Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: Generate New Ti...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: libvirt / CLI & API
Labels:
- PQCTestingR1

sprint_count:
1

AssignedTeam:
rhel-virt-confidential-virt

Sprint:
ConfVirt Sprint 3
Story Points:
5
Blocked:
False
Blocked Reason:

Hide

None

Show
None

Planning:
None

To support hybrid mode for PQC, the TLS library (GNUTLS for libvirt) must be provided multiple distinct sets of certificates. One set using classic DSA algorithm, and one set using ML-DSA algorithm.

This requires calling gnutls_certificate_set_x509_key() with different pem files loaded, which is not something libvirt is currently able to do.

This task tracks the upstream impl & subsystem merge

blocks

RHEL-126829 Backport libvirt support for loading multiple sets of x509 certificates for PQC hybrid mode

is depended on by

RHEL-100716 libvirt support for loading multiple sets of x509 certificates for PQC hybrid mode

RHEL-125311 [ Upstream Placeholder Task ]

Assignee:: Daniel Berrangé

Reporter:: Daniel Berrangé

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2025/11/06 3:10 PM

Updated:: 2025/11/07 2:17 AM

Stale Date:: 2026/08/18

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates