From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=none, err=SPF record not found (domain: amiindia.co.in, ip: 203.199.198.232, mailfrom: sivaramann@amiindia.co.in)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [203.199.198.232])
 by groups.io with SMTP; Fri, 07 Jun 2019 02:17:59 -0700
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 6B50C82055
	for <devel@edk2.groups.io>; Fri,  7 Jun 2019 14:54:00 +0530 (IST)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 5F67E8204A
	for <devel@edk2.groups.io>; Fri,  7 Jun 2019 14:54:00 +0530 (IST)
Received: from webmail.amiindia.co.in (venus2.in.megatrends.com [10.0.0.7])
	by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTPS
	for <devel@edk2.groups.io>; Fri,  7 Jun 2019 14:54:00 +0530 (IST)
Received: from VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5]) by
 Venus2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b%14]) with mapi id
 14.03.0248.002; Fri, 7 Jun 2019 14:47:54 +0530
From: "Sivaraman Nainar" <sivaramann@amiindia.co.in>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>
Subject: reg: Multiple Host Name Certificate
Thread-Topic: reg: Multiple Host Name Certificate
Thread-Index: AdUdEU/YOJCwI83rSEewSBlyL6o3Lg==
Date: Fri, 7 Jun 2019 09:17:53 +0000
Message-ID: <B4DE137BDB63634BAC03BD9DE765F197028B24CA23@VENUS1.in.megatrends.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.0.84.36]
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.1817-8.5.0.1020-24662.006
X-TM-AS-Result: No--19.053-5.0-31-10
X-imss-scan-details: No--19.053-5.0-31-10
X-TMASE-Version: IMSVA-9.1.0.1817-8.5.1020-24662.006
X-TMASE-Result: 10--19.052700-10.000000
X-TMASE-MatchedRID: oIksAoV5oL99QcxfBAGaqLSkeRV328rMVaIFkbBGkf4cNByoSo036USu
	ywxB3EjkEdGUJk3nAHTUe7Xjz/r6oaXgCCul34T6ystXWIjli5nfVqwz+CynaRgO7sCGTR0NXF/
	PXQ6xePlXoWfCQzKBl153Jz3EoJGotAnihQXnq+iBFNZJ/RfzGY7P8sslRxoeyaqtcUsWOxbppf
	xNgiuPW4VkJmWfrkeOm3oThgo4i6jmIYJs6zUwayYRREGYqtmUfXvPH4KJJbMML9Wb3Qh/hXQ04
	Hb6wtweD1skzUfN+mT55JmpHpqtx257zlzJSSCUngIgpj8eDcBpkajQR5gb3qbyPFGTn+O4V0Hs
	VO4KIjD3FLeZXNZS4DjAdLIal4R6YpuI7ut+CYZ8ogdC6LvtD56aHf9VC8c/7sgXdcX5JSQ0GX8
	x3l1V+g==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_B4DE137BDB63634BAC03BD9DE765F197028B24CA23VENUS1inmegat_"

--_000_B4DE137BDB63634BAC03BD9DE765F197028B24CA23VENUS1inmegat_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello:

Can someone help to confirm if EDK2 supports multiple Host Name support.

We need to have an environment where the HTTPS request should work fine for=
 IP & Host Name based access. When we create certificates with CN as Host N=
ame and SAN as IP TLS Handshake works only for Host Name and it provides Ha=
ndshake Error when the request are IP Based.

If this question need to be raised in other forum please help to redirect.

-Siva

--_000_B4DE137BDB63634BAC03BD9DE765F197028B24CA23VENUS1inmegat_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hello:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Can someone help to confirm if EDK2 supports multipl=
e Host Name support.
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">We need to have an environment where the HTTPS reque=
st should work fine for IP &amp; Host Name based access. When we create cer=
tificates
<b>with CN as Host Name and SAN as IP</b> TLS Handshake works only for Host=
 Name and it provides Handshake Error when the request are IP Based.
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">If this question need to be raised in other forum pl=
ease help to redirect.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">-Siva<o:p></o:p></p>
</div>
</body>
</html>

