From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3B2047803DB for ; Fri, 5 Jan 2024 08:37:51 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=snltF1e6a50sbFZJmi7oZTYOFT4BK4+8GIWlJx4dUTg=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1704443869; v=1; b=dWDgQp0uDNJMyTgCB+kmAM7+203M3EEvn2MoosIGs8DqfOnAxuCp/PuMa7Rkm0u8bOdY87wn h2EEZZ/I8TZ2kX9JJA2A1AQUW5rWZGPNxlk0M0Rdum3puFh9N460JsO08vAox4ayNwHHFiCNvgi VrAmeIZ2HXyrvjVoRrV53s3o= X-Received: by 127.0.0.2 with SMTP id gpw4YY7687511xOX6Fln7EXI; Fri, 05 Jan 2024 00:37:49 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.58]) by mx.groups.io with SMTP id smtpd.web10.19662.1704443869226111418 for ; Fri, 05 Jan 2024 00:37:49 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ny4hu5KhZkq4ExuQ0ruAVESK8hykcEv0fi5JY2ujCZ0t5wL4DXPDYJ2cN+am8RNDcp57hMF5wyWFuOQExZAXeeiv3r/v++yTJ2f/eIOE1owNrpJJPGbf+nkZANIk2sDoNLHA/2Ih+N4DkuI9+Jn3w9su80j07w8AWidKVgV/LXaYJl1Cu0WD5kbhzZmSz3ijyF9TnIVhY0gEZBQWUzDU0AWPnNYvZOkZAt6Vdl+0wZZfCOL+9zX++SQcf85gGx5UIABfNmTJLHsWkYxoqXtCXTAt1jD9U8aLDXhcFcbbndUMEeSF8krc5sVFwj52SXl63MSNVENUltYPLAAoKV9Ykw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8rjna3NphmFaKetElP+I7/tJmYShNKbTGZU1/FLaqj4=; b=eZgGT9keeZBJBEBSU/MsorSX7eibtOK6oRH/gr8o5G7TKkOdPH8zN2wK9FUguqz1VYMtLIm/Hm4FSe8vEEiQnfWqcKMeXjrn4L4Qk0C91fGO5dy4NSQkWgOJlDxlclhKb2FhXDRZsG4FP9g9WQjjUGyetEKcg/IQ/+57KX3NJGQ1zBt2P1CgvxRwwywuFGCCXRbhxe8/uwf5wg7vfo1GXbvXwp1h0iTGWLY+zfXoSoijEgHsvcqgHQYMhuK5Tk/NiXDuouD6rEIGSxD+1eQjYS+A+iIp+rJTowqvWwt1ohGWtEZz/C5buRYPBqoAyl/CtEA8jRxyDiPXxintGDkZmw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from SJ0PR03CA0194.namprd03.prod.outlook.com (2603:10b6:a03:2ef::19) by SN7PR12MB8028.namprd12.prod.outlook.com (2603:10b6:806:341::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.14; Fri, 5 Jan 2024 08:37:46 +0000 X-Received: from SJ1PEPF00001CEB.namprd03.prod.outlook.com (2603:10b6:a03:2ef:cafe::9d) by SJ0PR03CA0194.outlook.office365.com (2603:10b6:a03:2ef::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.14 via Frontend Transport; Fri, 5 Jan 2024 08:37:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CEB.mail.protection.outlook.com (10.167.242.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7159.9 via Frontend Transport; Fri, 5 Jan 2024 08:37:45 +0000 X-Received: from TPE-L1-ABNCHANG.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 5 Jan 2024 02:37:43 -0600 From: "Chang, Abner via groups.io" To: CC: Saloni Kasbekar , Zachary Clark-williams , Michael Brown , Nickle Wang , Igor Kulchytskyy Subject: [edk2-devel] [PATCH 0/5] Refactor HTTP DXE to provide TLS reconfiguration capability Date: Fri, 5 Jan 2024 16:37:11 +0800 Message-ID: <20240105083716.340-1-abner.chang@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CEB:EE_|SN7PR12MB8028:EE_ X-MS-Office365-Filtering-Correlation-Id: 24397c6b-e9c3-4639-7046-08dc0dc99772 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: