diff options
| author | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | 2019-10-02 12:22:11 +0300 |
|---|---|---|
| committer | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | 2019-11-12 10:39:07 +0300 |
| commit | 501f1e58ea6fdf97163ce4ea05fbaf1861a62b79 (patch) | |
| tree | 6f617b9e3c29ae4cf7d1b505eefe1444a19ab54d /http/http_connection.h | |
| parent | e9e6d240ab85e515f8d264e39b47a75043b73374 (diff) | |
| download | bmcweb-501f1e58ea6fdf97163ce4ea05fbaf1861a62b79.tar.xz | |
TLS method configuration
User is now able to turn on and off the TLS authentication method.
Tested:
No regression found in manual testing. By default everything works
as before, and disabling TLS method prevents user to authenticate
by it.
Tested with Redfish Service Validator, version 1.2.8
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7be1af659db568caa7e5b97e3844617586d7754
Diffstat (limited to 'http/http_connection.h')
| -rw-r--r-- | http/http_connection.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/http/http_connection.h b/http/http_connection.h index 78805a679e..70def8acfc 100644 --- a/http/http_connection.h +++ b/http/http_connection.h @@ -267,6 +267,15 @@ class Connection #ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION adaptor.set_verify_callback( [this](bool preverified, boost::asio::ssl::verify_context& ctx) { + // do nothing if TLS is disabled + if (!crow::persistent_data::SessionStore::getInstance() + .getAuthMethodsConfig() + .tls) + { + BMCWEB_LOG_DEBUG << "TLS auth_config is disabled"; + return true; + } + // We always return true to allow full auth flow if (!preverified) { |