Summary
Implement mutual TLS (mTLS) authentication for the gateway to enable certificate-based client authentication, required for secure vehicle diagnostics scenarios.
The codebase has 9 TODO markers for mTLS support across configuration, server setup, and launch files. This is a planned security feature for production deployments.
Proposed solution (optional)
Configuration Parameters
Implementation Areas
Files to Modify
src/ros2_medkit_gateway/config/gateway_params.yamlsrc/ros2_medkit_gateway/include/.../tls_config.hppsrc/ros2_medkit_gateway/src/http/rest_server.cppsrc/ros2_medkit_gateway/launch/gateway.launch.pysrc/ros2_medkit_gateway/launch/gateway_https.launch.py
Additional context (optional)
- Current TODOs: Search for
TODO.*mutual or TODO.*mTLS in codebase
- cpp-httplib SSL documentation
Summary
Implement mutual TLS (mTLS) authentication for the gateway to enable certificate-based client authentication, required for secure vehicle diagnostics scenarios.
The codebase has 9 TODO markers for mTLS support across configuration, server setup, and launch files. This is a planned security feature for production deployments.
Proposed solution (optional)
Configuration Parameters
ssl_client_cert_path- Path to CA certificate for client verificationssl_verify_client- Enable/disable client certificate verificationImplementation Areas
tls_config.hpp- Addclient_ca_cert_pathandverify_clientfieldsrest_server.cpp- Configure SSL context for client verificationgateway.launch.py- Add launch arguments for mTLS parametersgateway_https.launch.py- Add mTLS configurationFiles to Modify
src/ros2_medkit_gateway/config/gateway_params.yamlsrc/ros2_medkit_gateway/include/.../tls_config.hppsrc/ros2_medkit_gateway/src/http/rest_server.cppsrc/ros2_medkit_gateway/launch/gateway.launch.pysrc/ros2_medkit_gateway/launch/gateway_https.launch.pyAdditional context (optional)
TODO.*mutualorTODO.*mTLSin codebase