Explicitly set verify_none As reported, there are cases where a valid certificate isn't present, but a browser still prompts for an MTLS cert. Fix that by explicitly setting verify_none if strict tls isn't enabled. Unclear what impacts this will have elsewhere: Tested (not yet done on this patch): with a self-signed certificate, logging into chrome no longer prompts the certificate screen. Change-Id: Iaf7d25fec15ad547a6c741c9410995e19ba22016 Signed-off-by: Ed Tanous <etanous@nvidia.com>

commit: 463a0e3e880340a119bf986bab039d1afbe1a432 [log] [tgz]
author: Ed Tanous <etanous@nvidia.com> Mon Oct 14 11:21:48 2024 -0700
committer: Ed Tanous <ed@tanous.net> Thu Oct 24 14:45:41 2024 +0000
tree: 380fb4d69d0599a8c8493fdeafea4b9e442180d5
parent: a0969c70c0e5a38c0e65f558e254f1af062b33b4 [diff] [blame]
diff --git a/http/http_connection.hpp b/http/http_connection.hpp
index bea10aa..29d4fc8 100644
--- a/http/http_connection.hpp
+++ b/http/http_connection.hpp

@@ -108,6 +108,9 @@
             persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
         if (c.tlsStrict)
         {
+            BMCWEB_LOG_DEBUG(
+                "{} TLS is in strict mode, returning preverified as is.",
+                logPtr(this));
             return preverified;
         }
         // If tls strict mode is disabled
commit	463a0e3e880340a119bf986bab039d1afbe1a432	[log] [tgz]
author	Ed Tanous <etanous@nvidia.com>	Mon Oct 14 11:21:48 2024 -0700
committer	Ed Tanous <ed@tanous.net>	Thu Oct 24 14:45:41 2024 +0000
tree	380fb4d69d0599a8c8493fdeafea4b9e442180d5
parent	a0969c70c0e5a38c0e65f558e254f1af062b33b4 [diff] [blame]