[edk2-devel] [PATCH 0/5] Support HTTP application TLS configuration protocol

["Chang, Abner via groups.io" <abner.chang=amd.com@groups.io>]

From: Abner Chang <abner.chang@amd.com>

For the HTTPS connetion that doesn't require TLS peer verification,
EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL is introduced to HTTP application
to provide its own TLS configure data that replaces the default value
initiated by HTTP DXE driver. The use case such as Redfish service
connction which doesn't require the TLS peer verification on the
cetificate, especially to the Redfish service connection through
the in-band network interface.
The root cause we are fixing is the TLS config data is hardcoded
for any TLS child in HttpSupport.c. With this hardcoded code, HTTP
application has no way to give the proper TLS config data when TLS
session is initiated.

In the previous conversation with Michael, we agreed to refactor
TlsCreateChild and install TLS on the given HTTP handle. Upper HTTP
application like Redfish can listen to TLS installation and hook
TLS SetSessionData function. However, the code is not simple and
the solution also gives burdens to application to hack TLS function
which is not ideal.
(Refer to https://github.com/tianocore/edk2/commit/823a6f86829a12c5b7447f59e36c4a35c226b96f)

Comapre to the above solution and th one I sent for review before, this
pacth is much simple and architected to fix the hardcoded TLS configuration
data in HTTP DXE driver.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>

Abner Chang (2):
  NetworkPkg/HttpDxe: Refactor TlsCreateChild function
  RedfishPkg/RedfishRestExDxe: Update the Supported function

abnchang (3):
  NetworkPkg: Introduce HttpsTlsConfigDataProtocol
  NetworkPkg/HttpDxe: Use HttpsTlsConfigDataProtocol
  RedfishPkg/RedfishRestExDxe: Produce EdkiiHttpsTlsConfigData protocol

 NetworkPkg/NetworkPkg.dec                     |   3 +
 RedfishPkg/RedfishPkg.dec                     |   5 +
 NetworkPkg/HttpDxe/HttpDxe.inf                |   1 +
 .../RedfishRestExDxe/RedfishRestExDxe.inf     |   2 +
 NetworkPkg/HttpDxe/HttpDriver.h               |   1 +
 NetworkPkg/HttpDxe/HttpProto.h                |  10 +-
 NetworkPkg/HttpDxe/HttpsSupport.h             |  17 +-
 .../Protocol/HttpsTlsConfigDataProtocol.h     |  48 +++++
 .../RedfishRestExDxe/RedfishRestExDriver.h    |  23 ++-
 NetworkPkg/HttpDxe/HttpImpl.c                 |  20 +-
 NetworkPkg/HttpDxe/HttpsSupport.c             | 172 ++++++++++++------
 .../RedfishRestExDxe/RedfishRestExDriver.c    |  94 +++++++++-
 12 files changed, 302 insertions(+), 94 deletions(-)
 create mode 100644 NetworkPkg/Include/Protocol/HttpsTlsConfigDataProtocol.h

-- 
2.37.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113004): https://edk2.groups.io/g/devel/message/113004
Mute This Topic: https://groups.io/mt/103430429/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-