemuTPMDomainHasSharedStorage (RHEL-80155) - qemu_tpm: Extract per-TPM functionality from qemuTPMDomainHasSharedStorage (RHEL-80155) - qemu_tpm: Only warn about missing locking feature on shared filesystems (RHEL-80155) Resolves: RHEL-100711, RHEL-80155, RHEL-95196, RHEL-95361
45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
From c50a7108b0090fdce43c7f9d0cef9c905c989cc5 Mon Sep 17 00:00:00 2001
|
|
Message-ID: <c50a7108b0090fdce43c7f9d0cef9c905c989cc5.1752837271.git.jdenemar@redhat.com>
|
|
From: Peter Krempa <pkrempa@redhat.com>
|
|
Date: Tue, 1 Jul 2025 13:46:59 +0200
|
|
Subject: [PATCH] kbase: tlscerts: Drop 'encryption_key' feature request
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
As TLS 1.3 performs key exchange separately from the algorithm used to
|
|
verify authenticity, the certificates for libvirt's use of TLS don't
|
|
need to require the 'encryption_key' feature any more.
|
|
|
|
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
(cherry picked from commit 3da460236968be1c67a38a01711d46cb257a7125)
|
|
|
|
https://issues.redhat.com/browse/RHEL-100711
|
|
---
|
|
docs/kbase/tlscerts.rst | 2 --
|
|
1 file changed, 2 deletions(-)
|
|
|
|
diff --git a/docs/kbase/tlscerts.rst b/docs/kbase/tlscerts.rst
|
|
index e4aa5bb3c9..215d454998 100644
|
|
--- a/docs/kbase/tlscerts.rst
|
|
+++ b/docs/kbase/tlscerts.rst
|
|
@@ -204,7 +204,6 @@ define the server as follows:
|
|
ip_address = 2001:cafe::74
|
|
ip_address = fe20::24
|
|
tls_www_server
|
|
- encryption_key
|
|
signing_key
|
|
|
|
The 'cn' field should refer to the fully qualified public hostname of the
|
|
@@ -298,7 +297,6 @@ briefly cover the steps.
|
|
organization = Libvirt Project
|
|
cn = client1
|
|
tls_www_client
|
|
- encryption_key
|
|
signing_key
|
|
|
|
and sign by doing:
|
|
--
|
|
2.50.1
|