--_000_B4DE137BDB63634BAC03BD9DE765F197028B24CA23VENUS1inmegat_--

From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=none, err=SPF record not found (domain: amiindia.co.in, ip: 203.199.198.232, mailfrom: sivaramann@amiindia.co.in)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [203.199.198.232])
 by groups.io with SMTP; Wed, 19 Jun 2019 04:51:50 -0700
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id DD31A82047;
	Wed, 19 Jun 2019 17:27:56 +0530 (IST)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id D0BBA82046;
	Wed, 19 Jun 2019 17:27:56 +0530 (IST)
Received: from webmail.amiindia.co.in (venus2.in.megatrends.com [10.0.0.7])
	by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTPS;
	Wed, 19 Jun 2019 17:27:56 +0530 (IST)
Received: from VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5]) by
 Venus2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b%14]) with mapi id
 14.03.0248.002; Wed, 19 Jun 2019 17:21:47 +0530
From: "Sivaraman Nainar" <sivaramann@amiindia.co.in>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "jiaxin.wu@intel.com" <jiaxin.wu@intel.com>, "siyuan.fu@intel.com"
	<siyuan.fu@intel.com>
Subject: Re: reg: Multiple Host Name Certificate
Thread-Topic: reg: Multiple Host Name Certificate
Thread-Index: AdUdEU/YOJCwI83rSEewSBlyL6o3LgJhAE4g
Date: Wed, 19 Jun 2019 11:51:46 +0000
Message-ID: <B4DE137BDB63634BAC03BD9DE765F197028B255A3A@VENUS1.in.megatrends.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.0.0.193]
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.1817-8.5.0.1020-24692.004
X-TM-AS-Result: No--23.447-5.0-31-10
X-imss-scan-details: No--23.447-5.0-31-10
X-TMASE-Version: IMSVA-9.1.0.1817-8.5.1020-24692.004
X-TMASE-Result: 10--23.447100-10.000000
X-TMASE-MatchedRID: byfwvk+IcRnTi04NASO/NbxygpRxo469b4EbH+L/ZAh646N1/Xvgx0a+
	4Fduu7Bi6qK8U7PRgAyM51YkROHwvqcF7sDdoK+lqg0gbtLVIa9kAa0IkTbdiDL/GHoao0dVPgW
	v2b2QUUqrWPplENhKjNWZzfOfKM8GU6k75K+J6PD9KXlxhBAZb5hwKdlCfPk8StFk/81wIJKQM2
	zg4yhfEpqEb+LwlrVjt1gVV8hFpdLvOC1QV7aBzlnAtIGDGCFo+eBf9ovw8I0j0vSXSt1uP24GP
	EMJeKPOJFfll7wWwfAB/+giEOsxzFy8LiE9LxheIj0zFI5DoJLAtpDNMLs81qTsE8Z/jrr+rbLL
	S7yjp8Xiw58YCDZAjBmqiNQHW7o5bnvOXMlJIJSeAiCmPx4NwGmRqNBHmBvepvI8UZOf47hXQex
	U7goiMPcUt5lc1lLgOMB0shqXhHowggALTp3zzEg//FWLgnPfsoPUq/ww4cIV0e3DEyjrid6lQp
	RvkCBM
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_B4DE137BDB63634BAC03BD9DE765F197028B255A3AVENUS1inmegat_"

--_000_B4DE137BDB63634BAC03BD9DE765F197028B255A3AVENUS1inmegat_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Can you please help to confirm the behavior

From: Sivaraman Nainar
Sent: Friday, June 7, 2019 2:48 PM
To: devel@edk2.groups.io
Subject: reg: Multiple Host Name Certificate

Hello:

Can someone help to confirm if EDK2 supports multiple Host Name support.

We need to have an environment where the HTTPS request should work fine for=
 IP & Host Name based access. When we create certificates with CN as Host N=
ame and SAN as IP TLS Handshake works only for Host Name and it provides Ha=
ndshake Error when the request are IP Based.

If this question need to be raised in other forum please help to redirect.

-Siva

--_000_B4DE137BDB63634BAC03BD9DE765F197028B255A3AVENUS1inmegat_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">Can you please help to=
 confirm the behavior<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Sivaraman Nainar <br>
<b>Sent:</b> Friday, June 7, 2019 2:48 PM<br>
<b>To:</b> devel@edk2.groups.io<br>
<b>Subject:</b> reg: Multiple Host Name Certificate<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Hello:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Can someone help to confirm if EDK2 supports multipl=
e Host Name support.
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">We need to have an environment where the HTTPS reque=
st should work fine for IP &amp; Host Name based access. When we create cer=
tificates
<b>with CN as Host Name and SAN as IP</b> TLS Handshake works only for Host=
 Name and it provides Handshake Error when the request are IP Based.
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">If this question need to be raised in other forum pl=
ease help to redirect.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">-Siva<o:p></o:p></p>
</div>
</body>
</html>

--_000_B4DE137BDB63634BAC03BD9DE765F197028B255A3AVENUS1inmegat_--

From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=X6KBcA9v;
 spf=none, err=permanent DNS error (domain: merlin.srs.infradead.org, ip: 205.233.59.134, mailfrom: batv+d60b494a64d95ca09138+5779+infradead.org+dwmw2@merlin.srs.infradead.org)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
 by groups.io with SMTP; Thu, 20 Jun 2019 03:47:47 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=merlin.20170209; h=Mime-Version:Content-Type:References:
	In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	 bh=LK++/02wdGzXdayLs64Kr3zsd7sLDVvtEMvX4W4gIuE=; b=X6KBcA9v5I+EivHKI2KOsul+8
	QzOJRzfkfRUBVoKIXH14iQ2Ue99vWMoXT+B0ay6bHyZtF7DLNXTHcdTQZZ5kY0uf3z10UD7M+y33R
	TGvG3k292gcZpvW8Bbh8uyF6683+m0kdblbIkkorPvkBW6UxDOG1xMhwjerjTfPJxfFQDcOtGhZIZ
	LMg3i7hLAtXZ6ZGPzeRUbpXN00rajRrqGu++CiSd+oM3jyPa33EUQy/EdtYQjQPyLiLv8LjqqnfzO
	LC6QasNEJq92tOsjsCXd7XwaOXGmLMQiC/HYv7wXmSHEnRp18yz9r0OUfcFQJzHEFNnAjBrMku2gg
	CbdyHXjAg==;
Received: from 54-240-197-228.amazon.com ([54.240.197.228] helo=u3832b3a9db3152.ant.amazon.com)
	by merlin.infradead.org with esmtpsa (Exim 4.92 #3 (Red Hat Linux))
	id 1hdubV-0005zd-Fw; Thu, 20 Jun 2019 10:47:41 +0000
Message-ID: <1ac12ecc87aa039ba36b64bc394769033f5ecf28.camel@infradead.org>
Subject: Re: [edk2-devel] reg: Multiple Host Name Certificate
From: "David Woodhouse" <dwmw2@infradead.org>
To: devel@edk2.groups.io, sivaramann@amiindia.co.in
Cc: "jiaxin.wu@intel.com" <jiaxin.wu@intel.com>, "siyuan.fu@intel.com"
	 <siyuan.fu@intel.com>
Date: Thu, 20 Jun 2019 11:47:39 +0100
In-Reply-To: <B4DE137BDB63634BAC03BD9DE765F197028B255A3A@VENUS1.in.megatrends.com>
References: 
	<B4DE137BDB63634BAC03BD9DE765F197028B255A3A@VENUS1.in.megatrends.com>
X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.1 
Mime-Version: 1.0
X-SRS-Rewrite: SMTP reverse-path rewritten from <dwmw2@infradead.org> by merlin.infradead.org. See http://www.infradead.org/rpr.html
X-Groupsio-MsgNum: 42635
Content-Type: multipart/signed; micalg="sha-256";
	protocol="application/x-pkcs7-signature";
	boundary="=-doWKV0QbGEFfwl5lIap4"

