* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol [not found] <15A91C212A9A35C2.15755@groups.io> @ 2019-06-18 0:43 ` rebecca 2019-06-18 8:52 ` Xiaoyu Lu 0 siblings, 1 reply; 6+ messages in thread From: rebecca @ 2019-06-18 0:43 UTC (permalink / raw) To: devel@edk2.groups.io, Laszlo Ersek On 2019-06-17 16:14, rebecca@bluestop.org wrote: > I'm having problems using HTTPS boot in OVMF: Http->Request can't find > the EFI_TLS_SERVICE_BINDING_PROTOCOL. > It appears the OpenSSL update broke it. Revision b739678918 works, but f03859ea6c doesn't. -- Rebecca Cran ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol 2019-06-18 0:43 ` [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol rebecca @ 2019-06-18 8:52 ` Xiaoyu Lu 2019-06-18 17:53 ` rebecca [not found] ` <15A95C72ACE0D0D5.4869@groups.io> 0 siblings, 2 replies; 6+ messages in thread From: Xiaoyu Lu @ 2019-06-18 8:52 UTC (permalink / raw) To: devel@edk2.groups.io, rebecca@bluestop.org; +Cc: Wang, Jian J, Laszlo Ersek Hi bcran, I test this in my own environment, It works well. The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 Build command: build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE DHCP server: Internet Systems Consortium DHCP Server 4.3.3 Do you enroll your ca cert in Tls Auth Configuration? Could you give us more information? Thanks, Xiaoyu > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > rebecca@bluestop.org > Sent: Tuesday, June 18, 2019 8:44 AM > To: devel@edk2.groups.io; Laszlo Ersek <lersek@redhat.com> > Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't > find TLS Service Binding Protocol > > On 2019-06-17 16:14, rebecca@bluestop.org wrote: > > I'm having problems using HTTPS boot in OVMF: Http->Request can't find > > the EFI_TLS_SERVICE_BINDING_PROTOCOL. > > > > It appears the OpenSSL update broke it. Revision b739678918 works, but > f03859ea6c doesn't. > > > -- > Rebecca Cran > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol 2019-06-18 8:52 ` Xiaoyu Lu @ 2019-06-18 17:53 ` rebecca [not found] ` <15A95C72ACE0D0D5.4869@groups.io> 1 sibling, 0 replies; 6+ messages in thread From: rebecca @ 2019-06-18 17:53 UTC (permalink / raw) To: Lu, XiaoyuX, devel@edk2.groups.io; +Cc: Wang, Jian J, Laszlo Ersek On 2019-06-18 02:52, Lu, XiaoyuX wrote: > I test this in my own environment, It works well. > The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 > Build command: > build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE > DHCP server: Internet Systems Consortium DHCP Server 4.3.3 > > Do you enroll your ca cert in Tls Auth Configuration? > Could you give us more information? I set up a Linux environment to test, and found that it does actually work there after all. So it seems the breakage is limited to running OVMF built on FreeBSD, which I'll work on myself to fix. -- Rebecca Cran ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <15A95C72ACE0D0D5.4869@groups.io>]
* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol [not found] ` <15A95C72ACE0D0D5.4869@groups.io> @ 2019-06-18 21:26 ` rebecca 2019-06-19 8:07 ` Xiaoyu Lu 0 siblings, 1 reply; 6+ messages in thread From: rebecca @ 2019-06-18 21:26 UTC (permalink / raw) To: Lu, XiaoyuX, devel@edk2.groups.io; +Cc: Wang, Jian J, Laszlo Ersek On 2019-06-18 11:53, rebecca@bluestop.org wrote: > On 2019-06-18 02:52, Lu, XiaoyuX wrote: >> I test this in my own environment, It works well. >> The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 >> Build command: >> build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE >> DHCP server: Internet Systems Consortium DHCP Server 4.3.3 >> >> Do you enroll your ca cert in Tls Auth Configuration? >> Could you give us more information? > > I set up a Linux environment to test, and found that it does actually > work there after all. So it seems the breakage is limited to running > OVMF built on FreeBSD, which I'll work on myself to fix. > > Sorry - actually, I realized I was only testing the NOOPT build on FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT doesn't. Could you check if the NOOPT OVMF build works with HTTPS on your system, please? -- Rebecca Cran ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol 2019-06-18 21:26 ` rebecca @ 2019-06-19 8:07 ` Xiaoyu Lu 2019-06-19 13:40 ` rebecca 0 siblings, 1 reply; 6+ messages in thread From: Xiaoyu Lu @ 2019-06-19 8:07 UTC (permalink / raw) To: devel@edk2.groups.io, rebecca@bluestop.org; +Cc: Wang, Jian J, Laszlo Ersek Hi bcran, > -----Original Message----- > From: Rebecca Cran [mailto:rebecca@bluestop.org] > Sent: Wednesday, June 19, 2019 5:27 AM > To: Lu, XiaoyuX <xiaoyux.lu@intel.com>; devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.wang@intel.com>; Laszlo Ersek <lersek@redhat.com> > Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't > find TLS Service Binding Protocol > > On 2019-06-18 11:53, rebecca@bluestop.org wrote: > > On 2019-06-18 02:52, Lu, XiaoyuX wrote: > >> I test this in my own environment, It works well. > >> The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 > >> Build command: > >> build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D > NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE > >> DHCP server: Internet Systems Consortium DHCP Server 4.3.3 > >> > >> Do you enroll your ca cert in Tls Auth Configuration? > >> Could you give us more information? > > > > I set up a Linux environment to test, and found that it does actually > > work there after all. So it seems the breakage is limited to running > > OVMF built on FreeBSD, which I'll work on myself to fix. > > > > > > Sorry - actually, I realized I was only testing the NOOPT build on > FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE > does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT > doesn't. > > > Could you check if the NOOPT OVMF build works with HTTPS on your > system, > please? > Thanks for your information. I checked the NOOPT OVMF in linux environment, it failed too. I think compiler optimization hides this problem. By default, OpenSSL will auto load config file. But UEFI don't use it. And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change openssl_config_int function will cause this problem. And I made a patch for it. You can find it at https://edk2.groups.io/g/devel/message/42577 Thanks, Xiaoyu > > -- > Rebecca Cran ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol 2019-06-19 8:07 ` Xiaoyu Lu @ 2019-06-19 13:40 ` rebecca 0 siblings, 0 replies; 6+ messages in thread From: rebecca @ 2019-06-19 13:40 UTC (permalink / raw) To: Lu, XiaoyuX, devel@edk2.groups.io; +Cc: Wang, Jian J, Laszlo Ersek On 2019-06-19 02:07, Lu, XiaoyuX wrote: > > Thanks for your information. I checked the NOOPT OVMF in linux environment, it failed too. > I think compiler optimization hides this problem. > By default, OpenSSL will auto load config file. But UEFI don't use it. > And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change openssl_config_int > function will cause this problem. > > And I made a patch for it. You can find it at > https://edk2.groups.io/g/devel/message/42577 Thanks! That fixed the problem. -- Rebecca Cran ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-06-19 13:40 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <15A91C212A9A35C2.15755@groups.io> 2019-06-18 0:43 ` [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol rebecca 2019-06-18 8:52 ` Xiaoyu Lu 2019-06-18 17:53 ` rebecca [not found] ` <15A95C72ACE0D0D5.4869@groups.io> 2019-06-18 21:26 ` rebecca 2019-06-19 8:07 ` Xiaoyu Lu 2019-06-19 13:40 ` rebecca
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox