Disable ssl verify peer

This makes some browswers fail to login without a certificate, it needs to stay disabled. Introduced here: https://github.com/openbmc/bmcweb/commit/55e43f69#diff-f34027492b16c1b7a880248323fe4fd8R316 Tested: Cert was not required in Chrome on Windows Change-Id: I27e60e73784d04e14b9b1495ebd1399ad4ab96ab Signed-off-by: James Feist <james.feist@linux.intel.com>
author: James Feist <james.feist@linux.intel.com> 2019-11-12 14:55:40 -0800
committer: James Feist <james.feist@linux.intel.com> 2019-11-13 09:14:13 -0800
commit: 91243c3b28b1df66e682f5a3ee96341fdc516b5a (patch)
tree: 0cff43a7ea4e2f3fdfdc6447d5448fef748ee67d
parent: 6a3e18261cc713409bf11382c472c7301d6d9770 (diff)
download: bmcweb-91243c3b28b1df66e682f5a3ee96341fdc516b5a.tar.gz
bmcweb-91243c3b28b1df66e682f5a3ee96341fdc516b5a.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index f61aa6b..fab31ea 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -313,7 +313,9 @@ inline std::shared_ptr<boost::asio::ssl::context>
                              boost::asio::ssl::context::no_tlsv1 |
                              boost::asio::ssl::context::no_tlsv1_1);
 
-    mSslContext->set_verify_mode(boost::asio::ssl::verify_peer);
+    // BIG WARNING: This needs to stay disabled, as there will always be
+    // unauthenticated endpoints
+    // mSslContext->set_verify_mode(boost::asio::ssl::verify_peer);
 
     SSL_CTX_set_options(mSslContext->native_handle(), SSL_OP_NO_RENEGOTIATION);
author	James Feist <james.feist@linux.intel.com>	2019-11-12 14:55:40 -0800
committer	James Feist <james.feist@linux.intel.com>	2019-11-13 09:14:13 -0800
commit	91243c3b28b1df66e682f5a3ee96341fdc516b5a (patch)
tree	0cff43a7ea4e2f3fdfdc6447d5448fef748ee67d
parent	6a3e18261cc713409bf11382c472c7301d6d9770 (diff)
download	bmcweb-91243c3b28b1df66e682f5a3ee96341fdc516b5a.tar.gz bmcweb-91243c3b28b1df66e682f5a3ee96341fdc516b5a.zip