--=-doWKV0QbGEFfwl5lIap4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2019-06-19 at 11:51 +0000, Sivaraman Nainar wrote:
> Can you please help to confirm the behavior
> =20
> From: Sivaraman Nainar=20
> Sent: Friday, June 7, 2019 2:48 PM
> To: devel@edk2.groups.io
> Subject: reg: Multiple Host Name Certificate
> =20
> Hello:
> =20
> Can someone help to confirm if EDK2 supports multiple Host Name
> support.
> =20
> We need to have an environment where the HTTPS request should work
> fine for IP & Host Name based access. When we create certificates
> with CN as Host Name and SAN as IP TLS Handshake works only for Host
> Name and it provides Handshake Error when the request are IP Based.
> =20
> If this question need to be raised in other forum please help to
> redirect.
> =20


I can't actually see where we do these checks at all. OpenSSL doesn't
do them for us internally (as it doesn't even know the hostname we
happened to use to establish the connection), although it does offer
X509_check_ip() and X509_check_host() functions.=20

=46rom code inspection I'd have guessed that the code would tolerate
*any* valid certificate, even for a host other than the one it actually
attempted to connect to. Surely that can't be true? Where *is* it?



--=-doWKV0QbGEFfwl5lIap4
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCECow
ggUcMIIEBKADAgECAhEA4rtJSHkq7AnpxKUY8ZlYZjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTkwMTAyMDAwMDAwWhcNMjIwMTAxMjM1
OTU5WjAkMSIwIAYJKoZIhvcNAQkBFhNkd213MkBpbmZyYWRlYWQub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAsv3wObLTCbUA7GJqKj9vHGf+Fa+tpkO+ZRVve9EpNsMsfXhvFpb8
RgL8vD+L133wK6csYoDU7zKiAo92FMUWaY1Hy6HqvVr9oevfTV3xhB5rQO1RHJoAfkvhy+wpjo7Q
cXuzkOpibq2YurVStHAiGqAOMGMXhcVGqPuGhcVcVzVUjsvEzAV9Po9K2rpZ52FE4rDkpDK1pBK+
uOAyOkgIg/cD8Kugav5tyapydeWMZRJQH1vMQ6OVT24CyAn2yXm2NgTQMS1mpzStP2ioPtTnszIQ
Ih7ASVzhV6csHb8Yrkx8mgllOyrt9Y2kWRRJFm/FPRNEurOeNV6lnYAXOymVJwIDAQABo4IB0zCC
Ac8wHwYDVR0jBBgwFoAUgq9sjPjF/pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFLfuNf820LvaT4AK
xrGK3EKx1DE7MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMEBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1o
dHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3Js
LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWls
Q0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2Eu
Y29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAeBgNVHREEFzAVgRNkd213MkBpbmZy
YWRlYWQub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQALbSykFusvvVkSIWttcEeifOGGKs7Wx2f5f45b
nv2ghcxK5URjUvCnJhg+soxOMoQLG6+nbhzzb2rLTdRVGbvjZH0fOOzq0LShq0EXsqnJbbuwJhK+
PnBtqX5O23PMHutP1l88AtVN+Rb72oSvnD+dK6708JqqUx2MAFLMevrhJRXLjKb2Mm+/8XBpEw+B
7DisN4TMlLB/d55WnT9UPNHmQ+3KFL7QrTO8hYExkU849g58Dn3Nw3oCbMUgny81ocrLlB2Z5fFG
Qu1AdNiBA+kg/UxzyJZpFbKfCITd5yX49bOriL692aMVDyqUvh8fP+T99PqorH4cIJP6OxSTdxKM
MIIFHDCCBASgAwIBAgIRAOK7SUh5KuwJ6cSlGPGZWGYwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo
ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE5MDEwMjAwMDAwMFoXDTIyMDEwMTIz
NTk1OVowJDEiMCAGCSqGSIb3DQEJARYTZHdtdzJAaW5mcmFkZWFkLm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALL98Dmy0wm1AOxiaio/bxxn/hWvraZDvmUVb3vRKTbDLH14bxaW
/EYC/Lw/i9d98CunLGKA1O8yogKPdhTFFmmNR8uh6r1a/aHr301d8YQea0DtURyaAH5L4cvsKY6O
0HF7s5DqYm6tmLq1UrRwIhqgDjBjF4XFRqj7hoXFXFc1VI7LxMwFfT6PStq6WedhROKw5KQytaQS
vrjgMjpICIP3A/CroGr+bcmqcnXljGUSUB9bzEOjlU9uAsgJ9sl5tjYE0DEtZqc0rT9oqD7U57My
ECIewElc4VenLB2/GK5MfJoJZTsq7fWNpFkUSRZvxT0TRLqznjVepZ2AFzsplScCAwEAAaOCAdMw
