Searched hist:"3 c4781446a43a875d6bc0eeb87a9ee5ba0709a01" (Results 1 – 3 of 3) sorted by relevance
| /openbmc/phosphor-certificate-manager/ |
| H A D | config.h.in | diff 3c4781446a43a875d6bc0eeb87a9ee5ba0709a01 Mon Jun 27 01:42:47 CDT 2022 Lei YU <yulei.sh@bytedance.com> Allow for expired certificate
The code throws for an expired certificate, which results in the below
behavior:
1. If BMC starts when the time is invalid (e.g. the date is in 1970),
bmcweb will create a default certificate with hostname `testhost`;
2. In later reboots when BMC get a valid time, the bmcweb loads the
certificate as before. But phosphor-certificate-manager will throw on
this certificate. Then there is no DBus object created for this
certificate (`/xyz/openbmc_project/certs/server/https/1`)
3. Due to the missing DBus object:
* We will not be able to replace the certificate, e.g. by below
Redfish URI:
```
/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
```
* When the BMC gets the hostname, bmcweb will generate a new
self-signed certificate with the hostname and replace it, the
replacement fails as well.
This commit adds a config option that allows the expired certificate to
be created on DBus and fixes the above issues and it is enabled by
default.
Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Ib02bd686c9bfeb6401b269af20856824647f54c5
|
| H A D | x509_utils.cpp | diff 3c4781446a43a875d6bc0eeb87a9ee5ba0709a01 Mon Jun 27 01:42:47 CDT 2022 Lei YU <yulei.sh@bytedance.com> Allow for expired certificate
The code throws for an expired certificate, which results in the below
behavior:
1. If BMC starts when the time is invalid (e.g. the date is in 1970),
bmcweb will create a default certificate with hostname `testhost`;
2. In later reboots when BMC get a valid time, the bmcweb loads the
certificate as before. But phosphor-certificate-manager will throw on
this certificate. Then there is no DBus object created for this
certificate (`/xyz/openbmc_project/certs/server/https/1`)
3. Due to the missing DBus object:
* We will not be able to replace the certificate, e.g. by below
Redfish URI:
```
/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
```
* When the BMC gets the hostname, bmcweb will generate a new
self-signed certificate with the hostname and replace it, the
replacement fails as well.
This commit adds a config option that allows the expired certificate to
be created on DBus and fixes the above issues and it is enabled by
default.
Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Ib02bd686c9bfeb6401b269af20856824647f54c5
|
| H A D | meson.build | diff 3c4781446a43a875d6bc0eeb87a9ee5ba0709a01 Mon Jun 27 01:42:47 CDT 2022 Lei YU <yulei.sh@bytedance.com> Allow for expired certificate
The code throws for an expired certificate, which results in the below
behavior:
1. If BMC starts when the time is invalid (e.g. the date is in 1970),
bmcweb will create a default certificate with hostname `testhost`;
2. In later reboots when BMC get a valid time, the bmcweb loads the
certificate as before. But phosphor-certificate-manager will throw on
this certificate. Then there is no DBus object created for this
certificate (`/xyz/openbmc_project/certs/server/https/1`)
3. Due to the missing DBus object:
* We will not be able to replace the certificate, e.g. by below
Redfish URI:
```
/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
```
* When the BMC gets the hostname, bmcweb will generate a new
self-signed certificate with the hostname and replace it, the
replacement fails as well.
This commit adds a config option that allows the expired certificate to
be created on DBus and fixes the above issues and it is enabled by
default.
Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Ib02bd686c9bfeb6401b269af20856824647f54c5
|