From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.1712.1571969547813000632 for ; Thu, 24 Oct 2019 19:12:27 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiaxin.wu@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Oct 2019 19:12:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,226,1569308400"; d="scan'208";a="399965054" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga006.fm.intel.com with ESMTP; 24 Oct 2019 19:12:27 -0700 Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 24 Oct 2019 19:12:27 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 24 Oct 2019 19:12:26 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.33]) by shsmsx102.ccr.corp.intel.com ([169.254.2.176]) with mapi id 14.03.0439.000; Fri, 25 Oct 2019 10:12:25 +0800 From: "Wu, Jiaxin" To: Laszlo Ersek , David Woodhouse , "devel@edk2.groups.io" CC: Bret Barkelew , "Wang, Jian J" , Richard Levitte , "Sivaraman Nainar" Subject: Re: [edk2-devel] [RFC v1 5/4] CryptoPkg/TlsLib: accept peer certs via both DNS names and IP addresses Thread-Topic: [edk2-devel] [RFC v1 5/4] CryptoPkg/TlsLib: accept peer certs via both DNS names and IP addresses Thread-Index: AQHVg62DZ6WOVWxXskyQgy9MaFNi8adcnJFA//++8YCAAByLAIAAJ70AgAAf7oCAABMIAIANy9ig Date: Fri, 25 Oct 2019 02:12:24 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B727416F846E8@SHSMSX107.ccr.corp.intel.com> References: <20190927034441.3096-1-Jiaxin.wu@intel.com> <20191015230839.27708-1-lersek@redhat.com> <895558F6EA4E3B41AC93A00D163B727416F81251@SHSMSX107.ccr.corp.intel.com> <56d17f5f-8433-2ec5-924c-bade642ac5a7@redhat.com> <139da0c5a4684b76809fa19acc007f4699e3eb28.camel@infradead.org> <81cf523b-1cc0-9df1-cbb3-c16a78e26a55@redhat.com> In-Reply-To: <81cf523b-1cc0-9df1-cbb3-c16a78e26a55@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMWFhMGUxZGUtODY1Yy00ODUyLWI3MjEtNjJlZmZmYjk0ZjU5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiYVU3RVJvQ0NlWndMb2cyV1ZGQ2I0cGU0ODlrQkthTFNma1V4TlAwcFVHZzRBWnBWRGtmaWtxbjg5QUpNQklzQSJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jiaxin.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable >=20 >=20 > Regarding the current edk2 patch set, I think we should do the following: >=20 > - use X509_VERIFY_PARAM_set1_ip() rather than > X509_VERIFY_PARAM_set1_ip_asc() >=20 > - incorporate "StdLib/BsdSocketLib/inet_pton.c" from the edk2-libc > project (which used to be part of edk2 itself) into TlsLib, and call > inet_pton() for parsing the address as both IPv4 and IPv6. >=20 > The source file mentioned above seems to depend only on the strchr() and > memcpy() functions, and "CryptoPkg/Library/Include/CrtLibSupport.h" > already provides macros for those. >=20 > Jiaxin, what's your opinion? >=20 Agree. It's makes sense to me.=20 > Thanks > Laszlo