WIP:Switch between peer BMC mTLS and https SSL context#1385
Draft
priyair wants to merge 2 commits intoibm-openbmc:1120from
Draft
WIP:Switch between peer BMC mTLS and https SSL context#1385priyair wants to merge 2 commits intoibm-openbmc:1120from
priyair wants to merge 2 commits intoibm-openbmc:1120from
Conversation
priyair
changed the title
Contributor
|
Why do we need this? What does this do? Can we go upstream with this ? |
Contributor
When customer uploads new CA signed https certificate, our mtls certs should not impact https traffic with CA signed certificate, so we are trying ssl context switching. |
Revert "Switch between peer BMC mTLS and https SSL context" This reverts commit 3d48529.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
WIP:Switch between peer BMC mTLS and https SSL context
This commit switches between mTLS and https ssl context, based upon the client cert provided. When client certificate is provided the bmcweb switched to mTLS context, else use https SSL context. Also supports the password fallback mechanism when tlsStrict and TLS is enabled.
Tested By
Provided client cert and bmcweb switched to mTLs context
Provided password or session token the bmcweb switched to https SSL context