ggHPMB8GA1UdIwQYMBaAFIKvbIz4xf6WYXzoHz0rcUhexIvAMB0GA1UdDgQWBBS37jX/NtC72k+A
CsaxitxCsdQxOzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
BQcDBAYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYd
aHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny
bC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFp
bENBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2Nh
LmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5m
cmFkZWFkLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAC20spBbrL71ZEiFrbXBHonzhhirO1sdn+X+O
W579oIXMSuVEY1LwpyYYPrKMTjKECxuvp24c829qy03UVRm742R9Hzjs6tC0oatBF7KpyW27sCYS
vj5wbal+TttzzB7rT9ZfPALVTfkW+9qEr5w/nSuu9PCaqlMdjABSzHr64SUVy4ym9jJvv/FwaRMP
gew4rDeEzJSwf3eeVp0/VDzR5kPtyhS+0K0zvIWBMZFPOPYOfA59zcN6AmzFIJ8vNaHKy5QdmeXx
RkLtQHTYgQPpIP1Mc8iWaRWynwiE3ecl+PWzq4i+vdmjFQ8qlL4fHz/k/fT6qKx+HCCT+jsUk3cS
jDCCBeYwggPOoAMCAQICEGqb4Tg7/ytrnwHV2binUlYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MB4XDTEzMDExMDAwMDAwMFoXDTI4MDEwOTIzNTk1OVowgZcxCzAJBgNVBAYT
AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNV
BAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvrOeV6wodnVAFsc4A5jTxhh2IVDzJXkLTLWg0X06WD6cpzEup/Y0dtmEatrQPTRI5Or1u6zf
+bGBSyD9aH95dDSmeny1nxdlYCeXIoymMv6pQHJGNcIDpFDIMypVpVSRsivlJTRENf+RKwrB6vcf
WlP8dSsE3Rfywq09N0ZfxcBa39V0wsGtkGWC+eQKiz4pBZYKjrc5NOpG9qrxpZxyb4o4yNNwTqza
aPpGRqXB7IMjtf7tTmU2jqPMLxFNe1VXj9XB1rHvbRikw8lBoNoSWY66nJN/VCJv5ym6Q0mdCbDK
CMPybTjoNCQuelc0IAaO4nLUXk0BOSxSxt8kCvsUtQIDAQABo4IBPDCCATgwHwYDVR0jBBgwFoAU
u69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFIKvbIz4xf6WYXzoHz0rcUhexIvAMA4GA1Ud
DwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGA1UdIAQKMAgwBgYEVR0gADBMBgNVHR8E
RTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29t
b2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAHhcsoEoNE887l9Wzp+XVuyPomsX9vP2
SQgG1NgvNc3fQP7TcePo7EIMERoh42awGGsma65u/ITse2hKZHzT0CBxhuhb6txM1n/y78e/4ZOs
0j8CGpfb+SJA3GaBQ+394k+z3ZByWPQedXLL1OdK8aRINTsjk/H5Ns77zwbjOKkDamxlpZ4TKSDM
KVmU/PUWNMKSTvtlenlxBhh7ETrN543j/Q6qqgCWgWuMAXijnRglp9fyadqGOncjZjaaSOGTTFB+
E2pvOUtY+hPebuPtTbq7vODqzCM6ryEhNhzf+enm0zlpXK7q332nXttNtjv7VFNYG+I31gnMrwfH
M5tdhYF/8v5UY5g2xANPECTQdu9vWPoqNSGDt87b3gXb1AiGGaI06vzgkejL580ul+9hz9D0S0U4
jkhJiA7EuTecP/CFtR72uYRBcunwwH3fciPjviDDAI9SnC/2aPY8ydehzuZutLbZdRJ5PDEJM/1t
yZR2niOYihZ+FCbtf3D9mB12D4ln9icgc7CwaxpNSCPt8i/GqK2HsOgkL3VYnwtx7cJUmpvVdZ4o
gnzgXtgtdk3ShrtOS1iAN2ZBXFiRmjVzmehoMof06r1xub+85hFQzVxZx5/bRaTKTlL8YXLI8nAb
R9HWdFqzcOoB/hxfEyIQpx9/s81rgzdEZOofSlZHynoSMYIDyjCCA8YCAQEwga0wgZcxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo
ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA4rtJSHkq7AnpxKUY8ZlYZjANBglghkgB
ZQMEAgEFAKCCAe0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkw
NjIwMTA0NzM5WjAvBgkqhkiG9w0BCQQxIgQgP1EmfftCIAMzGHXUbcBfys3AUePg2xbaMsQ7mt9p
fFMwgb4GCSsGAQQBgjcQBDGBsDCBrTCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg
TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx
PTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMIHABgsqhkiG9w0BCRACCzGBsKCBrTCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMA0GCSqGSIb3
DQEBAQUABIIBADZSzAbI88Qu1q1XWF514bhRGHxcqb+VC2i3jzhDoJ0t3NsQjTtRVlQ3gOizXp55
7+kyobXs7UnSsewV2xQyxjIkAGCwohJElGmTT65GDTR1TOa/DD7WEv+hPfR3jMLzVp2UwHpWFABA
9gRVo+VBbGAcUFknnyN7emEbEiXBhd79Xw1by9ZQS1rdRUI/dI51cA8oz3Z2wDwOZXts1MhapVUO
9RCuv2gvDyLJs/VXaBm081foTh/cc2IXIeKDyDpkxHeCDOoi8Fiye9QRQKkKaH2BevSu+QEXXOzR
yB/x/v3Z3f/raxhioLvyWxiS7762zyIQWvYkprK9S9oDADIgCEAAAAAAAAA=

