Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: Generate New Ti...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: qemu-kvm / General
Labels:
None

Severity:
None

AssignedTeam:
rhel-virt-core

Story Points:
None
Target Version:

rhel-10.2
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

To support hybrid mode for PQC, the TLS library (GNUTLS for QEMU) must be provided multiple distinct sets of certificates. One set using classic DSA algorithm, and one set using ML-DSA algorithm.

This requires calling gnutls_certificate_set_x509_key() with different pem files loaded, which is not something QEMU is currently able to do.

depends on

RHEL-125931 QE Test support for loading multiple sets of x509 certificates for PQC hybrid mode

RHEL-125930 Backport support for loading multiple sets of x509 certificates for PQC hybrid mode

RHEL-125928 Upstream support for loading multiple sets of x509 certificates for PQC hybrid mode

Closed

is depended on by

RHEL-100716 libvirt support for loading multiple sets of x509 certificates for PQC hybrid mode

Assignee:: Daniel Berrangé

Reporter:: Daniel Berrangé

Developer:: virt-maint

QA Contact:: virt-bugs

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/08/29 11:42 AM

Updated:: 2025/11/07 11:07 AM

Stale Date:: 2026/10/29

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates