From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 61333740039 for ; Sat, 30 Dec 2023 11:29:50 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Zvc8+K0Pddl3pzVWNR3o6HCshtZfp5G+IzvNZb+Ztg4=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1703935789; v=1; b=f+PQRvx2RyTWmLMpooldOnZLF4vJ8K0qZBzCkIltAKGWG9KhpY9X0J/MFr1EkdJAD/81XVNz ep4cWV1VAXP+qsOuei2u2Kmcr5fEXVHp84Lw9kdYl21Gc4Jgid+QLxmjpmgod6lzS3xGBLJZCi+ JpSbBg3nFIbVJgryJOTQdWZQ= X-Received: by 127.0.0.2 with SMTP id iYtVYY7687511xQhoTzyUF80; Sat, 30 Dec 2023 03:29:49 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.64]) by mx.groups.io with SMTP id smtpd.web11.182758.1703935788240128120 for ; Sat, 30 Dec 2023 03:29:48 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cw6NQ5dXh9SgnV3Sx14cBo9sYtlnrHYRWlftWuCqmxpRqJr6MJUaBZkgHhKJMvvgGD/fNCqlfxZe/Ce5QMPXI4NQGT96DUJLkDDJtfkvmRTExtK21TMRPhXVJddYCzhJYv8CawTq9Faou271vv/vKWNpbOB57RTWSXOCsVOoNaiE1UgHAUZGfduENBG8nS3MrIIFoZAMQu1nFgTYG9bVWUjKwprRDpi4E1u1KNkHEUjHSPo/vloW4o+w93Or0DxdjXVqiD0q5jd8WwpvmWvYcGzBvELFlp+l6Xa9KgKuxxPLm6x1najyrmVoe612eQqytbfgz1+ZsMgear4dfpuX6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0RXQLs+ENsf2ib6V9WI/MYPWwa+9lqMzPVqjsP6CJcw=; b=YIzrYOJm+1VfC1rme6Vna1OTomqK2FXM8+YxH83Mpjhx7B+PDjDFWfuyridt0uNZaBSMr0pgLYIB1GPYSlY3PXwi5iOoKibgHUDXRWt0LalL8J0CDOYCqamFixyeATLmKUUV65TykEvImPulRfmaJa9E41tSfjag2doDEeE2A0ikss0wQJB0QjVA5fHjWwof3OgOCx0pbn/pi2dcautM6v6gSh6xePcF3NVCCoI6GdPPRoqdF6kKVIB0gMmYEAMcsaKCspXWucv54i0SO5MpALqFHlVHsrN1mw/G4BERW9RxrHdctZVQx6oLXa/lMfxlgmsi0nRsMPAlU9K1wvBWTg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DS0PR17CA0003.namprd17.prod.outlook.com (2603:10b6:8:191::17) by BY5PR12MB4163.namprd12.prod.outlook.com (2603:10b6:a03:202::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.22; Sat, 30 Dec 2023 11:29:45 +0000 X-Received: from DS1PEPF00017093.namprd03.prod.outlook.com (2603:10b6:8:191:cafe::b6) by DS0PR17CA0003.outlook.office365.com (2603:10b6:8:191::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.21 via Frontend Transport; Sat, 30 Dec 2023 11:29:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS1PEPF00017093.mail.protection.outlook.com (10.167.17.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7159.9 via Frontend Transport; Sat, 30 Dec 2023 11:29:44 +0000 X-Received: from TPE-L1-ABNCHANG.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Sat, 30 Dec 2023 05:29:42 -0600 From: "Chang, Abner via groups.io" To: CC: Saloni Kasbekar , Zachary Clark-williams , Michael Brown , Nickle Wang , Igor Kulchytskyy Subject: [edk2-devel] [PATCH 0/5] Support HTTP application TLS configuration protocol Date: Sat, 30 Dec 2023 19:29:24 +0800 Message-ID: <20231230112929.1711-1-abner.chang@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS1PEPF00017093:EE_|BY5PR12MB4163:EE_ X-MS-Office365-Filtering-Correlation-Id: 78702325-c0f9-43b8-a610-08dc092a9f77 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: XHwKLYoKRD05hzJwL4U8XRpEomdqu1Ptf0ri+OsvkiZNxJoiVVobisKJTLHzmV+nwcYiQ9IFULwk6q5kEpPEBjhvuY482JR4Dj5lHruX1bSzLAqHkKki31CnQ3cTLZHcNHchIb9dczVb05lxdJGJIwsEtUEI+BhSxXJs0+7I50XDei9dmBc+Sj5Iy5W8TW4NvRSY4ZzHEFQ6FCTE90lAiPW9nQxD8onm/7XC2tZOI+WN6WPBkFkNli7gJ+4r54rGZ7uQLhKn0KzJqQIBkToHCHMDzaX9cpEMQQFs6tLUcvdNMxozlKzassTAzRB69HjksP8lkCRvi9ZWCIgc6scG1O9OyIVE0NcagQprdjbZZNy/fpNXOvCMr0jpFtNGmB3IIP/QM6NgdWyaIaZzt+wsKuagrGEYRdaIgTjFKpPzeodgRKqsEpUsH4Z08gZ4EZLbIVeOzosozIoRE8co1fuhCLZh5dCbppTfZk80I/5zrZcPHRk5xs2ebPcmEjPyXyS5TZK+8IDxSq2Hs75Z9aYmoR7XQR76/z3BVarTAcp8GfrwXbT8E6bvEaRV/sTPBl8m30EIW0XLcIaOnrN5IRV2UQxvxLDlDnL9HkYJvGK6niKMpMapSKfIaw9v4t9088/ZQ7v7HDbWm4a5xuwRPJyWwHs9E0HUcqAFecf/hlNAJ/dwuJCVxhRkUuf8GtX1L3bDjyWdxz7ikTgndGnwxCH5ddtdRUK+835dDjXmeEdeVKPBNPJAq39bNP/hysDxIUVx5Ke/HdNfNv68E+uxLYURWA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Dec 2023 11:29:44.7681 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 78702325-c0f9-43b8-a610-08dc092a9f77 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF00017093.