Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
       [not found] <15A91C212A9A35C2.15755@groups.io>
@ 2019-06-18  0:43 ` rebecca
  2019-06-18  8:52   ` Xiaoyu Lu
  0 siblings, 1 reply; 6+ messages in thread
From: rebecca @ 2019-06-18  0:43 UTC (permalink / raw)
  To: devel@edk2.groups.io, Laszlo Ersek

On 2019-06-17 16:14, rebecca@bluestop.org wrote:
> I'm having problems using HTTPS boot in OVMF: Http->Request can't find
> the EFI_TLS_SERVICE_BINDING_PROTOCOL.
>

It appears the OpenSSL update broke it. Revision b739678918 works, but
f03859ea6c doesn't.


-- 
Rebecca Cran


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
  2019-06-18  0:43 ` [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol rebecca
@ 2019-06-18  8:52   ` Xiaoyu Lu
  2019-06-18 17:53     ` rebecca
       [not found]     ` <15A95C72ACE0D0D5.4869@groups.io>
  0 siblings, 2 replies; 6+ messages in thread
From: Xiaoyu Lu @ 2019-06-18  8:52 UTC (permalink / raw)
  To: devel@edk2.groups.io, rebecca@bluestop.org; +Cc: Wang, Jian J, Laszlo Ersek

Hi bcran,

	I test this in my own environment, It works well.
	The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461
	Build command: 
	build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE
	DHCP server: Internet Systems Consortium DHCP Server 4.3.3

	Do you enroll your ca cert in Tls Auth Configuration?
	Could you give us more information? 

Thanks,
Xiaoyu

> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> rebecca@bluestop.org
> Sent: Tuesday, June 18, 2019 8:44 AM
> To: devel@edk2.groups.io; Laszlo Ersek <lersek@redhat.com>
> Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't
> find TLS Service Binding Protocol
> 
> On 2019-06-17 16:14, rebecca@bluestop.org wrote:
> > I'm having problems using HTTPS boot in OVMF: Http->Request can't find
> > the EFI_TLS_SERVICE_BINDING_PROTOCOL.
> >
> 
> It appears the OpenSSL update broke it. Revision b739678918 works, but
> f03859ea6c doesn't.
> 
> 
> --
> Rebecca Cran
> 
> 
> 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
  2019-06-18  8:52   ` Xiaoyu Lu
@ 2019-06-18 17:53     ` rebecca
       [not found]     ` <15A95C72ACE0D0D5.4869@groups.io>
  1 sibling, 0 replies; 6+ messages in thread
From: rebecca @ 2019-06-18 17:53 UTC (permalink / raw)
  To: Lu, XiaoyuX, devel@edk2.groups.io; +Cc: Wang, Jian J, Laszlo Ersek

On 2019-06-18 02:52, Lu, XiaoyuX wrote:
> 	I test this in my own environment, It works well.
> 	The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461
> 	Build command: 
> 	build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE
> 	DHCP server: Internet Systems Consortium DHCP Server 4.3.3
>
> 	Do you enroll your ca cert in Tls Auth Configuration?
> 	Could you give us more information? 


I set up a Linux environment to test, and found that it does actually
work there after all. So it seems the breakage is limited to running
OVMF built on FreeBSD, which I'll work on myself to fix.


-- 
Rebecca Cran


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
       [not found]     ` <15A95C72ACE0D0D5.4869@groups.io>
@ 2019-06-18 21:26       ` rebecca
  2019-06-19  8:07         ` Xiaoyu Lu
  0 siblings, 1 reply; 6+ messages in thread
From: rebecca @ 2019-06-18 21:26 UTC (permalink / raw)
  To: Lu, XiaoyuX, devel@edk2.groups.io; +Cc: Wang, Jian J, Laszlo Ersek

On 2019-06-18 11:53, rebecca@bluestop.org wrote:
> On 2019-06-18 02:52, Lu, XiaoyuX wrote:
>> 	I test this in my own environment, It works well.
>> 	The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461
>> 	Build command: 
>> 	build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE
>> 	DHCP server: Internet Systems Consortium DHCP Server 4.3.3
>>
>> 	Do you enroll your ca cert in Tls Auth Configuration?
>> 	Could you give us more information? 
>
> I set up a Linux environment to test, and found that it does actually
> work there after all. So it seems the breakage is limited to running
> OVMF built on FreeBSD, which I'll work on myself to fix.
>
>

Sorry - actually, I realized I was only testing the NOOPT build on
FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE
does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT
doesn't.


