[bmcweb] mTLS client authentication always succeeds
Zhenfei Tai
ztai at google.com
Fri May 1 10:06:34 AEST 2020
Hi,
I've been testing bmcweb mTLS for a while and found the user defined verify
callback function returns true in all cases. (
https://github.com/openbmc/bmcweb/blob/master/http/http_connection.h#L287)
If client authentication is enabled in bmcweb, should it reject if client
certificate is bad?
Thanks,
Zhenfei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200430/13d4b0f1/attachment.htm>
More information about the openbmc
mailing list