--=-doWKV0QbGEFfwl5lIap4--

From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=none, err=SPF record not found (domain: amiindia.co.in, ip: 203.199.198.232, mailfrom: sivaramann@amiindia.co.in)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [203.199.198.232])
 by groups.io with SMTP; Thu, 20 Jun 2019 04:27:22 -0700
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id C0C8E82047;
	Thu, 20 Jun 2019 17:03:27 +0530 (IST)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id B3D4E82046;
	Thu, 20 Jun 2019 17:03:27 +0530 (IST)
Received: from webmail.amiindia.co.in (venus2.in.megatrends.com [10.0.0.7])
	by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTPS;
	Thu, 20 Jun 2019 17:03:27 +0530 (IST)
Received: from VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5]) by
 Venus2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b%14]) with mapi id
 14.03.0248.002; Thu, 20 Jun 2019 16:57:17 +0530
From: "Sivaraman Nainar" <sivaramann@amiindia.co.in>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "dwmw2@infradead.org"
	<dwmw2@infradead.org>
CC: "jiaxin.wu@intel.com" <jiaxin.wu@intel.com>, "siyuan.fu@intel.com"
	<siyuan.fu@intel.com>
Subject: Re: [edk2-devel] reg: Multiple Host Name Certificate
Thread-Topic: [edk2-devel] reg: Multiple Host Name Certificate
Thread-Index: AdUdEU/YOJCwI83rSEewSBlyL6o3LgJhAE4gACSKXYAADM0YIA==
Date: Thu, 20 Jun 2019 11:27:16 +0000
Message-ID: <B4DE137BDB63634BAC03BD9DE765F197028B2565AD@VENUS1.in.megatrends.com>
References: <B4DE137BDB63634BAC03BD9DE765F197028B255A3A@VENUS1.in.megatrends.com>
 <1ac12ecc87aa039ba36b64bc394769033f5ecf28.camel@infradead.org>
In-Reply-To: <1ac12ecc87aa039ba36b64bc394769033f5ecf28.camel@infradead.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.0.0.193]
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.1817-8.5.0.1020-24696.004
X-TM-AS-Result: No--13.706-5.0-31-10
X-imss-scan-details: No--13.706-5.0-31-10
X-TMASE-Version: IMSVA-9.1.0.1817-8.5.1020-24696.004
X-TMASE-Result: 10--13.705700-10.000000
X-TMASE-MatchedRID: 0dFPYP4mu5TTi04NASO/NbBZAi3nrnzbBnIRIVcCWN/j+qhljKQsKV8g
	kdmvvg/2ZteHIEtEOxtaHQACyuJADoQR9kPVE+jn9m9PbNihg7C3dp6DuD+6wAzvg1/q1MH2ZqO
	FWDadl5Zq029LDKFa+0b5H/7zTJtBpwXuwN2gr6WqDSBu0tUhr2QBrQiRNt2I4867XHcQp7mMod
	71479FTkBPb0Y1Fqy/FybvxwwrSXhLAE9++Koh56MY62qeQBkLHfhlf9G5qF18nvUoj0fEUDWB0
	CN5f9dXwDliGizNwQYfzqKhCiAZpTXcggXei7RXKJYo5K4P1qQ/wMIEnLEMmT07m5a3Vf0jKSjV
	0yxNcw//GfRlWNBSbVdF5UWZ5EPnCFXSZY9QCJ5ZZYpuBxXlgBe7vfm5hIvjJLfQYoCQHFYs+c6