AG7YQV+03ObI9RXmDesRuxCb0VRyGf82B9QfihlkA0aH79zi6qHg+S458Yl60+UMw3PaQCe9A93zZOW0sJd+ZRFRSpWUC3S1dZuO9qmOgZ7Bx57OB7fU0eWC7pcwSsWFCZ3oJOGyF6T6KcXebSfNJRhX64GBzVhfgEW0kXN6TuhD43FxcaKjvslGVDIZjMx5yNVL0b+neyfbII//4S1heNXl7mMOSOnu/fS3iJf8hIgGuJLg1tLyr42OZ/O0ncIySQrFHWz6/YRIjc31qRExZ5gPBm1JVDVbex1pgKZuGx+LJezi8m8DD4m+NmBTfE7gpe6E7ZSQWHLOlD4dSqcMxsOGAOiVowOMRMWDXaxo8nSlQCbbzhzgQFZJLZXFKx6ijbIKbO1V2q5D7EyJX4/CA/kaIBnDqXycCs+7BkjM4UGvTYwZRpOlsVCEfVuact07P5daA9af7rizErtVa5VqGRkhYeeHxrWWnLbPHnRVVYA5of1DrhkC4C3bnajpxmAOexYJBJm1uFE1uKY7/GrqYAN8rbUqxgzhk/jEldEbB+LUhY7CzOMcyoreqSDj4sYXs0mVvKWsjZa6PEiyR8gbuFHT+EKtYGtbQAp+J2OubKChoPOqURC1IhPfghU5q40ID8k0g8sKXmi6bSvlfmlPGbyIADKu0KubJh340XaXJH6ovKTbsTmEbbmaOyiPg+15ayOmwGamwKFoy+0p8aV+lGC2T5i4EdqL2xlZWo0kGpnmFgtS8X6BBoZSAIz8jWenoq9JtKveIM4iFnXhqDEe0w== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2024 08:37:45.8027 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 24397c6b-e9c3-4639-7046-08dc0dc99772 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CEB.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB8028 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,abner.chang@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: UQ8AgCaRFlwzw0ffpS2uAOlDx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=dWDgQp0u; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Abner Chang For the HTTPS connetion that doesn't require TLS peer verification, We introduce a new HTTP event HttpEventTlsConfigured to notify HTTP callbac= k functions after TlsConfigureSession(). With this event, the upper layer HTTP application can listen to HttpEventTlsConfigured HTTP event and reconfigure TLS configuration data in the callback function to set TLS veri= fy method to TLS_VERIFY_NONE. The use case such as Redfish service connction which doesn't require the TLS peer verification on the cetificate, especially to the Redfish service connection through the in-band network interface. The root cause we are fixing is the TLS config data is hardcoded in TlsConfigureSession() for any TLS child in HttpSupport.c. With this hardcod= ed code, HTTP application has no way to give the proper TLS config data when T= LS session is initiated. In Patch 1/5: We agreed to refactor TlsCreateChild and install TLS on the given HTTP handle. In Patch 2/5: We consider TLS certificate not found as a success case to ensures HTTP session is still initiated and HttpInitSession() returns EFI_SUCCESS to the caller. The failure is pushed back= to TLS DXE driver if the HTTP communication actually requires certificate. In Patch 3/5: Introduce HttpEventTlsConfigured HTTP callback event In Patch 4/5: REST EX DXE provides HTTP event callback protocol In Patch 5/5: REST EX DXE fix. Signed-off-by: Abner Chang Cc: Saloni Kasbekar Cc: Zachary Clark-williams Cc: Michael Brown Cc: Nickle Wang Cc: Igor Kulchytskyy Abner Chang (5): NetwokrPkg/HttpDxe: Refactor TlsCreateChild NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL RedfishPkg/RedfishRestExDxe: Update Supported function .../RedfishRestExDxe/RedfishRestExDxe.inf | 2 + NetworkPkg/HttpDxe/HttpProto.h | 3 +- NetworkPkg/HttpDxe/HttpsSupport.h | 18 ++-- NetworkPkg/Include/Protocol/HttpCallback.h | 11 +++ .../RedfishRestExDxe/RedfishRestExDriver.h | 31 ++++-- NetworkPkg/HttpDxe/HttpImpl.c | 23 +---- NetworkPkg/HttpDxe/HttpProto.c | 8 +- NetworkPkg/HttpDxe/HttpsSupport.c | 95 ++++++++++++------- .../RedfishRestExDxe/RedfishRestExDriver.c | 84 ++++++++++++++++ 9 files changed, 198 insertions(+), 77 deletions(-) --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113224): https://edk2.groups.io/g/devel/message/113224 Mute This Topic: https://groups.io/mt/103539577/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-