Disabling requirement of the key encipherment attribute in order to use letsencrypt certificates.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

debian/patches/progress-linux/0001_key-encipherment.patch

@@ -0,0 +1,23 @@
+Author: Sakirnth Nagarasa <sakirnth@debian.org>
+Description: Remove GNUTLS_KEY_KEY_ENCIPHERMENT check.
+ Disable checking of cert attribute GNUTLS_KEY_KEY_ENCIPHERMENT
+ that Let's Encrypt CA can be used to sign certificates.
+
+diff -Naurp qemu.orig/crypto/tlscredsx509.c qemu/crypto/tlscredsx509.c
+--- qemu.orig/crypto/tlscredsx509.c
++++ qemu/crypto/tlscredsx509.c
+@@ -171,14 +171,6 @@ qcrypto_tls_creds_check_cert_key_usage(Q
+                 return -1;
+             }
+         }
+-        if (!(usage & GNUTLS_KEY_KEY_ENCIPHERMENT)) {
+-            if (critical) {
+-                error_setg(errp,
+-                           "Certificate %s usage does not permit key "
+-                           "encipherment", certFile);
+-                return -1;
+-            }
+-        }
+     }
+ 
+     return 0;

debian/patches/series

@@ -16,3 +16,4 @@ slof-ensure-ld-is-called-with-C-locale.patch
 qemu-img-options.patch
 disable-pycotap.patch
 hw-display-qxl-render.c-fix-qxl_unpack_chunks-chunk-.patch
+progress-linux/0001_key-encipherment.patch