From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A944E22551B8B
 for <edk2-devel@lists.01.org>; Thu, 22 Mar 2018 09:33:05 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 48C39722C9;
 Thu, 22 Mar 2018 16:39:36 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-114.rdu2.redhat.com
 [10.10.120.114])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 7A89510B2B39;
 Thu, 22 Mar 2018 16:39:35 +0000 (UTC)
From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>,
	Siyuan Fu <siyuan.fu@intel.com>
Date: Thu, 22 Mar 2018 17:39:28 +0100
Message-Id: <20180322163933.29122-1-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.11.55.2]); Thu, 22 Mar 2018 16:39:36 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]);
 Thu, 22 Mar 2018 16:39:36 +0000 (UTC) for IP:'10.11.54.3'
 DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com'
 HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:''
Subject: [PATCH 0/5] NetworkPkg: HTTP and TLS updates
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 16:33:06 -0000

Repo:   https://github.com/lersek/edk2.git
Branch: http_and_tls_updates

Patch #4 fixes TianoCore BZ#909
<https://bugzilla.tianocore.org/show_bug.cgi?id=909>.

Patches #2 and #3 are cleanups / preparation for patch #4.

Patch #1 fixes an independent typo that I noticed in the code while
configuring my DHCP server for HTTP(S) booting. It's isolated, so I put
it first in the series.

Patch #5 is preparation for future platform enablement, so that a
platform can create both "TlsCaCertificate" and "HttpTlsCipherList"
variables on every boot from scratch as volatile variables (without
flash varstore footprint).

I regression-tested this series with a successful HTTPS boot of an ISO
image from OVMF, using a DER-formatted self-signed certificate that I
enrolled with TlsAuthConfigDxe.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>

Thanks,
Laszlo

Laszlo Ersek (5):
  NetworkPkg/HttpBootDxe: fix typo in DHCPv4 packet parsing
  NetworkPkg/HttpDxe: use error handler epilogue in
    TlsConfigCertificate()
  NetworkPkg/HttpDxe: drop misleading comment / status code in cert
    config
  NetworkPkg/HttpDxe: sanity-check the TlsCaCertificate variable before
    use
  NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable
    attributes

 NetworkPkg/HttpBootDxe/HttpBootDhcp4.c          |  4 +-
 NetworkPkg/HttpDxe/HttpDxe.inf                  |  3 +-
 NetworkPkg/HttpDxe/HttpsSupport.c               | 74 ++++++++++++++++++--
 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 15 ++--
 4 files changed, 80 insertions(+), 16 deletions(-)

-- 
2.14.1.3.gb7cf6e02401b