proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-08-14 16:11:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

redfish: Add an option for CA verification

Browse Source 
Since the Redfish service may use a self-signed certificate without
specifying the hostname, we could have the problem to verify such
certificate. A new option, CACheck, is introduced so that the user can
decide whether to ignore the CA verification or not.

Signed-off-by: Gary Lin <glin@suse.com>
This commit is contained in:
Gary Lin 2018-08-02 12:05:49 +08:00 committed by Richard Hughes
parent 986c0ebe77
commit b54f4706cb
4 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/redfish/fu-plugin-redfish.c
View File

@ -52,6 +52,7 @@ fu_plugin_startup (FuPlugin *plugin, GError **error)
FuPluginData *data = fu_plugin_get_data (plugin); FuPluginData *data = fu_plugin_get_data (plugin);
GBytes *smbios_data = fu_plugin_get_smbios_data (plugin, REDFISH_SMBIOS_TABLE_TYPE); GBytes *smbios_data = fu_plugin_get_smbios_data (plugin, REDFISH_SMBIOS_TABLE_TYPE);
g_autofree gchar *redfish_uri = NULL; g_autofree gchar *redfish_uri = NULL;
g_autofree gchar *ca_check = NULL;
/* read the conf file */ /* read the conf file */
redfish_uri = fu_plugin_get_config_value (plugin, "Uri"); redfish_uri = fu_plugin_get_config_value (plugin, "Uri");
@ -103,6 +104,13 @@ fu_plugin_startup (FuPlugin *plugin, GError **error)
return FALSE; return FALSE;
} }
} }
ca_check = fu_plugin_get_config_value (plugin, "CACheck");
if (ca_check != NULL && g_ascii_strcasecmp (ca_check, "false") == 0)
fu_redfish_client_set_cacheck (data->client, FALSE);
else
fu_redfish_client_set_cacheck (data->client, TRUE);
return fu_redfish_client_setup (data->client, smbios_data, error); return fu_redfish_client_setup (data->client, smbios_data, error);
} }

13
plugins/redfish/fu-redfish-client.c
View File

@ -31,6 +31,7 @@ struct _FuRedfishClient
gchar *push_uri_path; gchar *push_uri_path;
gboolean auth_created; gboolean auth_created;
gboolean use_https; gboolean use_https;
gboolean cacheck;
GPtrArray *devices; GPtrArray *devices;
}; };
@ -671,6 +672,12 @@ fu_redfish_client_setup (FuRedfishClient *self, GBytes *smbios_table, GError **e
return FALSE; return FALSE;
} }
if (self->cacheck == FALSE) {
g_object_set (G_OBJECT (self->session),
SOUP_SESSION_SSL_STRICT, FALSE,
NULL);
}
/* this is optional */ /* this is optional */
if (smbios_table != NULL) { if (smbios_table != NULL) {
g_autoptr(GError) error_smbios = NULL; g_autoptr(GError) error_smbios = NULL;
@ -781,6 +788,12 @@ fu_redfish_client_set_https (FuRedfishClient *self, gboolean use_https)
self->use_https = use_https; self->use_https = use_https;
} }
void
fu_redfish_client_set_cacheck (FuRedfishClient *self, gboolean cacheck)
{
self->cacheck = cacheck;
}
void void
fu_redfish_client_set_username (FuRedfishClient *self, const gchar *username) fu_redfish_client_set_username (FuRedfishClient *self, const gchar *username)
{ {

2
plugins/redfish/fu-redfish-client.h
View File

@ -28,6 +28,8 @@ void fu_redfish_client_set_port (FuRedfishClient *self,
guint port); guint port);
void fu_redfish_client_set_https (FuRedfishClient *self, void fu_redfish_client_set_https (FuRedfishClient *self,
gboolean use_https); gboolean use_https);
void fu_redfish_client_set_cacheck (FuRedfishClient *self,
gboolean cacheck);
gboolean fu_redfish_client_update (FuRedfishClient *self, gboolean fu_redfish_client_update (FuRedfishClient *self,
FuDevice *device, FuDevice *device,
GBytes *blob_fw, GBytes *blob_fw,

5
plugins/redfish/redfish.conf
View File

@ -7,3 +7,8 @@
# The username and password to the Redfish service # The username and password to the Redfish service
#Username= #Username=
#Password= #Password=
# Whether to verify the server certificate or not
# Expected value: TRUE or FALSE
# Default: TRUE
#CACheck=