From: "Michael Brown" <mcb30@ipxe.org>
To: devel@edk2.groups.io, nicklew@nvidia.com
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>,
Siyuan Fu <siyuan.fu@intel.com>,
Abner Chang <abner.chang@amd.com>,
Igor Kulchytskyy <igork@ami.com>,
Nick Ramirez <nramirez@nvidia.com>
Subject: Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify
Date: Wed, 1 Feb 2023 11:27:44 +0000 [thread overview]
Message-ID: <010201860cbb9236-cbe26a21-cdb6-4d78-aaee-2626fccd5b61-000000@eu-west-1.amazonses.com> (raw)
In-Reply-To: <MW4PR12MB7031CEF49744E284D2EE1D97D9D19@MW4PR12MB7031.namprd12.prod.outlook.com>
On 01/02/2023 11:06, Nickle Wang via groups.io wrote:
> Thanks for catching this. To prevent the change to data structure, would
> you suggest me to create new interface in EFI_HTTP_PROTOCOL and disable
> TLS host verify?
Adding an interface to EFI_HTTP_PROTOCOL would also break the ABI by
changing the layout of a data structure defined in the UEFI
specification, and so can't be done.
I took a quick look through Http.h and I can't immediately see any way
you can convey the information you want without making a breaking
change. There are no flags fields (that could be extended with extra
flags in the same memory slot), no structure version number fields (that
could allow structures to be extended, subject to a version number
check), and no general-purpose "additional information" extension
mechanism besides the one for passing arbitrary HTTP headers.
I suspect you'll need to either make a new protocol (lots of work, very
ugly) or find some sideband mechanism you can use to work around the
problem, like a PCD to globally enable/disable host verification.
It may be worth waiting for one of the HttpDxe maintainers to offer an
opinion on this, since I am totally unfamiliar with this part of the
codebase.
Sorry,
Michael
next prev parent reply other threads:[~2023-02-01 11:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-01 3:46 [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify Nickle Wang
2023-02-01 10:47 ` [edk2-devel] " Michael Brown
2023-02-01 11:06 ` Nickle Wang
2023-02-01 11:27 ` Michael Brown [this message]
2023-02-02 6:34 ` Nickle Wang
[not found] ` <173FEE62613A7ADA.16586@groups.io>
2023-03-07 8:21 ` Nickle Wang
2023-03-07 10:19 ` Michael Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=010201860cbb9236-cbe26a21-cdb6-4d78-aaee-2626fccd5b61-000000@eu-west-1.amazonses.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox