Turning ON the mutual TLS
This commit sets the mutual TLS option to ON by default.
Core mTLS implementation was accepted under this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23588
where by default the mTLS was disabled.
Tested:
Manual tests were made to verify if this option turns the
mTLS ON.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I3bc5f5453d4c4df1cd7ecb0b8868423285b6ab83
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9303e4d..22bc6ad 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -86,7 +86,7 @@
BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
"Enables authenticating users through TLS client certificates.
The BMCWEB_INSECURE_DISABLE_SSL must be OFF for this option to take effect."
- OFF
+ ON
)
# Insecure options. Every option that starts with a BMCWEB_INSECURE flag should
diff --git a/http/http_connection.h b/http/http_connection.h
index cce4a54..7e92ea7 100644
--- a/http/http_connection.h
+++ b/http/http_connection.h
@@ -275,7 +275,7 @@
SSL_set_session_id_context(
adaptor.native_handle(),
reinterpret_cast<const unsigned char*>(serverName.c_str()),
- serverName.length());
+ static_cast<unsigned int>(serverName.length()));
BMCWEB_LOG_DEBUG << this << " TLS is enabled on this connection.";
}
diff --git a/include/sessions.hpp b/include/sessions.hpp
index f197bff..4144705 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -108,7 +108,7 @@
bool cookie = true;
bool sessionToken = true;
bool basic = true;
- bool tls = true;
+ bool tls = false;
void fromJson(const nlohmann::json& j)
{