From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A9D2C780091 for ; Sun, 7 Jan 2024 13:27:24 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=pq4JUKdqJNXDIwbV5US+w4usPTEm/7ZFjkoNPTMVSxw=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1704634043; v=1; b=Hg4PpcXM5l1gf8SOY7HqscdBdXcO9xB/7GVF8jte8ItBR/gwmg5JG8b3H4Xdmo0m1z1GDn1w iILEqUO6+XkPCZsWZ7J43Mx5IlttdI3Io6bgg1YEqzxXXbpkmU4KKEpNu+pL+1C4GvQYcwp2yRz NXGhv9TyXjBwQRGGTYs9v4Ws= X-Received: by 127.0.0.2 with SMTP id ijeXYY7687511xOm2d5dVZU9; Sun, 07 Jan 2024 05:27:23 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.41]) by mx.groups.io with SMTP id smtpd.web10.14892.1704634042681957777 for ; Sun, 07 Jan 2024 05:27:22 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fyAjPHnX5DtJIQ4HK/uCWTh9/+c6/r/mXkt67KxLJiVdz1tC54QrJRcO9ohOUl1SfzTpkWvFkdt8dVlbMpCnx1XF4Rr8cchAtoL8L1OZVmUWsTPpBq8sP2Nvt8jFtmSb8cVSaknz6cvCPAJtpDd+jL860+BQkNRIIWVzIZNYk5X1/6JLFHue016GHotrz9oRokV1j4h702R2qdog9qbkxnJakwmQrN6ErQUouZjn9hBI0qc89wrqbzhud9MLVeRzRn/9AxWMkwBcjDRRuznH77QE0y3qTfo3KX0io+EQHKKqJIXtrjKJ0IyAczCV9fViUN7zDWoHoZsz1McMbL4MBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ch1F0zOV3zY+JNPSKg5p86dPw2DtsFef5YM0kHK34Xo=; b=RgELIj8ZJnWFK7qgt5xQd48niFQs63A6aDqXQnZPRLGRwBYc5TWW2TBrEoXemwLBCbbkCLKk7+XZUykAF4B6WrFhTu8DSZHj+4xJZtfGIVG0qSTwwPTi6ES4ui8Q+d50uo355iol578IQCJMvThN2v4YdEcINy2u5iXBk3tJkETamtmbP5NtBxVECEpMXSVx3duSLCAEnsQe/jmrd13ViWU1TWECLt1zvnR1keYbhay73lXZBCR7QBTTQJhbaNglqg5zO4Po5MqwjP9MGA9fzHYhFl1Ts2mnxeLYhOUIm0a2eA7xEHjQJOwkMWPPDR7f08rp24rYvgkMZFCfXYXXtA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BL6PEPF00016411.NAMP222.PROD.OUTLOOK.COM (2603:10b6:22e:400:0:1004:0:9) by IA1PR12MB8405.namprd12.prod.outlook.com (2603:10b6:208:3d8::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.20; Sun, 7 Jan 2024 13:27:17 +0000 X-Received: from BL6PEPF0001AB4C.namprd04.prod.outlook.com (2a01:111:f403:f902::) by BL6PEPF00016411.outlook.office365.com (2603:1036:903:4::a) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.29 via Frontend Transport; Sun, 7 Jan 2024 13:27:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB4C.mail.protection.outlook.com (10.167.242.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7181.13 via Frontend Transport; Sun, 7 Jan 2024 13:27:16 +0000 X-Received: from TPE-L1-ABNCHANG.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Sun, 7 Jan 2024 07:27:14 -0600 From: "Chang, Abner via groups.io" To: CC: Saloni Kasbekar , Zachary Clark-williams , Michael Brown , Nickle Wang , Igor Kulchytskyy Subject: [edk2-devel] [PATCH V2 0/6] Refactor HTTP DXE to provide TLS reconfiguration capability Date: Sun, 7 Jan 2024 21:26:55 +0800 Message-ID: <20240107132701.302-1-abner.chang@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB4C:EE_|IA1PR12MB8405:EE_ X-MS-Office365-Filtering-Correlation-Id: 8922a22f-c3c1-40cc-018a-08dc0f845e31 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: FG10D2ifjp3wQ/sEUYCC+Xiuu+eHtWhOnfMvKcGJLew9p9TfYG5KTF/dWJ8EZEzm86faZWhzZMSgRejqHgLFe5G/ja4H2uo/OH47leMxY/eTratB1knjIgdcoLH4PWKEw7iPuzuBok72V/XHKkLp51LADVLSmz8TdfRxexdgvQFGW55LvBw1ONhJMZZM1x2b1B9olDIqfDopb6aGq/UKL3wRf6LNGYhHtcLqALT1If5ff5b6zBma5YrWrdVkxlx9lUBimADvaJwheJDZX8NaqURI8YI0WVnOoRRpXu0J+gsJQyjXUyczPgIdStm5B4K/PlyHwGcYyO9+mSOjEcgX+VTiMY34/N78NGHhnciuBMmbAdIdaMOteQK7EdbzyWZnqoEnxkmpzxeuk48+rxnLPYrdJqLP/Wk02rxuAmWHXSmTl2WSTvUHIBcvwDn7MPf5FdjyPx5RiBuFkfP6hThllhsBEXNTEASOUvgTWhETV8C8bIiQ0O7Sm6PH198sPSA8gOFf7iaI7iVz6osStB1uZoEGBhJJvS6sIGFmpaZwPKb/kPTlDjQeLe2k9BfTk/FVh7va1E540yOju4IudZIr7mXnY/0t3pymlbrF9U3m3z7UkU50sH6vMjaCCI/Y9nJXFQbN0WlyNTDFP1L5yr1K/x5RRWfhFY1IgUKDshya+j37JAkIumqbE/JvA1bJ5MS6hrw3AWTon9ov4uX5dGeQw+zIjvqGmhVrvr1wgOIgK7NqelITjC8Q4dVDaXLf9Lqfuf/ZbJ2s4kXp3XlmPN4oIQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jan 2024 13:27:16.9824 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8922a22f-c3c1-40cc-018a-08dc0f845e31 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB4C.