From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from a7-17.smtp-out.eu-west-1.amazonses.com (a7-17.smtp-out.eu-west-1.amazonses.com [54.240.7.17]) by mx.groups.io with SMTP id smtpd.web10.20722.1675250867091843272 for ; Wed, 01 Feb 2023 03:27:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ipxe.org header.s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2 header.b=kt3kJ7X1; spf=pass (domain: eu-west-1.amazonses.com, ip: 54.240.7.17, mailfrom: 010201860cbb9236-cbe26a21-cdb6-4d78-aaee-2626fccd5b61-000000@eu-west-1.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2; d=ipxe.org; t=1675250865; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=LkQ0CAU4Gv82vNfWjwttcQpPQTwhVsbscox8DCw4ZoQ=; b=kt3kJ7X1nGn4CONlxw77QZWEI82TDhLSbJnHtnihDJxRiNHK/wA4M52lET+q7m3A OBIXuOV2nYC7lrQXkA+MgeF7ErPIRoBb8rxf9WfRBGbLIRLg9JtrZcFQI/ns0fyRhzk Z59Dl/Qs0ZTb6VQT6fK+htwKLPhw90koF4MzUz6jHE/g1rDsbB58GI09WSd1Mf8QLJg 5MGqVLr90f/gdOJcZLEiOlv3hp0hWSypW8DnxRdi4p9hDftqDBf0OqoFWBexSIhPD3B mnmCo+35KlTIivIXDxIvJQjwAYqf71e32OVcQo0ALV8Gw4Iva5fxF9jiewON14sGpVl RLwu6zuuHg== DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ihchhvubuqgjsxyuhssfvqohv7z3u4hn; d=amazonses.com; t=1675250865; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=LkQ0CAU4Gv82vNfWjwttcQpPQTwhVsbscox8DCw4ZoQ=; b=FvjesuEBjfl9Y4hGnmUIQZFTnRk0s+z/ytNzN5cjaw2m2gsMTt5pwUHHnevQDWaR bQV4WUnJ+lzI6tFyKxaoqAZEFY6+6w114BdfO9Bp+/0wWPZvJEiLLjW7t0Ktfk/ofMq 003uyn5HeKo3QdA7OB7fWpJ6DKwtayCUXSXfRbXI= Message-ID: <010201860cbb9236-cbe26a21-cdb6-4d78-aaee-2626fccd5b61-000000@eu-west-1.amazonses.com> Date: Wed, 1 Feb 2023 11:27:44 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify To: devel@edk2.groups.io, nicklew@nvidia.com Cc: Maciej Rabeda , Siyuan Fu , Abner Chang , Igor Kulchytskyy , Nick Ramirez References: <20230201034636.619-1-nicklew@nvidia.com> <010201860c96846b-a8bde2d8-b485-4c67-8946-70263fa807d9-000000@eu-west-1.amazonses.com> From: "Michael Brown" In-Reply-To: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_DBL_BLOCKED_OPENDNS,URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on blyat.fensystems.co.uk Feedback-ID: 1.eu-west-1.fspj4M/5bzJ9NLRzJP0PaxRwxrpZqiDQJ1IF94CF2TA=:AmazonSES X-SES-Outgoing: 2023.02.01-54.240.7.17 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 01/02/2023 11:06, Nickle Wang via groups.io wrote: > Thanks for catching this. To prevent the change to data structure, would > you suggest me to create new interface inĀ EFI_HTTP_PROTOCOL and disable > TLS host verify? Adding an interface to EFI_HTTP_PROTOCOL would also break the ABI by changing the layout of a data structure defined in the UEFI specification, and so can't be done. I took a quick look through Http.h and I can't immediately see any way you can convey the information you want without making a breaking change. There are no flags fields (that could be extended with extra flags in the same memory slot), no structure version number fields (that could allow structures to be extended, subject to a version number check), and no general-purpose "additional information" extension mechanism besides the one for passing arbitrary HTTP headers. I suspect you'll need to either make a new protocol (lots of work, very ugly) or find some sideband mechanism you can use to work around the problem, like a PCD to globally enable/disable host verification. It may be worth waiting for one of the HttpDxe maintainers to offer an opinion on this, since I am totally unfamiliar with this part of the codebase. Sorry, Michael