Implement mutual TLS (mTLS) authentication for the gateway #133
Description
Summary
Implement mutual TLS (mTLS) authentication for the gateway to enable certificate-based client authentication, required for secure vehicle diagnostics scenarios.
The codebase has 9 TODO markers for mTLS support across configuration, server setup, and launch files. This is a planned security feature for production deployments.
Proposed solution (optional)
Configuration Parameters
-
ssl_client_cert_path- Path to CA certificate for client verification -
ssl_verify_client- Enable/disable client certificate verification
Implementation Areas
-
tls_config.hpp- Addclient_ca_cert_pathandverify_clientfields -
rest_server.cpp- Configure SSL context for client verification -
gateway.launch.py- Add launch arguments for mTLS parameters -
gateway_https.launch.py- Add mTLS configuration
Files to Modify
src/ros2_medkit_gateway/config/gateway_params.yamlsrc/ros2_medkit_gateway/include/.../tls_config.hppsrc/ros2_medkit_gateway/src/http/rest_server.cppsrc/ros2_medkit_gateway/launch/gateway.launch.pysrc/ros2_medkit_gateway/launch/gateway_https.launch.py
Additional context (optional)
- Current TODOs: Search for
TODO.*mutualorTODO.*mTLSin codebase - cpp-httplib SSL documentation