redfish: Add an option for CA verification

Since the Redfish service may use a self-signed certificate without specifying the hostname, we could have the problem to verify such certificate. A new option, CACheck, is introduced so that the user can decide whether to ignore the CA verification or not. Signed-off-by: Gary Lin <glin@suse.com>
2025-08-14 16:11:22 +00:00 · 2018-08-02 12:05:49 +08:00 · 2018-08-02 12:05:49 +08:00 · b54f4706cb
commit b54f4706cb
parent 986c0ebe77
4 changed files with 28 additions and 0 deletions
--- a/plugins/redfish/fu-plugin-redfish.c
+++ b/plugins/redfish/fu-plugin-redfish.c
@ -52,6 +52,7 @@ fu_plugin_startup (FuPlugin *plugin, GError **error)
 	FuPluginData *data = fu_plugin_get_data (plugin);
 	GBytes *smbios_data = fu_plugin_get_smbios_data (plugin, REDFISH_SMBIOS_TABLE_TYPE);
 	g_autofree gchar *redfish_uri = NULL;
+	g_autofree gchar *ca_check = NULL;

 	/* read the conf file */
 	redfish_uri = fu_plugin_get_config_value (plugin, "Uri");
@ -103,6 +104,13 @@ fu_plugin_startup (FuPlugin *plugin, GError **error)
 			return FALSE;
 		}
 	}
+
+	ca_check = fu_plugin_get_config_value (plugin, "CACheck");
+	if (ca_check != NULL && g_ascii_strcasecmp (ca_check, "false") == 0)
+		fu_redfish_client_set_cacheck (data->client, FALSE);
+	else
+		fu_redfish_client_set_cacheck (data->client, TRUE);
+
 	return fu_redfish_client_setup (data->client, smbios_data, error);
 }

--- a/plugins/redfish/fu-redfish-client.c
+++ b/plugins/redfish/fu-redfish-client.c
@ -31,6 +31,7 @@ struct _FuRedfishClient
 	gchar			*push_uri_path;
 	gboolean		 auth_created;
 	gboolean		 use_https;
+	gboolean		 cacheck;
 	GPtrArray		*devices;
 };

@ -671,6 +672,12 @@ fu_redfish_client_setup (FuRedfishClient *self, GBytes *smbios_table, GError **e
 		return FALSE;
 	}

+	if (self->cacheck == FALSE) {
+		g_object_set (G_OBJECT (self->session),
+			      SOUP_SESSION_SSL_STRICT, FALSE,
+			      NULL);
+	}
+
 	/* this is optional */
 	if (smbios_table != NULL) {
 		g_autoptr(GError) error_smbios = NULL;
@ -781,6 +788,12 @@ fu_redfish_client_set_https (FuRedfishClient *self, gboolean use_https)
 	self->use_https = use_https;
 }

+void
+fu_redfish_client_set_cacheck (FuRedfishClient *self, gboolean cacheck)
+{
+	self->cacheck = cacheck;
+}
+
 void
 fu_redfish_client_set_username (FuRedfishClient *self, const gchar *username)
 {
--- a/plugins/redfish/fu-redfish-client.h
+++ b/plugins/redfish/fu-redfish-client.h
@ -28,6 +28,8 @@ void		 fu_redfish_client_set_port	(FuRedfishClient	*self,
 						 guint			 port);
 void		 fu_redfish_client_set_https	(FuRedfishClient	*self,
 						 gboolean		 use_https);
+void		 fu_redfish_client_set_cacheck	(FuRedfishClient	*self,
+						 gboolean		 cacheck);
 gboolean	 fu_redfish_client_update       (FuRedfishClient	*self,
 						 FuDevice		*device,
 						 GBytes			*blob_fw,
--- a/plugins/redfish/redfish.conf
+++ b/plugins/redfish/redfish.conf
@ -7,3 +7,8 @@
 # The username and password to the Redfish service
 #Username=
 #Password=
+
+# Whether to verify the server certificate or not
+# Expected value: TRUE or FALSE
+# Default: TRUE
+#CACheck=