[PATCH 2/2] RedfishPkg/RedfishDiscoverDxe: provide PCD to disable TLS host verify

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [PATCH 2/2] RedfishPkg/RedfishDiscoverDxe: provide PCD to disable TLS host verify
@ 2023-02-01  3:46 Nickle Wang
  0 siblings, 0 replies; only message in thread
From: Nickle Wang @ 2023-02-01  3:46 UTC (permalink / raw)
  To: devel; +Cc: Abner Chang, Igor Kulchytskyy, Nick Ramirez

Introduce PCD PcdRedfishTlsHostVerifyDisabled to RedfishDiscoverDxe
driver. Setting this PCD to true will turn off TLS host verify in
HTTPS connection between host and BMC.

Signed-off-by: Nickle Wang <nicklew@nvidia.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Cc: Nick Ramirez <nramirez@nvidia.com>
---
 RedfishPkg/RedfishPkg.dec                            | 5 +++++
 RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf | 3 ++-
 RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c   | 8 +++++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
index d2b189b13d..707228d22e 100644
--- a/RedfishPkg/RedfishPkg.dec
+++ b/RedfishPkg/RedfishPkg.dec
@@ -3,6 +3,7 @@
 #
 # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
 # (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 ##
@@ -97,3 +98,7 @@
   # protocol instance.
   #
   gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDiscoverAccessModeInBand|FALSE|BOOLEAN|0x00001002
+  #
+  # Setting this PCD to TRUE will turn off TLS host verify during HTTPS handshake.
+  #
+  gEfiRedfishPkgTokenSpaceGuid.PcdRedfishTlsHostVerifyDisabled|TRUE|BOOLEAN|0x00001003
diff --git a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
index 345bacf44d..e872966693 100644
--- a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
+++ b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
@@ -2,6 +2,7 @@
 #  Implementation of EFI_REDFISH_DISCOVER_PROTOCOL interfaces.
 #
 #  (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+#  Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -52,4 +53,4 @@
 
 [Pcd]
   gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDiscoverAccessModeInBand ## CONSUMES
-
+  gEfiRedfishPkgTokenSpaceGuid.PcdRedfishTlsHostVerifyDisabled    ## CONSUMES
diff --git a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
index 042d6d5fd5..1d4398e9d7 100644
--- a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
+++ b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
@@ -4,6 +4,7 @@
 
   (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
   Copyright (c) 2022, AMD Incorporated. All rights reserved.
+  Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -840,9 +841,10 @@ AddAndSignalNewRedfishService (
         goto EXIT_FREE_CONFIG_DATA;
       }
 
-      RestExHttpConfigData->SendReceiveTimeout                = 5000;
-      RestExHttpConfigData->HttpConfigData.HttpVersion        = HttpVersion11;
-      RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6 = CheckIsIpVersion6 (NetworkInterface);
+      RestExHttpConfigData->SendReceiveTimeout                           = 5000;
+      RestExHttpConfigData->HttpConfigData.HttpVersion                   = HttpVersion11;
+      RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6            = CheckIsIpVersion6 (NetworkInterface);
+      RestExHttpConfigData->HttpConfigData.HostCertificateVerifyDisabled = PcdGetBool (PcdRedfishTlsHostVerifyDisabled);
       if (RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6) {
         RestExHttpConfigData->HttpConfigData.AccessPoint.IPv6Node = AllocateZeroPool (sizeof (EFI_HTTPv6_ACCESS_POINT));
         if (RestExHttpConfigData->HttpConfigData.AccessPoint.IPv6Node == NULL) {
-- 
2.39.1.windows.1


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2023-02-01  3:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-01  3:46 [PATCH 2/2] RedfishPkg/RedfishDiscoverDxe: provide PCD to disable TLS host verify Nickle Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox