From 5250a3a67a96def0b06a27bee45e7eabbdd174fd Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Tue, 14 Apr 2026 10:24:33 -0400 Subject: [PATCH] Pass subject to the verifier in redfish --- .../plugins/hardwaremanagement/redfish.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/confluent_server/confluent/plugins/hardwaremanagement/redfish.py b/confluent_server/confluent/plugins/hardwaremanagement/redfish.py index 69b15381..eb599d3a 100644 --- a/confluent_server/confluent/plugins/hardwaremanagement/redfish.py +++ b/confluent_server/confluent/plugins/hardwaremanagement/redfish.py @@ -152,8 +152,12 @@ def sanitize_invdata(indata): class IpmiCommandWrapper(ipmicommand.Command): @classmethod async def create(cls, node, cfm, **kwargs): - kv = util.TLSCertVerifier( - cfm, node, 'pubkeys.tls_hardwaremanager').verify_cert + htn = cfm.get_node_attributes(node, 'hardwaremanagement.manager_tls_name') + subject = htn.get(node, {}).get('hardwaremanagement.manager_tls_name', {}).get('value', None) + if not subject: + subject = kwargs['bmc'] + kv = util.TLSCertVerifier(cfm, node, + 'pubkeys.tls_hardwaremanager', subject).verify_cert kwargs['verifycallback'] = kv self = await super().create(**kwargs) self.confluentbmcname = kwargs['bmc'] @@ -165,13 +169,6 @@ class IpmiCommandWrapper(ipmicommand.Command): (node,), ('secret.hardwaremanagementuser', 'collective.manager', 'secret.hardwaremanagementpassword', 'hardwaremanagement.manager'), self._attribschanged) - htn = cfm.get_node_attributes(node, 'hardwaremanagement.manager_tls_name') - subject = htn.get(node, {}).get('hardwaremanagement.manager_tls_name', {}).get('value', None) - if not subject: - subject = kwargs['bmc'] - kv = util.TLSCertVerifier(cfm, node, - 'pubkeys.tls_hardwaremanager', subject).verify_cert - kwargs['verifycallback'] = kv try: pass except socket.error as se: