Enable Mutual TLS for http2 connections
Passing the TLS-provided credentials from the HTTP connection to the
http2 connection got missed, and appears to break mutual TLS for http2
connections. Pass the credentials.
Tested: Mutual TLS is now functional on http2 connections as shown in
the next patch.
Change-Id: Ia2bbcd5383dae859baa96908b76f221b9c74632c
Signed-off-by: Ed Tanous <etanous@nvidia.com>
diff --git a/http/http2_connection.hpp b/http/http2_connection.hpp
index bb9f3d5..aeb46ab 100644
--- a/http/http2_connection.hpp
+++ b/http/http2_connection.hpp
@@ -65,13 +65,13 @@
using self_type = HTTP2Connection<Adaptor, Handler>;
public:
- HTTP2Connection(boost::asio::ssl::stream<Adaptor>&& adaptorIn,
- Handler* handlerIn,
- std::function<std::string()>& getCachedDateStrF,
- HttpType httpTypeIn) :
+ HTTP2Connection(
+ boost::asio::ssl::stream<Adaptor>&& adaptorIn, Handler* handlerIn,
+ std::function<std::string()>& getCachedDateStrF, HttpType httpTypeIn,
+ const std::shared_ptr<persistent_data::UserSession>& mtlsSessionIn) :
httpType(httpTypeIn), adaptor(std::move(adaptorIn)),
ngSession(initializeNghttp2Session()), handler(handlerIn),
- getCachedDateStr(getCachedDateStrF)
+ getCachedDateStr(getCachedDateStrF), mtlsSession(mtlsSessionIn)
{}
void start()
@@ -307,7 +307,7 @@
if constexpr (!BMCWEB_INSECURE_DISABLE_AUTH)
{
thisReq.session = crow::authentication::authenticate(
- {}, asyncResp->res, thisReq.method(), thisReq.req, nullptr);
+ {}, asyncResp->res, thisReq.method(), thisReq.req, mtlsSession);
if (!crow::authentication::isOnAllowlist(thisReq.url().path(),
thisReq.method()) &&
thisReq.session == nullptr)
@@ -659,6 +659,8 @@
Handler* handler;
std::function<std::string()>& getCachedDateStr;
+ std::shared_ptr<persistent_data::UserSession> mtlsSession;
+
using std::enable_shared_from_this<
HTTP2Connection<Adaptor, Handler>>::shared_from_this;