Mutual TLS parsing change at runtime
Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user. These are intended to be a
patch parameter.
This commit implements the Redfish defined schemas; The parsing mode is
stored in the bmcweb persistent configuration file as an integer enum,
with Mapping to the Redfish schema.
To handle OEM specific parsing modes, an enum value of 100+ is defined
to allow the additional OEM parameters. Unfortunately, Redfish doesn't
have a way to represent these today, so those modes are currently not
selectable at runtime.
Now that things are runtime selectable, this obsoletes the option
mutual-tls-common-name-parsing, as it is not longer required at compile
time.
Tested:
GET /redfish/v1/AccountService
returns MultiFactorAuth/ClientCertificate/CertificateMappingAttribute
PATCH /redfish/v1/AccountService
```
{"MultiFactorAuth": {"ClientCertificate": {"CertificateMappingAttribute":"CommonName"}}}
```
Returns 200
[1] https://github.com/DMTF/Redfish-Publications/blob/5b217908b5378b24e4f390c063427d7a707cd308/csdl/AccountService_v1.xml#L1631
Change-Id: I67db0dfa5245a9da973320aab666d12dbd9229e4
Signed-off-by: Ed Tanous <ed@tanous.net>
diff --git a/config/meson.build b/config/meson.build
index b500dee..63e7acb 100644
--- a/config/meson.build
+++ b/config/meson.build
@@ -18,6 +18,7 @@
'insecure-push-style-notification',
'insecure-tftp-update',
'kvm',
+ 'meta-tls-common-name-parsing',
'mutual-tls-auth',
'redfish-aggregation',
'redfish-allow-deprecated-power-thermal',
@@ -41,7 +42,7 @@
string_options = [
'dns-resolver',
- 'mutual-tls-common-name-parsing',
+ 'mutual-tls-common-name-parsing-default',
'redfish-manager-uri-name',
'redfish-system-uri-name',
]