Could you check if the NOOPT OVMF build works with HTTPS on your system,
please?


-- 
Rebecca Cran


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
  2019-06-18 21:26       ` rebecca
@ 2019-06-19  8:07         ` Xiaoyu Lu
  2019-06-19 13:40           ` rebecca
  0 siblings, 1 reply; 6+ messages in thread
From: Xiaoyu Lu @ 2019-06-19  8:07 UTC (permalink / raw)
  To: devel@edk2.groups.io, rebecca@bluestop.org; +Cc: Wang, Jian J, Laszlo Ersek

Hi bcran,

> -----Original Message-----
> From: Rebecca Cran [mailto:rebecca@bluestop.org]
> Sent: Wednesday, June 19, 2019 5:27 AM
> To: Lu, XiaoyuX <xiaoyux.lu@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Laszlo Ersek <lersek@redhat.com>
> Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't
> find TLS Service Binding Protocol
> 
> On 2019-06-18 11:53, rebecca@bluestop.org wrote:
> > On 2019-06-18 02:52, Lu, XiaoyuX wrote:
> >> 	I test this in my own environment, It works well.
> >> 	The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461
> >> 	Build command:
> >> 	build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D
> NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE
> >> 	DHCP server: Internet Systems Consortium DHCP Server 4.3.3
> >>
> >> 	Do you enroll your ca cert in Tls Auth Configuration?
> >> 	Could you give us more information?
> >
> > I set up a Linux environment to test, and found that it does actually
> > work there after all. So it seems the breakage is limited to running
> > OVMF built on FreeBSD, which I'll work on myself to fix.
> >
> >
> 
> Sorry - actually, I realized I was only testing the NOOPT build on
> FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE
> does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT
> doesn't.
> 
> 
> Could you check if the NOOPT OVMF build works with HTTPS on your
> system,
> please?
> 

Thanks for your information. I checked the NOOPT OVMF in linux environment, it failed too.
I think compiler optimization hides this problem. 
By default, OpenSSL will auto load config file. But UEFI don't use it.
And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change openssl_config_int
function will cause this problem.

And I made a patch for it. You can find it at
https://edk2.groups.io/g/devel/message/42577

Thanks,
Xiaoyu

> 
> --
> Rebecca Cran


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
  2019-06-19  8:07         ` Xiaoyu Lu
@ 2019-06-19 13:40           ` rebecca
  0 siblings, 0 replies; 6+ messages in thread
From: rebecca @ 2019-06-19 13:40 UTC (permalink / raw)
  To: Lu, XiaoyuX, devel@edk2.groups.io; +Cc: Wang, Jian J, Laszlo Ersek

On 2019-06-19 02:07, Lu, XiaoyuX wrote:
>
> Thanks for your information. I checked the NOOPT OVMF in linux environment, it failed too.
> I think compiler optimization hides this problem. 
> By default, OpenSSL will auto load config file. But UEFI don't use it.
> And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change openssl_config_int
> function will cause this problem.
>
> And I made a patch for it. You can find it at
> https://edk2.groups.io/g/devel/message/42577



Thanks! That fixed the problem.


-- 
Rebecca Cran


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2019-06-19 13:40 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <15A91C212A9A35C2.15755@groups.io>
2019-06-18  0:43 ` [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol rebecca
2019-06-18  8:52   ` Xiaoyu Lu
2019-06-18 17:53     ` rebecca
     [not found]     ` <15A95C72ACE0D0D5.4869@groups.io>
2019-06-18 21:26       ` rebecca
2019-06-19  8:07         ` Xiaoyu Lu
2019-06-19 13:40           ` rebecca

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox