From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by mx.groups.io with SMTP id smtpd.web11.6990.1576835224115505422
 for <devel@edk2.groups.io>;
 Fri, 20 Dec 2019 01:47:04 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiaxin.wu@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Dec 2019 01:47:03 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,335,1571727600"; 
   d="scan'208,217";a="390828443"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
  by orsmga005.jf.intel.com with ESMTP; 20 Dec 2019 01:47:03 -0800
Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Fri, 20 Dec 2019 01:47:02 -0800
Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by
 FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Fri, 20 Dec 2019 01:47:02 -0800
Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.164]) by
 SHSMSX152.ccr.corp.intel.com ([169.254.6.222]) with mapi id 14.03.0439.000;
 Fri, 20 Dec 2019 17:47:00 +0800
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: Sivaraman Nainar <sivaramann@amiindia.co.in>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>, "Fu, Siyuan" <siyuan.fu@intel.com>, "Rabeda, Maciej"
	<maciej.rabeda@linux.intel.com>
CC: "Madhan B. Santharam" <madhans@ami.com>, "Arun Subramanian  B"
	<arunsubramanianb@ami.com>, Arun Sura Soundara Pandian
	<arunsuras@amiindia.co.in>, Bhuvaneshwari M R
	<bhuvaneshwarimr@amiindia.co.in>
Subject: Re: reg: HTTPS Certificate Update
Thread-Topic: reg: HTTPS Certificate Update
Thread-Index: AdW0ARydMmD2tW+ITkCGvBPjuEe0LwC6wbdAAArNf5A=
Date: Fri, 20 Dec 2019 09:46:59 +0000
Message-ID: <895558F6EA4E3B41AC93A00D163B727416FC4BF2@SHSMSX107.ccr.corp.intel.com>
References: <B4DE137BDB63634BAC03BD9DE765F197029AE573A5@VENUS1.in.megatrends.com>
In-Reply-To: <B4DE137BDB63634BAC03BD9DE765F197029AE573A5@VENUS1.in.megatrends.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYzAzYjYxZjktYjhjYy00YzUyLTg4NWMtNWU4ZGJjYTdmZmEzIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiZ0kyQkFOcFwvZm8rVFlPQ2FidnlKV01XVVBnb1l5MWNpMXJ4dk5yTWhmSnpmK1ZsRzNWM0ZPSGxmd3lrVDVtckYifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jiaxin.wu@intel.com
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_895558F6EA4E3B41AC93A00D163B727416FC4BF2SHSMSX107ccrcor_"

--_000_895558F6EA4E3B41AC93A00D163B727416FC4BF2SHSMSX107ccrcor_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Siva,

I agree we should continue the next certificates configuration even the cur=
rent one is invalid (since we already have the sanity check before the sett=
ing).

Please report one Bugzilla for the issue.

Maciej, can you help fix on that?

Thanks,
Jiaxin

From: Sivaraman Nainar <sivaramann@amiindia.co.in>
Sent: Friday, December 20, 2019 12:16 PM
To: devel@edk2.groups.io; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siy=
uan.fu@intel.com>
Cc: Madhan B. Santharam <madhans@ami.com>; Arun Subramanian B <arunsubraman=
ianb@ami.com>; Arun Sura Soundara Pandian <arunsuras@amiindia.co.in>; Bhuva=
neshwari M R <bhuvaneshwarimr@amiindia.co.in>
Subject: RE: reg: HTTPS Certificate Update

Hello Jiaxin / Siyuan:

Would you please feedback on this.

-Siva
From: Sivaraman Nainar
Sent: Monday, December 16, 2019 4:42 PM
To: 'devel@edk2.groups.io'; 'Wu, Jiaxin'; 'Fu, Siyuan'
Cc: Madhan B. Santharam; Arun Subramanian B; Arun Sura Soundara Pandian; Bh=
uvaneshwari M R
Subject: reg: HTTPS Certificate Update

Hello All:

Need clarification on the Certificate Validation Procedure used in HTTP Boo=
t.

The certificate parsing done at HttpDxe in file HttpsSupport.c in the funct=
ion TlsConfigCertificate().

The below code snippet is TlsSetSessionData call for each certificate data.

  while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureListSi=
ze)) {
    Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNA=
TURE_LIST) + CertList->SignatureHeaderSize);
    CertCount  =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIS=
T) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
    for (Index =3D 0; Index < CertCount; Index++) {
      //
      // EfiTlsConfigDataTypeCACertificate
      //
      Status =3D HttpInstance->TlsConfiguration->SetData (
                                                 HttpInstance->TlsConfigura=
tion,
                                                 EfiTlsConfigDataTypeCACert=
ificate,
                                                 Cert->SignatureData,
                                                 CertList->SignatureSize - =
sizeof (Cert->SignatureOwner)
                                                 );
      if (EFI_ERROR (Status)) {
        goto FreeCACert;
      }
      Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->Signature=
Size);
    }
    ItemDataSize -=3D CertList->SignatureListSize;
    CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->Sig=
natureListSize);
  }

In the attached code, once an invalid certificate of available certificates=
 Set via TLS, if its failed the code does not post further certificates eve=
n those could be valid certificates.

Is the code is purposefully done? May we know the expected behavior of the =
code.

-Siva

--_000_895558F6EA4E3B41AC93A00D163B727416FC4BF2SHSMSX107ccrcor_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:m=3D"http://schema=
s.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html=
40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:SimSun;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"Bookman Old Style";
	panose-1:2 5 6 4 5 5 5 2 2 4;}
@font-face
	{font-family:SimSun;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle18
	{mso-style-type:personal;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
span.EmailStyle19
	{mso-style-type:personal;
	font-family:"Calibri",sans-serif;
	color:#1F497D;}
span.EmailStyle20
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hi Siva,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I agree we should continue the next certificates con=
figuration even the current one is invalid (since we already have the sanit=
y check before the setting).<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Please report one Bugzilla for the issue. <o:p></o:p=
></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Maciej, can you help fix on that?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thanks,<o:p></o:p></p>
<p class=3D"MsoNormal">Jiaxin<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><a name=3D"_____replyseparator"></a><b>From:</b> Siv=
araman Nainar &lt;sivaramann@amiindia.co.in&gt;
<br>
<b>Sent:</b> Friday, December 20, 2019 12:16 PM<br>
<b>To:</b> devel@edk2.groups.io; Wu, Jiaxin &lt;jiaxin.wu@intel.com&gt;; Fu=
, Siyuan &lt;siyuan.fu@intel.com&gt;<br>
<b>Cc:</b> Madhan B. Santharam &lt;madhans@ami.com&gt;; Arun Subramanian B =
&lt;arunsubramanianb@ami.com&gt;; Arun Sura Soundara Pandian &lt;arunsuras@=
amiindia.co.in&gt;; Bhuvaneshwari M R &lt;bhuvaneshwarimr@amiindia.co.in&gt=
;<br>
<b>Subject:</b> RE: reg: HTTPS Certificate Update<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">Hello Jiaxin / Siyuan:=
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">Would you please feedb=
ack on this.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">-Siva<o:p></o:p></span=
></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Sivaraman Nainar <br>
<b>Sent:</b> Monday, December 16, 2019 4:42 PM<br>
<b>To:</b> 'devel@edk2.groups.io'; 'Wu, Jiaxin'; 'Fu, Siyuan'<br>
<b>Cc:</b> Madhan B. Santharam; Arun Subramanian B; Arun Sura Soundara Pand=
ian; Bhuvaneshwari M R<br>
<b>Subject:</b> reg: HTTPS Certificate Update<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Hello All:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Need clarification on the Certificate Validation Pro=
cedure used in HTTP Boot.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The certificate parsing done at HttpDxe in file Http=
sSupport.c in the function
<b><span style=3D"font-size:10.0pt;font-family:&quot;Courier New&quot;;colo=
r:#C00000;background:silver;mso-highlight:silver">TlsConfigCertificate</spa=
n></b><b><span style=3D"font-size:10.0pt;font-family:&quot;Courier New&quot=
;;color:#C00000">()</span></b>.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The below code snippet is TlsSetSessionData call for=
 each certificate data.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;
</span><b><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Styl=
e&quot;,serif;color:fuchsia">while</span></b><span style=3D"font-size:9.0pt=
;font-family:&quot;Bookman Old Style&quot;,serif;color:black"> ((ItemDataSi=
ze &gt;
</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&q=
uot;,serif;color:maroon">0</span><span style=3D"font-size:9.0pt;font-family=
:&quot;Bookman Old Style&quot;,serif;color:black">) &amp;&amp; (ItemDataSiz=
e &gt;=3D CertList-&gt;</span><span style=3D"font-size:9.0pt;font-family:&q=
uot;Bookman Old Style&quot;,serif;color:#0000C0">SignatureListSize</span><s=
pan style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,seri=
f;color:black">))
 {</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style=
&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp; Cert =3D (</span><span style=3D"font-size:9.0pt;font-family:&=
quot;Bookman Old Style&quot;,serif;color:#005032">EFI_SIGNATURE_DATA</span>=
<span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,se=
rif;color:black">
 *) ((UINT8 *) CertList &#43; </span><b><span style=3D"font-size:9.0pt;font=
-family:&quot;Bookman Old Style&quot;,serif;color:fuchsia">sizeof</span></b=
><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,s=
erif;color:black"> (</span><span style=3D"font-size:9.0pt;font-family:&quot=
;Bookman Old Style&quot;,serif;color:#005032">EFI_SIGNATURE_LIST</span><spa=
n style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;=
color:black">)
 &#43; CertList-&gt;</span><span style=3D"font-size:9.0pt;font-family:&quot=
;Bookman Old Style&quot;,serif;color:#0000C0">SignatureHeaderSize</span><sp=
an style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif=
;color:black">);</span><span style=3D"font-size:9.0pt;font-family:&quot;Boo=
kman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp; CertCount&nbsp; =3D (CertList-&gt;</span><span style=3D"font-=
size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:#0000C0">S=
ignatureListSize</span><span style=3D"font-size:9.0pt;font-family:&quot;Boo=
kman Old Style&quot;,serif;color:black">
 - </span><b><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old S=
tyle&quot;,serif;color:fuchsia">sizeof</span></b><span style=3D"font-size:9=
.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black"> (</span>=
<span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,se=
rif;color:#005032">EFI_SIGNATURE_LIST</span><span style=3D"font-size:9.0pt;=
font-family:&quot;Bookman Old Style&quot;,serif;color:black">)
 - CertList-&gt;</span><span style=3D"font-size:9.0pt;font-family:&quot;Boo=
kman Old Style&quot;,serif;color:#0000C0">SignatureHeaderSize</span><span s=
tyle=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;col=
or:black">) / CertList-&gt;</span><span style=3D"font-size:9.0pt;font-famil=
y:&quot;Bookman Old Style&quot;,serif;color:#0000C0">SignatureSize</span><s=
pan style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,seri=
f;color:black">;</span><span style=3D"font-size:9.0pt;font-family:&quot;Boo=
kman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;
</span><b><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Styl=
e&quot;,serif;color:fuchsia">for</span></b><span style=3D"font-size:9.0pt;f=
ont-family:&quot;Bookman Old Style&quot;,serif;color:black"> (Index =3D
</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&q=
uot;,serif;color:maroon">0</span><span style=3D"font-size:9.0pt;font-family=
:&quot;Bookman Old Style&quot;,serif;color:black">; Index &lt; CertCount; I=
ndex&#43;&#43;) {</span><span style=3D"font-size:9.0pt;font-family:&quot;Bo=
okman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;
</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&q=
uot;,serif;color:#009600">//</span><span style=3D"font-size:9.0pt;font-fami=
ly:&quot;Bookman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;
</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&q=
uot;,serif;color:#009600">// EfiTlsConfigDataTypeCACertificate</span><span =
style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif"><=
o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;
</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&q=
uot;,serif;color:#009600">//</span><span style=3D"font-size:9.0pt;font-fami=
ly:&quot;Bookman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; Status =3D HttpInstance-&gt;</span><span style=3D=
"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:#000=
0C0">TlsConfiguration</span><span style=3D"font-size:9.0pt;font-family:&quo=
t;Bookman Old Style&quot;,serif;color:black">-&gt;</span><span style=3D"fon=
t-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:#0000C0"=
>SetData</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old=
 Style&quot;,serif;color:black">
 (</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style=
&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpInstance-&gt=
;</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&=
quot;,serif;color:#0000C0">TlsConfiguration</span><span style=3D"font-size:=
9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">,</span>=
<span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,se=
rif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><i><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Styl=
e&quot;,serif;color:#0000C0">EfiTlsConfigDataTypeCACertificate</span></i><s=
pan style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,seri=
f;color:black">,</span><span style=3D"font-size:9.0pt;font-family:&quot;Boo=
kman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Cert-&gt;</span>=
<span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,se=
rif;color:#0000C0">SignatureData</span><span style=3D"font-size:9.0pt;font-=
family:&quot;Bookman Old Style&quot;,serif;color:black">,</span><span style=
=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif"><o:p><=
/o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CertList-&gt;</s=
pan><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot=
;,serif;color:#0000C0">SignatureSize</span><span style=3D"font-size:9.0pt;f=
ont-family:&quot;Bookman Old Style&quot;,serif;color:black">
 - </span><b><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old S=
tyle&quot;,serif;color:fuchsia">sizeof</span></b><span style=3D"font-size:9=
.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black"> (Cert-&g=
t;</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style=
&quot;,serif;color:#0000C0">SignatureOwner</span><span style=3D"font-size:9=
.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">)</span><=
span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,ser=
if"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; );</span><span s=
tyle=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif"><o=
:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;
</span><b><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Styl=
e&quot;,serif;color:fuchsia">if</span></b><span style=3D"font-size:9.0pt;fo=
nt-family:&quot;Bookman Old Style&quot;,serif;color:black"> (EFI_ERROR (Sta=
tus)) {</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old =
Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><b><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Styl=
e&quot;,serif;color:fuchsia">goto</span></b><span style=3D"font-size:9.0pt;=
font-family:&quot;Bookman Old Style&quot;,serif;color:black"> FreeCACert;</=
span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quo=
t;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; }</span><span style=3D"font-size:9.0pt;font-famil=
y:&quot;Bookman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; Cert =3D (</span><span style=3D"font-size:9.0pt;f=
ont-family:&quot;Bookman Old Style&quot;,serif;color:#005032">EFI_SIGNATURE=
_DATA</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old St=
yle&quot;,serif;color:black">
 *) ((UINT8 *) Cert &#43; CertList-&gt;</span><span style=3D"font-size:9.0p=
t;font-family:&quot;Bookman Old Style&quot;,serif;color:#0000C0">SignatureS=
ize</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Styl=
e&quot;,serif;color:black">);</span><span style=3D"font-size:9.0pt;font-fam=
ily:&quot;Bookman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp; }</span><span style=3D"font-size:9.0pt;font-family:&quot;Book=
man Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp; ItemDataSize -=3D CertList-&gt;</span><span style=3D"font-siz=
e:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:#0000C0">Sign=
atureListSize</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookma=
n Old Style&quot;,serif;color:black">;</span><span style=3D"font-size:9.0pt=
;font-family:&quot;Bookman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
;&nbsp;&nbsp; CertList =3D (</span><span style=3D"font-size:9.0pt;font-fami=
ly:&quot;Bookman Old Style&quot;,serif;color:#005032">EFI_SIGNATURE_LIST</s=
pan><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Style&quot=
;,serif;color:black">
 *) ((UINT8 *) CertList &#43; CertList-&gt;</span><span style=3D"font-size:=
9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:#0000C0">Signat=
ureListSize</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman =
Old Style&quot;,serif;color:black">);</span><span style=3D"font-size:9.0pt;=
font-family:&quot;Bookman Old Style&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:9.0pt;font-family:&quot;Bookman Old Style&quot;,serif;color:black">&nbsp=
; }</span><span style=3D"font-size:9.0pt;font-family:&quot;Bookman Old Styl=
e&quot;,serif"><o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In the attached code, once an invalid certificate of=
 available certificates Set via TLS, if its failed the code does not post f=
urther certificates even those could be valid certificates.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Is the code is purposefully done? May we know the ex=
pected behavior of the code.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">-Siva<o:p></o:p></p>
</div>
</div>
</body>
</html>

--_000_895558F6EA4E3B41AC93A00D163B727416FC4BF2SHSMSX107ccrcor_--