	K4WrFPXYKRapitQBPkZOl7WKIImrS77Co4bNJXWXFUSMoteNWfwO+RRpsStUqtq5d3cxkNQwWxr
	7XDKH8ufunPvnYtmWhFEO95NjVxt8VRkvzOFbiJ0txokgqEf/1ETC/2+HKdQ==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGVsbG8gOg0KDQpUaGlzIHN1cHBvcnQgYWRkZWQgd2hlbiB3ZSBpbnRlZ3JhdGluZyAiVGlhbm9D
b3JlIEJ1ZyA5NjAgKEhUVFBTX0hvc3ROYW1lX1ZhbGlkYXRpb24pIi4gVGhpcyBoYXMgdGhlIHN1
cHBvcnQgZm9yIHBlcmZvcm1pbmcgSG9zdCBOYW1lIHZhbGlkYXRpb24gZHVyaW5nIEhUVFAgT3Bl
cmF0aW9ucy4NCg0KLVNpdmENCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBkZXZl
bEBlZGsyLmdyb3Vwcy5pbyBbbWFpbHRvOmRldmVsQGVkazIuZ3JvdXBzLmlvXSBPbiBCZWhhbGYg
T2YgRGF2aWQgV29vZGhvdXNlDQpTZW50OiBUaHVyc2RheSwgSnVuZSAyMCwgMjAxOSA0OjE4IFBN
DQpUbzogZGV2ZWxAZWRrMi5ncm91cHMuaW87IFNpdmFyYW1hbiBOYWluYXINCkNjOiBqaWF4aW4u
d3VAaW50ZWwuY29tOyBzaXl1YW4uZnVAaW50ZWwuY29tDQpTdWJqZWN0OiBSZTogW2VkazItZGV2
ZWxdIHJlZzogTXVsdGlwbGUgSG9zdCBOYW1lIENlcnRpZmljYXRlDQoNCk9uIFdlZCwgMjAxOS0w
Ni0xOSBhdCAxMTo1MSArMDAwMCwgU2l2YXJhbWFuIE5haW5hciB3cm90ZToNCj4gQ2FuIHlvdSBw
bGVhc2UgaGVscCB0byBjb25maXJtIHRoZSBiZWhhdmlvcg0KPiAgDQo+IEZyb206IFNpdmFyYW1h
biBOYWluYXIgDQo+IFNlbnQ6IEZyaWRheSwgSnVuZSA3LCAyMDE5IDI6NDggUE0NCj4gVG86IGRl
dmVsQGVkazIuZ3JvdXBzLmlvDQo+IFN1YmplY3Q6IHJlZzogTXVsdGlwbGUgSG9zdCBOYW1lIENl
cnRpZmljYXRlDQo+ICANCj4gSGVsbG86DQo+ICANCj4gQ2FuIHNvbWVvbmUgaGVscCB0byBjb25m
aXJtIGlmIEVESzIgc3VwcG9ydHMgbXVsdGlwbGUgSG9zdCBOYW1lDQo+IHN1cHBvcnQuDQo+ICAN
Cj4gV2UgbmVlZCB0byBoYXZlIGFuIGVudmlyb25tZW50IHdoZXJlIHRoZSBIVFRQUyByZXF1ZXN0
IHNob3VsZCB3b3JrDQo+IGZpbmUgZm9yIElQICYgSG9zdCBOYW1lIGJhc2VkIGFjY2Vzcy4gV2hl
biB3ZSBjcmVhdGUgY2VydGlmaWNhdGVzDQo+IHdpdGggQ04gYXMgSG9zdCBOYW1lIGFuZCBTQU4g
YXMgSVAgVExTIEhhbmRzaGFrZSB3b3JrcyBvbmx5IGZvciBIb3N0DQo+IE5hbWUgYW5kIGl0IHBy
b3ZpZGVzIEhhbmRzaGFrZSBFcnJvciB3aGVuIHRoZSByZXF1ZXN0IGFyZSBJUCBCYXNlZC4NCj4g
IA0KPiBJZiB0aGlzIHF1ZXN0aW9uIG5lZWQgdG8gYmUgcmFpc2VkIGluIG90aGVyIGZvcnVtIHBs
ZWFzZSBoZWxwIHRvDQo+IHJlZGlyZWN0Lg0KPiAgDQoNCg0KSSBjYW4ndCBhY3R1YWxseSBzZWUg
d2hlcmUgd2UgZG8gdGhlc2UgY2hlY2tzIGF0IGFsbC4gT3BlblNTTCBkb2Vzbid0DQpkbyB0aGVt
IGZvciB1cyBpbnRlcm5hbGx5IChhcyBpdCBkb2Vzbid0IGV2ZW4ga25vdyB0aGUgaG9zdG5hbWUg
d2UNCmhhcHBlbmVkIHRvIHVzZSB0byBlc3RhYmxpc2ggdGhlIGNvbm5lY3Rpb24pLCBhbHRob3Vn
aCBpdCBkb2VzIG9mZmVyDQpYNTA5X2NoZWNrX2lwKCkgYW5kIFg1MDlfY2hlY2tfaG9zdCgpIGZ1
bmN0aW9ucy4gDQoNCkZyb20gY29kZSBpbnNwZWN0aW9uIEknZCBoYXZlIGd1ZXNzZWQgdGhhdCB0
aGUgY29kZSB3b3VsZCB0b2xlcmF0ZQ0KKmFueSogdmFsaWQgY2VydGlmaWNhdGUsIGV2ZW4gZm9y
IGEgaG9zdCBvdGhlciB0aGFuIHRoZSBvbmUgaXQgYWN0dWFsbHkNCmF0dGVtcHRlZCB0byBjb25u
ZWN0IHRvLiBTdXJlbHkgdGhhdCBjYW4ndCBiZSB0cnVlPyBXaGVyZSAqaXMqIGl0Pw0KDQoNCg0K
DQoNCg==

