From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from a7-19.smtp-out.eu-west-1.amazonses.com (a7-19.smtp-out.eu-west-1.amazonses.com [54.240.7.19]) by mx.groups.io with SMTP id smtpd.web10.20093.1675248438304008828 for ; Wed, 01 Feb 2023 02:47:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ipxe.org header.s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2 header.b=OaF+2a+4; spf=pass (domain: eu-west-1.amazonses.com, ip: 54.240.7.19, mailfrom: 010201860c96846b-a8bde2d8-b485-4c67-8946-70263fa807d9-000000@eu-west-1.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2; d=ipxe.org; t=1675248436; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=ZMpKSn0JaU4SNDV1sea/zEpIl0ZXpuuYp5pVPT7Nsq8=; b=OaF+2a+4HZHjIxjyCSg62CQutBWNN76OOjuGS4d10ZjT0YjiAZhIAGaiaUq9vfc1 hvhhaNmIgeLx+9kC846jDnv6X32RVUTipQm/+V82AhqQAugQNphfQ53I2Tk+PdUnsdl GeX2H2HCGyUn3sYM8nNCKvxlTZBXqhlv2uMONGhWEy6bnqXQ59eK6yoNdyXPsAoxScx oKTGQWaIld50CuL/MFIcUfoAOCfEwNJoG5ipeyCzKN30XeMRUJsi4nyvgrnCap3IvD+ Wl/ufpzgXxCxyx4rod1+jwWTrRgP4TPos7K9AAgM6MkY4D6Qd+P+1/4sRJ9lMuLdymy J9Yl8W4xHg== DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ihchhvubuqgjsxyuhssfvqohv7z3u4hn; d=amazonses.com; t=1675248436; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=ZMpKSn0JaU4SNDV1sea/zEpIl0ZXpuuYp5pVPT7Nsq8=; b=E/IlbfGsjla72hxAwGNRN6WdXs7VkbS2CV3RsC7ozFGioZmc+cjGi9YC1QiAg2ou NyzuQ+IAaT2RL/aXgOrs0qvkK4SyQ+RPxYEGW1Jn5k3A/vG6lM/ak/hSf3VFE3Bq1nP jrnwK3PTwPxc7SmPmU1laQ7RYmTAHDaVd4XQfhpo= Message-ID: <010201860c96846b-a8bde2d8-b485-4c67-8946-70263fa807d9-000000@eu-west-1.amazonses.com> Date: Wed, 1 Feb 2023 10:47:16 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify To: devel@edk2.groups.io, nicklew@nvidia.com Cc: Maciej Rabeda , Siyuan Fu , Abner Chang , Igor Kulchytskyy , Nick Ramirez References: <20230201034636.619-1-nicklew@nvidia.com> From: "Michael Brown" In-Reply-To: <20230201034636.619-1-nicklew@nvidia.com> X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_DBL_BLOCKED_OPENDNS,URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on blyat.fensystems.co.uk Feedback-ID: 1.eu-west-1.fspj4M/5bzJ9NLRzJP0PaxRwxrpZqiDQJ1IF94CF2TA=:AmazonSES X-SES-Outgoing: 2023.02.01-54.240.7.19 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 01/02/2023 03:46, Nickle Wang via groups.io wrote: > diff --git a/MdePkg/Include/Protocol/Http.h b/MdePkg/Include/Protocol/Http.h > index 28e6221593..21a782eaac 100644 > --- a/MdePkg/Include/Protocol/Http.h > +++ b/MdePkg/Include/Protocol/Http.h > @@ -6,6 +6,7 @@ > > Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
> (C) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
> + Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved. > SPDX-License-Identifier: BSD-2-Clause-Patent > > @par Revision Reference: > @@ -161,6 +162,10 @@ typedef struct { > /// this instance will use EFI_DNS6_PROTOCOL and EFI_TCP6_PROTOCOL. > /// > BOOLEAN LocalAddressIsIPv6; > + /// > + /// Verify server certificate during HTTPS handshake. > + /// > + BOOLEAN HostCertificateVerifyDisabled; > > union { > /// This change would break the ABI by changing the layout of a data structure defined in the UEFI specification. Even worse, it does so by inserting a field into the middle of a structure: an ABI mismatch would result in one side attempting to dereference the BOOLEAN value as a pointer. Nacked-by: Michael Brown Thanks, Michael