Allow for expired certificate
The code throws for an expired certificate, which results in the below
behavior:
1. If BMC starts when the time is invalid (e.g. the date is in 1970),
bmcweb will create a default certificate with hostname `testhost`;
2. In later reboots when BMC get a valid time, the bmcweb loads the
certificate as before. But phosphor-certificate-manager will throw on
this certificate. Then there is no DBus object created for this
certificate (`/xyz/openbmc_project/certs/server/https/1`)
3. Due to the missing DBus object:
* We will not be able to replace the certificate, e.g. by below
Redfish URI:
```
/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
```
* When the BMC gets the hostname, bmcweb will generate a new
self-signed certificate with the hostname and replace it, the
replacement fails as well.
This commit adds a config option that allows the expired certificate to
be created on DBus and fixes the above issues and it is enabled by
default.
Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Ib02bd686c9bfeb6401b269af20856824647f54c5
diff --git a/meson.build b/meson.build
index 8ab2f77..68f4503 100644
--- a/meson.build
+++ b/meson.build
@@ -42,6 +42,12 @@
get_option('authorities-list-name')
)
+if not get_option('allow-expired').disabled()
+ config_data.set('allow_expired', 'true')
+else
+ config_data.set('allow_expired', 'false')
+endif
+
configure_file(
input: 'config.h.in',
output: 'config.h',