Qmatic plugin does not use mtls

[joeribekker]

Product versie / Product version

2.3.0-alpha.0

Omschrijf het probleem / Describe the bug

Certificate can be provided but is not sent along to the server.

Qmatic itself does not use this but when an organization uses a gateway, it can require a certificate.

Stappen om te reproduceren / Steps to reproduce

No response

Verwacht gedrag / Expected behavior

No response

Screen resolution

None

Device

None

OS

None

Browser

No response

[joeribekker]

Refinement:

1. Phase 1: add generic utility to extract TLS/auth parameters from a service-like object (protocol?) to requests calls
2. Phase 2: provide own requests session subclass/wrapper taking some sort of context to automatically populate these kwargs (to be designed)

[sergei-maertens]

See also #3299 (comment)

So I'm marking this as a wontfix since we're looking to remove Qmatic from the codebase.

[joeribekker]

It is used but no immediate need for 2.3.0

[sergei-maertens]

It is used but no immediate need for 2.3.0

Can we then please discuss when you're back what the plan is? I had the impression only LV used this and they no longer use it through OF?

[LaurensBurger]

DB uses it.

[sergei-maertens]

All the places that support client certificate configuration for mTLS:

• soap.SoapService
  • jcc.JCCConfig
• stuf.StufService
  • stuf_bg.StufBGConfig
  • stuf_zds.StufZDSConfig
• zgw_consumers.Service
  • qmatic.QmaticConfig
  • bag.BAGConfig
  • brp.BRPConfig
  • kadaster.KadasterApiConfig
  • kvk.KVKConfig
  • haalcentraal.HaalCentraalConfig
  • objects_api.ObjectsAPIConfig
  • zgw_apis.ZGWApiGroupConfig
  • variables.ServiceFetchConfiguration

Anything that uses this config to create a client must account for potential mTLS and/or other auth params