Allow for expired certificate
The code throws for an expired certificate, which results in the below
behavior:
1. If BMC starts when the time is invalid (e.g. the date is in 1970),
bmcweb will create a default certificate with hostname `testhost`;
2. In later reboots when BMC get a valid time, the bmcweb loads the
certificate as before. But phosphor-certificate-manager will throw on
this certificate. Then there is no DBus object created for this
certificate (`/xyz/openbmc_project/certs/server/https/1`)
3. Due to the missing DBus object:
* We will not be able to replace the certificate, e.g. by below
Redfish URI:
```
/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
```
* When the BMC gets the hostname, bmcweb will generate a new
self-signed certificate with the hostname and replace it, the
replacement fails as well.
This commit adds a config option that allows the expired certificate to
be created on DBus and fixes the above issues and it is enabled by
default.
Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Ib02bd686c9bfeb6401b269af20856824647f54c5
diff --git a/config.h.in b/config.h.in
index b363fd3..3d48991 100644
--- a/config.h.in
+++ b/config.h.in
@@ -21,3 +21,6 @@
/* The default name of the authorities list file. */
inline constexpr char defaultAuthoritiesListFileName[] = "@authorities_list_name@";
+
+/* Whether to allow expired certificates. */
+inline constexpr bool allowExpired = @allow_expired@;