mTLS: Fix handshake failures
Change introduced in [1] has exposed significant problem in mTLS
verification process, during which an attempt to an uninitialized object
was made. This change removes that attempt and replaces it with resource
that is available at this specific moment of connection lifetime.
Tested:
1. Created and uploaded a set of certificates by following instructions
from TLS Configuration guide [2].
2. Attempted to access /redfish/v1/SessionService/Sessions endpoint
using mTLS authentication method.
With this fix connection has been successful.
[1] https://github.com/openbmc/bmcweb/commit/e01d0c36af115ed46d54b5dbbacfe3ad92226bd3
[2] https://github.com/openbmc/docs/blob/master/security/TLS-configuration.md
Change-Id: I434dbf27169d7ea0207dfd139868d5bf398d24b0
Signed-off-by: Michal Orzel <michalx.orzel@intel.com>
diff --git a/http/http_connection.hpp b/http/http_connection.hpp
index ba4af3f..2a6afeb 100644
--- a/http/http_connection.hpp
+++ b/http/http_connection.hpp
@@ -94,11 +94,13 @@
// don't require auth
if (preverified)
{
- if (!req)
+ boost::asio::ip::address ipAddress;
+ if (getClientIp(ipAddress))
{
- return false;
+ return true;
}
- mtlsSession = verifyMtlsUser(req->ipAddress, ctx);
+
+ mtlsSession = verifyMtlsUser(ipAddress, ctx);
if (mtlsSession)
{
BMCWEB_LOG_DEBUG("{} Generating TLS session: {}", logPtr(this),