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8405 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,abner.chang@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 4XBGayVbCXHg2UBKX2OIxM2px7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Hg4PpcXM; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Abner Chang For the HTTPS connetion that doesn't require TLS peer verification, We introduce a new HTTP event HttpEventTlsConfigured to notify HTTP callbac= k functions after TlsConfigureSession(). With this event, the upper layer HTTP application can listen to HttpEventTlsConfigured HTTP event and reconfigure TLS configuration data in the callback function to set TLS veri= fy method to TLS_VERIFY_NONE. The use case such as Redfish service connction which doesn't require the TLS peer verification on the cetificate, especially to the Redfish service connection through the in-band network interface. The root cause we are fixing is the TLS config data is hardcoded in TlsConfigureSession() for any TLS child in HttpSupport.c. With this hardcod= ed code, HTTP application has no way to give the proper TLS config data when T= LS session is initiated. In V2, total six patches. Relocate HttpEventTlsConfigured event to the end = of enum. This keeps the enum number backward compatiable. - Add 5/6 patch to uncrustify RedfishRestExDriver.h. - Fix typo in the commit sibject. In V1, total five patches: Patch 1/5: We agreed to refactor TlsCreateChild and install TLS on the given HTTP handle. Patch 2/5: We consider TLS certificate not found as a success case to ensures HTTP session is still initiated and HttpInitSession() returns EFI_SUCCESS to the caller. The failure is pushed back= to TLS DXE driver if the HTTP communication actually requires certificate. Patch 3/5: Introduce HttpEventTlsConfigured HTTP callback event Patch 4/5: REST EX DXE provides HTTP event callback protocol Patch 5/5: REST EX DXE fix. Signed-off-by: Abner Chang Cc: Saloni Kasbekar Cc: Zachary Clark-williams Cc: Michael Brown Cc: Nickle Wang Cc: Igor Kulchytskyy Abner Chang (6): NetworkPkg/HttpDxe: Refactor TlsCreateChild NetworkPkg/HttpDxe: Consider TLS certificate not found as a success case NetworkPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL RedfishPkg/RedfishRestExDxe: Uncrustify RedfishRestExDriver.h RedfishPkg/RedfishRestExDxe: Update Supported function .../RedfishRestExDxe/RedfishRestExDxe.inf | 3 + NetworkPkg/HttpDxe/HttpProto.h | 3 +- NetworkPkg/HttpDxe/HttpsSupport.h | 18 ++-- NetworkPkg/Include/Protocol/HttpCallback.h | 15 ++- .../RedfishRestExDxe/RedfishRestExDriver.h | 32 +++++-- NetworkPkg/HttpDxe/HttpImpl.c | 23 +---- NetworkPkg/HttpDxe/HttpProto.c | 8 +- NetworkPkg/HttpDxe/HttpsSupport.c | 95 ++++++++++++------- .../RedfishRestExDxe/RedfishRestExDriver.c | 85 +++++++++++++++++ 9 files changed, 204 insertions(+), 78 deletions(-) --=20 2.37.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113327): https://edk2.groups.io/g/devel/message/113327 Mute This Topic: https://groups.io/mt/103577241/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-