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4163 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,abner.chang@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: O6gt3VfxJuDDEqc6bAi3lgB3x7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=f+PQRvx2; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") From: Abner Chang For the HTTPS connetion that doesn't require TLS peer verification, EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL is introduced to HTTP application to provide its own TLS configure data that replaces the default value initiated by HTTP DXE driver. The use case such as Redfish service connction which doesn't require the TLS peer verification on the cetificate, especially to the Redfish service connection through the in-band network interface. The root cause we are fixing is the TLS config data is hardcoded for any TLS child in HttpSupport.c. With this hardcoded code, HTTP application has no way to give the proper TLS config data when TLS session is initiated. In the previous conversation with Michael, we agreed to refactor TlsCreateChild and install TLS on the given HTTP handle. Upper HTTP application like Redfish can listen to TLS installation and hook TLS SetSessionData function. However, the code is not simple and the solution also gives burdens to application to hack TLS function which is not ideal. (Refer to https://github.com/tianocore/edk2/commit/823a6f86829a12c5b7447f59= e36c4a35c226b96f) Comapre to the above solution and th one I sent for review before, this pacth is much simple and architected to fix the hardcoded TLS configuration data in HTTP DXE driver. Signed-off-by: Abner Chang Cc: Saloni Kasbekar Cc: Zachary Clark-williams Cc: Michael Brown Cc: Nickle Wang Cc: Igor Kulchytskyy Abner Chang (2): NetworkPkg/HttpDxe: Refactor TlsCreateChild function RedfishPkg/RedfishRestExDxe: Update the Supported function abnchang (3): NetworkPkg: Introduce HttpsTlsConfigDataProtocol NetworkPkg/HttpDxe: Use HttpsTlsConfigDataProtocol RedfishPkg/RedfishRestExDxe: Produce EdkiiHttpsTlsConfigData protocol NetworkPkg/NetworkPkg.dec | 3 + RedfishPkg/RedfishPkg.dec | 5 + NetworkPkg/HttpDxe/HttpDxe.inf | 1 + .../RedfishRestExDxe/RedfishRestExDxe.inf | 2 + NetworkPkg/HttpDxe/HttpDriver.h | 1 + NetworkPkg/HttpDxe/HttpProto.h | 10 +- NetworkPkg/HttpDxe/HttpsSupport.h | 17 +- .../Protocol/HttpsTlsConfigDataProtocol.h | 48 +++++ .../RedfishRestExDxe/RedfishRestExDriver.h | 23 ++- NetworkPkg/HttpDxe/HttpImpl.c | 20 +- NetworkPkg/HttpDxe/HttpsSupport.c | 172 ++++++++++++------ .../RedfishRestExDxe/RedfishRestExDriver.c | 94 +++++++++- 12 files changed, 302 insertions(+), 94 deletions(-) create mode 100644 NetworkPkg/Include/Protocol/HttpsTlsConfigDataProtocol.= h --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113004): https://edk2.groups.io/g/devel/message/113004 Mute This Topic: https://groups.io/mt/103430429/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-