From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=WgQcnfrP;
 spf=none, err=permanent DNS error (domain: merlin.srs.infradead.org, ip: 205.233.59.134, mailfrom: batv+d60b494a64d95ca09138+5779+infradead.org+dwmw2@merlin.srs.infradead.org)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
 by groups.io with SMTP; Thu, 20 Jun 2019 05:35:54 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=merlin.20170209; h=Mime-Version:Content-Type:References:
	In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	 bh=nJFXFhtaNiNbpXnO5rwgiAIF15kCwfJB6zuvLcGR4RM=; b=WgQcnfrPimHHYY3Tcn9V0plTA
	7MDaONTafCHXhmwZD6S6tEivDnqBTIBoGfckwGdbya0tF+hh6hMeSUKZL+ZSLomU7FLmXmc78luf5
	VrwUrwFh+7ladDhZ0qNYJ1xzoglAjR2dywCa7EjBjve4RUs7SrfJHNJngwKSEZAMIEdPqPQrnhIoD
	n5tk+t4eT40DFDqU9igzOLvNUKO44PsGbh2rmb9EuyBktEFlShmS0LbmoWG9nweL4Mwf7bI0sBvjt
	bUgVcdkmtNYGpc+3EdYQhJDsssSpnAPVmNpKXIiNLkMjpIjyIwcZS3/zneBrErQ1uAiJFQEE5ZQ5B
	9LlQsq/7g==;
Received: from 54-240-197-228.amazon.com ([54.240.197.228] helo=u3832b3a9db3152.ant.amazon.com)
	by merlin.infradead.org with esmtpsa (Exim 4.92 #3 (Red Hat Linux))
	id 1hdwI9-00077l-LB; Thu, 20 Jun 2019 12:35:49 +0000
Message-ID: <c117bafc9dbdae40b348bca41ac6c8c96dc3b948.camel@infradead.org>
Subject: Re: [edk2-devel] reg: Multiple Host Name Certificate
From: "David Woodhouse" <dwmw2@infradead.org>
To: Sivaraman Nainar <sivaramann@amiindia.co.in>, "devel@edk2.groups.io"
	 <devel@edk2.groups.io>
Cc: "jiaxin.wu@intel.com" <jiaxin.wu@intel.com>, "siyuan.fu@intel.com"
	 <siyuan.fu@intel.com>
Date: Thu, 20 Jun 2019 13:35:48 +0100
In-Reply-To: <B4DE137BDB63634BAC03BD9DE765F197028B2565AD@VENUS1.in.megatrends.com>
References: 
	<B4DE137BDB63634BAC03BD9DE765F197028B255A3A@VENUS1.in.megatrends.com>
	 <1ac12ecc87aa039ba36b64bc394769033f5ecf28.camel@infradead.org>
	 <B4DE137BDB63634BAC03BD9DE765F197028B2565AD@VENUS1.in.megatrends.com>
X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.1 
Mime-Version: 1.0
X-SRS-Rewrite: SMTP reverse-path rewritten from <dwmw2@infradead.org> by merlin.infradead.org. See http://www.infradead.org/rpr.html
X-Groupsio-MsgNum: 42637
Content-Type: multipart/signed; micalg="sha-256";
	protocol="application/x-pkcs7-signature";
	boundary="=-KIy/Xy2ay5hUm0nBWlTk"

--=-KIy/Xy2ay5hUm0nBWlTk
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2019-06-20 at 11:27 +0000, Sivaraman Nainar wrote:
> This support added when we integrating "TianoCore Bug 960
> (HTTPS_HostName_Validation)". This has the support for performing
> Host Name validation during HTTP Operations.

Hm, I can't see bug 960, at least not without and account =E2=80=94 and
bugzilla is sending its messages from an invalid address so registering
an account failed on the first attempt. I'll add it to the "known
broken senders" list and try again... in the meantime, do you have a
link to the code please?=20

