commit | 09d02f87cf3e976a97010baede551d342325f239 | [log] [tgz] |
---|---|---|
author | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | Mon Mar 30 13:41:42 2020 +0200 |
committer | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | Tue Mar 31 07:15:05 2020 +0000 |
tree | 4a6848307afda1a97cc5f5e15386fc578b9227f1 | |
parent | 1b1b43f20a1f52d014f6435232c19c1d9c8fa337 [diff] |
Fix for possible memory leak in mTLS. Freeing resources returned by X509_get_ext_d2i method. Tested: Manual test were made to verify if TLS authentication works as before. Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: I937d7a13b9b63501fd58b846e6050c5523f76cc4
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/CMakeLists.txt
and then compiling. For example, cmake -DBMCWEB_ENABLE_KVM=NO ...
followed by make
. The option names become C++ preprocessor symbols that control which code is compiled into the program.
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.