From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3BF56AC0EB5 for ; Fri, 27 Oct 2023 14:28:03 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=dzyylKjeC5qw/OfO4WD1KoHeva+4Ga+JENIOBRhbHVM=; c=relaxed/simple; d=groups.io; h=Subject:To:From:User-Agent:MIME-Version:Date:References:In-Reply-To:Message-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20140610; t=1698416881; v=1; b=qFINrECrF1K14sTbr0+8Dw6YPfFNLJ0/p1xS+/EtDch2QTJ1J+bJJ8FqNrcXP6QaII0lW6fy oc8/SHqXGj4NccJoBk4+rANorSXJSpNs+JaaZhnVpi09aKZHlpKnzMUe3Xgj1BFk0Hl6snIJzH4 w0tCyZDb8xCEKmgYLzzDsEMo= X-Received: by 127.0.0.2 with SMTP id p52bYY7687511xPbxBvYDGHv; Fri, 27 Oct 2023 07:28:01 -0700 Subject: Re: [edk2-devel] SSL handshake in HTTPS boot if the certificate was signed with a root certificate To: jacopo.r00ta@gmail.com,devel@edk2.groups.io From: jacopo.r00ta@gmail.com X-Originating-Location: IT (5.90.193.87) X-Originating-Platform: Linux Firefox 118 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Fri, 27 Oct 2023 07:28:01 -0700 References: <24432.1698413459784924950@groups.io> In-Reply-To: <24432.1698413459784924950@groups.io> Message-ID: <32036.1698416881415910318@groups.io> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jacopo.r00ta@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: MO9D9eN7lRrtxUDGER3ITMrTx7686176AA= Content-Type: multipart/alternative; boundary="59LW2WVDwgoqFLB9lPXY" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=qFINrECr; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io --59LW2WVDwgoqFLB9lPXY Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On the other side, using curl I get curl --cacert rootCA.crt https://10.0.2.254:5248/ --tls-max 1.2 --tlsv1.2 -= vvvvv *=C2=A0=C2=A0 Trying 10.0.2.254:5248... * Connected to 10.0.2.254 (10.0.2.254) port 5248 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 *=C2=A0 CAfile: rootCA.crt *=C2=A0 CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: *=C2=A0 subject: C=3DUS; ST=3DVA; L=3DSomeCity; O=3DMyCompany; OU=3DMyDivis= ion; CN=3D10.0.2.254 *=C2=A0 start date: Oct 27 14:13:40 2023 GMT *=C2=A0 expire date: Mar 10 14:13:40 2025 GMT *=C2=A0 common name: 10.0.2.254 (matched) *=C2=A0 issuer: C=3DAU; ST=3DSome-State; O=3DInternet Widgits Pty Ltd *=C2=A0 SSL certificate verify ok. * TLSv1.2 (OUT), TLS header, Supplemental data (23): > GET / HTTP/1.1 > Host: 10.0.2.254:5248 > User-Agent: curl/7.81.0 > Accept: */* > * TLSv1.2 (IN), TLS header, Supplemental data (23): * Mark bundle as not supporting multiuse < HTTP/1.1 404 Not Found < Server: nginx/1.18.0 (Ubuntu) < Date: Fri, 27 Oct 2023 14:24:12 GMT < Content-Type: text/html < Transfer-Encoding: chunked < Connection: keep-alive < * Connection #0 to host 10.0.2.254 left intact -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110213): https://edk2.groups.io/g/devel/message/110213 Mute This Topic: https://groups.io/mt/102201552/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --59LW2WVDwgoqFLB9lPXY Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

On the other side, using curl I get

curl --cacert rootCA.crt https://10.0.2.254:5248/ --tls-max 1.2 --tlsv1.= 2 -vvvvv
*   Trying 10.0.2.254:5248...
* Connected to = 10.0.2.254 (10.0.2.254) port 5248 (#0)
* ALPN, offering h2
* ALPN= , offering http/1.1
*  CAfile: rootCA.crt
*  CApath: /e= tc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TL= S header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Serv= er hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS= header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Serve= r key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (2= 2):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.= 2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS han= dshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finishe= d (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OU= T), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished= (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLS= v1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.= 2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.= 1
* Server certificate:
*  subject: C=3DUS; ST=3DVA; L=3DSom= eCity; O=3DMyCompany; OU=3DMyDivision; CN=3D10.0.2.254
*  start d= ate: Oct 27 14:13:40 2023 GMT
*  expire date: Mar 10 14:13:40 202= 5 GMT
*  common name: 10.0.2.254 (matched)
*  issuer: C= =3DAU; ST=3DSome-State; O=3DInternet Widgits Pty Ltd
*  SSL certi= ficate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):=
> GET / HTTP/1.1
> Host: 10.0.2.254:5248
> User-Ag= ent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS = header, Supplemental data (23):
* Mark bundle as not supporting multiu= se
< HTTP/1.1 404 Not Found
< Server: nginx/1.18.0 (Ubuntu)=
< Date: Fri, 27 Oct 2023 14:24:12 GMT
< Content-Type: text= /html
< Transfer-Encoding: chunked
< Connection: keep-alive=
<
* Connection #0 to host 10.0.2.254 left intact

_._,_._,_

Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#110213) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--59LW2WVDwgoqFLB9lPXY--