From: "Michael Brown" <mcb30@ipxe.org>
To: devel@edk2.groups.io, abner.chang@amd.com
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>,
Zachary Clark-williams <zachary.clark-williams@intel.com>,
Nickle Wang <nicklew@nvidia.com>,
Igor Kulchytskyy <igork@ami.com>
Subject: Re: [edk2-devel] [RFC][PATCH 0/2] Introduce HTTPS Platform TLS policy
Date: Tue, 2 Jan 2024 17:46:46 +0000 [thread overview]
Message-ID: <0102018ccb48f9cd-95add6c6-dcb8-4298-b3ba-61be39730b97-000000@eu-west-1.amazonses.com> (raw)
In-Reply-To: <MN2PR12MB396651657662B89E6B601DD7EA61A@MN2PR12MB3966.namprd12.prod.outlook.com>
On 02/01/2024 16:31, Chang, Abner via groups.io wrote:
>> From: Michael Brown <mcb30@ipxe.org>
>> - Allow the call to Request() to perform its normal TLS configuration
>> via TlsConfigureSession(), as though the connection were going to
>> perform host verification etc as per the platform default policy. This
>> configuration should succeed, with no error returned.
>
> This is not correct. The first Request would be failed at TlsConfigureCertificate here https://github.com/tianocore/edk2/blob/master/NetworkPkg/HttpDxe/HttpsSupport.c#L711
I assume this is because we expect that the TlsCaCertificate variable
may be empty or non-existent?
Would it make sense to have an EFI_NOT_FOUND from TlsConfigCertificate()
be ignored, as is already done for TlsConfigCipherList() just above?
Something like:
Status = TlsConfigCertificate (HttpInstance);
if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
return Status;
}
i.e. treat an absent TlsCaCertificate variable as meaning "there are no
explicit CA certificates", allowing TlsDxe to do whatever it does in
that situation (which is presumably to fail any attempted certificate
verifications).
That would eliminate this problem in the RedfishRestExDxe case.
> and SetSessionData to EfiTlsVerifyHost here: https://github.com/tianocore/edk2/blob/master/NetworkPkg/HttpDxe/HttpsSupport.c#L679.
I don't understand why this call would be expected to fail. It's not
performing any verification at this stage, just recording the hostname
from the URI for subsequent use in certificate verification.
I would expect this call to succeed and record whatever hostname is
present in the request from RedfishRestExDxe. This hostname will
subsequently be ignored for verification, since the HttpEventInitSession
callback will set EFI_TLS_VERIFY_NONE.
>> - In the RedfishRestExDxe callback, check for HttpEventInitSession and
>> use calls to EFI_TLS_CONFIGURATION_PROTOCOL.SetData() to modify the TLS
>> configuration to e.g. set EFI_TLS_VERIFY_NONE.
> Here is the thing. Even we reconfigure TLS configuration data at HttpEventInitSession in RestEx, the EfiHttpRequest still returns fail to the caller here: https://github.com/tianocore/edk2/blob/master/NetworkPkg/HttpDxe/HttpImpl.c#L599. Not to mention the reason of failures may not be caused by TlsConfigureSession. There are failures for some other reasons in HttpInitSession. Also, what the caller suppose to do when it gets error returned? How does caller knows the error is just because the TLS configuration failure and it has to reconfigure TLS and retry HttpRequest? The logic doesn’t make sense if the caller assumes the failure is caused by TLS configure at HttpEventInitSession callback. Actually, having a high layer application to reconfigure TLS configuration data because the failure caused by not well-considered default TLS config values also doesn’t make sense, right?
I would expect this to be resolved by the above suggestions.
HttpInitSession() should succeed. The HttpEventInitSession callback
should be called with an EFI_SUCCESS status code, and there is no need
for the caller to retry anything.
>> To make the callback implementation easier, you may want to extend
>> HttpNotify() to take HTTP_PROTOCOL *HttpInstance as its first parameter,
>> and then pass HttpInstance->Handle as an additional parameter to the
>> callback method, i.e.:
>>
>> typedef
>> VOID
>> (EFIAPI *EDKII_HTTP_CALLBACK)(
>> IN EDKII_HTTP_CALLBACK_PROTOCOL *This,
>> IN EFI_HANDLE HttpHandle,
>> IN EDKII_HTTP_CALLBACK_EVENT Event,
>> IN EFI_STATUS EventStatus
>> );
> We shouldn’t change the prototype as the callback mechanism may used by OEM/ODM platform code which is not part of tianocore. This change breaks backward compatible. Honestly, leverage HTTP callback function doesn’t really serve the purpose well. This is the HttpDxe design defect as we don’t the used case like in-band Redfish communication.
OEM/ODM code should restrict itself to using APIs covered by the UEFI
specification. If OEM/ODMs choose to rely on EDK2 private
implementation details (such as EDKII_HTTP_CALLBACK) then they must be
prepared to update their code when the private implementation detail
changes.
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113040): https://edk2.groups.io/g/devel/message/113040
Mute This Topic: https://groups.io/mt/103368438/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-01-02 17:46 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-26 11:28 [edk2-devel] [RFC][PATCH 0/2] Introduce HTTPS Platform TLS policy Chang, Abner via groups.io
2023-12-26 11:28 ` [edk2-devel] [RFC][PATCH 1/2] NetworkPkg: EDKII HTTPS platform " Chang, Abner via groups.io
2023-12-26 11:28 ` [edk2-devel] [RFC][PATCH 2/2] NetworkPkg: Check " Chang, Abner via groups.io
2023-12-27 15:55 ` [edk2-devel] [RFC][PATCH 0/2] Introduce HTTPS Platform " Michael Brown
2023-12-28 2:47 ` Chang, Abner via groups.io
2023-12-28 14:16 ` Michael Brown
2023-12-28 15:04 ` Chang, Abner via groups.io
2023-12-28 15:31 ` Michael Brown
2023-12-28 23:37 ` Chang, Abner via groups.io
2023-12-29 0:01 ` Michael Brown
2023-12-29 15:07 ` Chang, Abner via groups.io
2023-12-30 11:31 ` Chang, Abner via groups.io
2024-01-01 23:07 ` Michael Brown
2024-01-02 6:06 ` Chang, Abner via groups.io
2024-01-02 12:42 ` Michael Brown
2024-01-02 16:31 ` Chang, Abner via groups.io
2024-01-02 17:46 ` Michael Brown [this message]
2024-01-04 3:13 ` Chang, Abner via groups.io
2024-01-05 8:41 ` Chang, Abner via groups.io
2024-01-05 17:16 ` Michael Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0102018ccb48f9cd-95add6c6-dcb8-4298-b3ba-61be39730b97-000000@eu-west-1.amazonses.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox