From b54c42c6c1ef6c2b58a6728317cbaedc8a3552ae Mon Sep 17 00:00:00 2001 From: "Golgowski, Wiktor" Date: Fri, 27 Aug 2021 19:01:54 +0200 Subject: Override default libcurl CAInfo with empty string. This change allows virtual-media to pass a zero-length string to nbdkit curl plugin cainfo parameter, which will allow for capath to be used. Tested: Manually, with Virtual-Media HTTPS test in ATF. Change-Id: I14ffa2ecbb2bd6cadee3bb8929ef2e1b8bbbf157 Signed-off-by: Golgowski, Wiktor --- src/state/activating_state.cpp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp index b1113b7..7506aed 100644 --- a/src/state/activating_state.cpp +++ b/src/state/activating_state.cpp @@ -259,19 +259,19 @@ std::unique_ptr const std::string& url) { std::unique_ptr secret; - std::vector params = {// Use curl plugin ... - "curl", - // ... to mount http resource at url - "url=" + url, - // custom OpenBMC path for CA - "capath=/etc/ssl/certs/authority", - "ssl-version=tlsv1.2", - "followlocation=false", - "ssl-cipher-list=" - "ECDHE-RSA-AES256-GCM-SHA384:" - "ECDHE-ECDSA-AES256-GCM-SHA384", - "tls13-ciphers=" - "TLS_AES_256_GCM_SHA384"}; + std::vector params = { + // Use curl plugin ... + "curl", + // ... to mount http resource at url + "url=" + url, + // custom OpenBMC path for CA + "cainfo=", "capath=/etc/ssl/certs/authority", "ssl-version=tlsv1.2", + "followlocation=false", + "ssl-cipher-list=" + "ECDHE-RSA-AES256-GCM-SHA384:" + "ECDHE-ECDSA-AES256-GCM-SHA384", + "tls13-ciphers=" + "TLS_AES_256_GCM_SHA384"}; // Authenticate if needed if (machine.getTarget()->credentials) -- cgit v1.2.3