public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Michael Brown" <mcb30@ipxe.org>
To: devel@edk2.groups.io, nicklew@nvidia.com
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>,
	Siyuan Fu <siyuan.fu@intel.com>,
	Abner Chang <abner.chang@amd.com>,
	Igor Kulchytskyy <igork@ami.com>,
	Nick Ramirez <nramirez@nvidia.com>
Subject: Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify
Date: Wed, 1 Feb 2023 11:27:44 +0000	[thread overview]
Message-ID: <010201860cbb9236-cbe26a21-cdb6-4d78-aaee-2626fccd5b61-000000@eu-west-1.amazonses.com> (raw)
In-Reply-To: <MW4PR12MB7031CEF49744E284D2EE1D97D9D19@MW4PR12MB7031.namprd12.prod.outlook.com>

On 01/02/2023 11:06, Nickle Wang via groups.io wrote:
> Thanks for catching this. To prevent the change to data structure, would 
> you suggest me to create new interface in EFI_HTTP_PROTOCOL and disable 
> TLS host verify?

Adding an interface to EFI_HTTP_PROTOCOL would also break the ABI by 
changing the layout of a data structure defined in the UEFI 
specification, and so can't be done.

I took a quick look through Http.h and I can't immediately see any way 
you can convey the information you want without making a breaking 
change.  There are no flags fields (that could be extended with extra 
flags in the same memory slot), no structure version number fields (that 
could allow structures to be extended, subject to a version number 
check), and no general-purpose "additional information" extension 
mechanism besides the one for passing arbitrary HTTP headers.

I suspect you'll need to either make a new protocol (lots of work, very 
ugly) or find some sideband mechanism you can use to work around the 
problem, like a PCD to globally enable/disable host verification.

It may be worth waiting for one of the HttpDxe maintainers to offer an 
opinion on this, since I am totally unfamiliar with this part of the 
codebase.

Sorry,

Michael


  reply	other threads:[~2023-02-01 11:27 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-01  3:46 [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify Nickle Wang
2023-02-01 10:47 ` [edk2-devel] " Michael Brown
2023-02-01 11:06   ` Nickle Wang
2023-02-01 11:27     ` Michael Brown [this message]
2023-02-02  6:34       ` Nickle Wang
     [not found]       ` <173FEE62613A7ADA.16586@groups.io>
2023-03-07  8:21         ` Nickle Wang
2023-03-07 10:19           ` Michael Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=010201860cbb9236-cbe26a21-cdb6-4d78-aaee-2626fccd5b61-000000@eu-west-1.amazonses.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox