Skip to content

mTLS currently broken outside of TLSStrict #296

Description

@williamspatrick

Is this the right place to submit this?

  • This is not a security vulnerability or a crashing bug
  • This is not a question about how to use OpenBMC
  • This is not a bug in an OpenBMC fork or a bug in code still under code review.
  • This is not a request for a new feature.

Bug Description

Running Redfish operations with mTLS enabled currently 401 Unauthorized, unless explicitly setting TLSStrict: true in the bmcweb_persistent_data.json.

curl --include --key $KEY_PATH --cert $CERT_PATH https://bmcdevice/redfish/v1/Systems/system

This was introduced with 463a0e3 and appears to be fixed by reverting.

The current bmcweb compile modifications and PACKAGECONFIG can be seen at https://github.com/openbmc/openbmc/blob/56a1db99ffbce908d8e78e0f5540f5db55cb546f/meta-facebook/recipes-phosphor/interfaces/bmcweb_%25.bbappend#L4 .

Version

2.16.0-dev-2197-g3debd6217b

Additional Information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions