From: "Michael Brown" <mcb30@ipxe.org>
To: "Chang, Abner" <Abner.Chang@amd.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>,
Zachary Clark-williams <zachary.clark-williams@intel.com>,
Nickle Wang <nicklew@nvidia.com>,
Igor Kulchytskyy <igork@ami.com>
Subject: Re: [edk2-devel] [RFC][PATCH 0/2] Introduce HTTPS Platform TLS policy
Date: Fri, 5 Jan 2024 17:16:37 +0000 [thread overview]
Message-ID: <0102018cdaa071ab-1c576bcb-26c3-447d-8176-c324b30e91e3-000000@eu-west-1.amazonses.com> (raw)
In-Reply-To: <MN2PR12MB3966C5FE8C690074EA29EAB5EA662@MN2PR12MB3966.namprd12.prod.outlook.com>
On 05/01/2024 08:41, Chang, Abner wrote:
> We are not aware there is a TlsConnectSession() for TLS handshake using the default TLS configuration data and it returns a failure as expected because the default TLS configuration is TLS_VERIFY_HOST without certificate installed on system.
> This happens in HttpInitSession before notifying HttpEventInitSession event, so we have to reconfigure TLS config data before TlsConnectSession() function.
> As there is an existing HttpEventTlsConnectSession event notified after TlsConnectSession(), that makes sense to me to introduce a new HTTP event HttpEventTlsConfigured as I mentioned in previous conversation and notify callback functions after TlsConfigureSession().
> Upper layer HTTP application then listen to HttpEventTlsConfigured event and reconfigure TLS configuration data in the callback function.
Sounds good to me. Thank you for the improvements. I think this design
is now ready.
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113312): https://edk2.groups.io/g/devel/message/113312
Mute This Topic: https://groups.io/mt/103368438/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2024-01-05 17:16 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-26 11:28 [edk2-devel] [RFC][PATCH 0/2] Introduce HTTPS Platform TLS policy Chang, Abner via groups.io
2023-12-26 11:28 ` [edk2-devel] [RFC][PATCH 1/2] NetworkPkg: EDKII HTTPS platform " Chang, Abner via groups.io
2023-12-26 11:28 ` [edk2-devel] [RFC][PATCH 2/2] NetworkPkg: Check " Chang, Abner via groups.io
2023-12-27 15:55 ` [edk2-devel] [RFC][PATCH 0/2] Introduce HTTPS Platform " Michael Brown
2023-12-28 2:47 ` Chang, Abner via groups.io
2023-12-28 14:16 ` Michael Brown
2023-12-28 15:04 ` Chang, Abner via groups.io
2023-12-28 15:31 ` Michael Brown
2023-12-28 23:37 ` Chang, Abner via groups.io
2023-12-29 0:01 ` Michael Brown
2023-12-29 15:07 ` Chang, Abner via groups.io
2023-12-30 11:31 ` Chang, Abner via groups.io
2024-01-01 23:07 ` Michael Brown
2024-01-02 6:06 ` Chang, Abner via groups.io
2024-01-02 12:42 ` Michael Brown
2024-01-02 16:31 ` Chang, Abner via groups.io
2024-01-02 17:46 ` Michael Brown
2024-01-04 3:13 ` Chang, Abner via groups.io
2024-01-05 8:41 ` Chang, Abner via groups.io
2024-01-05 17:16 ` Michael Brown [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0102018cdaa071ab-1c576bcb-26c3-447d-8176-c324b30e91e3-000000@eu-west-1.amazonses.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox