Daniel P_ Berrangé created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1758
The `gnutls-serv` tool supports loading multiple certificate identities for a server, allowing the admin to provide a cert with RSA and a cert with ML-DSA. This allows a client to negotiate a session with either traditional or PQC algorithms. Consider if a `gnutls-serv` is launched with `--require-client-cert --verify-client-cert`. At the time `gnutls-cli` is launched, the admin does not necessarily know if the connection to the server will be using RSA or ML-DSA, so does not know which client certificate to provide as its identity. If `gnutls-cli` supported loading multiple certificates, then gnutls could provide the correct client identity depending on what the session with the server negotiated. The gnutls APIs appear to already do the right thing with handling multiple client certs if the app calls `gnutls_certificate_set_x509_key` multiple times. Just the glue for `gnutls-cli` appears missing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1758 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Gnutls-devel mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-devel
