commit | 90d2d1e887e68c70f8e5923eb69c3c9356dae547 | [log] [tgz] |
---|---|---|
author | Jiaqing Zhao <jiaqing.zhao@intel.com> | Wed Apr 13 17:01:57 2022 +0800 |
committer | Ed Tanous <ed@tanous.net> | Fri Apr 15 15:13:08 2022 +0000 |
tree | ac7ecadb55fd81beef111d3a98c6593fcaafaa3c | |
parent | 6f581ec3584cd9b4556a114d30f7a39c63ec64ec [diff] |
CertificateService: Enhance error handling for ReplaceCertificate Current implementation of the ReplaceCertificate API always returns ResourceNotFound if any error occurs when calling DBus, regardless of whether the certificate to be replaced exists or not. This patch checks the error code and only return ResourceNotFound when the object path does not exist, otherwise returns InternalError. Tested: * Replace HTTPS certificate at /redfish/v1/Managers/bmc/NetworkProtocol /HTTPS/Certificates/0 (Invalid URL) returns ResourceNotFound. * Replace HTTPS certificate at /redfish/v1/Managers/bmc/NetworkProtocol /HTTPS/Certificates/1 with CertificateString not containing private key returns InternalError. Change-Id: I67f6014c3856c192b4141e6a92f173a9a8c8189e Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Dbuildtype=debug ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja -C builddir test ninja -C builddir coverage
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.