[bmcweb] mTLS client authentication always succeeds

Zhenfei Tai ztai at google.com
Fri May 1 10:06:34 AEST 2020


Hi,

I've been testing bmcweb mTLS for a while and found the user defined verify
callback function returns true in all cases. (
https://github.com/openbmc/bmcweb/blob/master/http/http_connection.h#L287)

If client authentication is enabled in bmcweb, should it reject if client
certificate is bad?

Thanks,
Zhenfei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200430/13d4b0f1/attachment.htm>


More information about the openbmc mailing list