Details
-
Type:
Task
-
Status: Done
-
Priority:
(None)
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: Authenticate client using TLS certificate
-
Sprint:MEN Sprint 118, MEN Sprint 119
-
Story Points:13
-
Epic Link:
-
Backlog:yes
-
Days in progress:12
Description
Acceptance criteria:
- mender.conf must respect the HttpsClient fields. They already exist in the code, but are unused at the moment.
- Certificate and Key specify the public certificate, and the private key, respectively.
- If either, but not both, of the above fields are set, print error, and proceed as if neither is set (this must have a test).
- SkipVerify should be removed. It is not possible to skip verification of client certificates, since this is the server's decision, not the client's.
- When both fields above are set, enable mTLS in the client side transport code.
- Unit tests which test that the client certificate is used for all connections to the server. Use mock server from
MEN-3116.
Merge to:
feature branch