--=-KIy/Xy2ay5hUm0nBWlTk
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCECow
ggUcMIIEBKADAgECAhEA4rtJSHkq7AnpxKUY8ZlYZjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTkwMTAyMDAwMDAwWhcNMjIwMTAxMjM1
OTU5WjAkMSIwIAYJKoZIhvcNAQkBFhNkd213MkBpbmZyYWRlYWQub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAsv3wObLTCbUA7GJqKj9vHGf+Fa+tpkO+ZRVve9EpNsMsfXhvFpb8
RgL8vD+L133wK6csYoDU7zKiAo92FMUWaY1Hy6HqvVr9oevfTV3xhB5rQO1RHJoAfkvhy+wpjo7Q
cXuzkOpibq2YurVStHAiGqAOMGMXhcVGqPuGhcVcVzVUjsvEzAV9Po9K2rpZ52FE4rDkpDK1pBK+
uOAyOkgIg/cD8Kugav5tyapydeWMZRJQH1vMQ6OVT24CyAn2yXm2NgTQMS1mpzStP2ioPtTnszIQ
Ih7ASVzhV6csHb8Yrkx8mgllOyrt9Y2kWRRJFm/FPRNEurOeNV6lnYAXOymVJwIDAQABo4IB0zCC
Ac8wHwYDVR0jBBgwFoAUgq9sjPjF/pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFLfuNf820LvaT4AK
xrGK3EKx1DE7MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMEBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1o
dHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3Js
LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWls
Q0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2Eu
Y29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAeBgNVHREEFzAVgRNkd213MkBpbmZy
YWRlYWQub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQALbSykFusvvVkSIWttcEeifOGGKs7Wx2f5f45b
nv2ghcxK5URjUvCnJhg+soxOMoQLG6+nbhzzb2rLTdRVGbvjZH0fOOzq0LShq0EXsqnJbbuwJhK+
PnBtqX5O23PMHutP1l88AtVN+Rb72oSvnD+dK6708JqqUx2MAFLMevrhJRXLjKb2Mm+/8XBpEw+B
7DisN4TMlLB/d55WnT9UPNHmQ+3KFL7QrTO8hYExkU849g58Dn3Nw3oCbMUgny81ocrLlB2Z5fFG
Qu1AdNiBA+kg/UxzyJZpFbKfCITd5yX49bOriL692aMVDyqUvh8fP+T99PqorH4cIJP6OxSTdxKM
MIIFHDCCBASgAwIBAgIRAOK7SUh5KuwJ6cSlGPGZWGYwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo
ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE5MDEwMjAwMDAwMFoXDTIyMDEwMTIz
NTk1OVowJDEiMCAGCSqGSIb3DQEJARYTZHdtdzJAaW5mcmFkZWFkLm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALL98Dmy0wm1AOxiaio/bxxn/hWvraZDvmUVb3vRKTbDLH14bxaW
/EYC/Lw/i9d98CunLGKA1O8yogKPdhTFFmmNR8uh6r1a/aHr301d8YQea0DtURyaAH5L4cvsKY6O
0HF7s5DqYm6tmLq1UrRwIhqgDjBjF4XFRqj7hoXFXFc1VI7LxMwFfT6PStq6WedhROKw5KQytaQS
vrjgMjpICIP3A/CroGr+bcmqcnXljGUSUB9bzEOjlU9uAsgJ9sl5tjYE0DEtZqc0rT9oqD7U57My
ECIewElc4VenLB2/GK5MfJoJZTsq7fWNpFkUSRZvxT0TRLqznjVepZ2AFzsplScCAwEAAaOCAdMw
ggHPMB8GA1UdIwQYMBaAFIKvbIz4xf6WYXzoHz0rcUhexIvAMB0GA1UdDgQWBBS37jX/NtC72k+A
CsaxitxCsdQxOzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
BQcDBAYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYd
aHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny
bC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFp
bENBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2Nh
LmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5m
cmFkZWFkLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAC20spBbrL71ZEiFrbXBHonzhhirO1sdn+X+O
W579oIXMSuVEY1LwpyYYPrKMTjKECxuvp24c829qy03UVRm742R9Hzjs6tC0oatBF7KpyW27sCYS
vj5wbal+TttzzB7rT9ZfPALVTfkW+9qEr5w/nSuu9PCaqlMdjABSzHr64SUVy4ym9jJvv/FwaRMP
gew4rDeEzJSwf3eeVp0/VDzR5kPtyhS+0K0zvIWBMZFPOPYOfA59zcN6AmzFIJ8vNaHKy5QdmeXx
RkLtQHTYgQPpIP1Mc8iWaRWynwiE3ecl+PWzq4i+vdmjFQ8qlL4fHz/k/fT6qKx+HCCT+jsUk3cS
jDCCBeYwggPOoAMCAQICEGqb4Tg7/ytrnwHV2binUlYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MB4XDTEzMDExMDAwMDAwMFoXDTI4MDEwOTIzNTk1OVowgZcxCzAJBgNVBAYT
AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNV
BAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvrOeV6wodnVAFsc4A5jTxhh2IVDzJXkLTLWg0X06WD6cpzEup/Y0dtmEatrQPTRI5Or1u6zf
+bGBSyD9aH95dDSmeny1nxdlYCeXIoymMv6pQHJGNcIDpFDIMypVpVSRsivlJTRENf+RKwrB6vcf
WlP8dSsE3Rfywq09N0ZfxcBa39V0wsGtkGWC+eQKiz4pBZYKjrc5NOpG9qrxpZxyb4o4yNNwTqza
aPpGRqXB7IMjtf7tTmU2jqPMLxFNe1VXj9XB1rHvbRikw8lBoNoSWY66nJN/VCJv5ym6Q0mdCbDK
CMPybTjoNCQuelc0IAaO4nLUXk0BOSxSxt8kCvsUtQIDAQABo4IBPDCCATgwHwYDVR0jBBgwFoAU
u69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFIKvbIz4xf6WYXzoHz0rcUhexIvAMA4GA1Ud
DwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGA1UdIAQKMAgwBgYEVR0gADBMBgNVHR8E
RTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29t
b2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAHhcsoEoNE887l9Wzp+XVuyPomsX9vP2
SQgG1NgvNc3fQP7TcePo7EIMERoh42awGGsma65u/ITse2hKZHzT0CBxhuhb6txM1n/y78e/4ZOs
0j8CGpfb+SJA3GaBQ+394k+z3ZByWPQedXLL1OdK8aRINTsjk/H5Ns77zwbjOKkDamxlpZ4TKSDM
KVmU/PUWNMKSTvtlenlxBhh7ETrN543j/Q6qqgCWgWuMAXijnRglp9fyadqGOncjZjaaSOGTTFB+
E2pvOUtY+hPebuPtTbq7vODqzCM6ryEhNhzf+enm0zlpXK7q332nXttNtjv7VFNYG+I31gnMrwfH
M5tdhYF/8v5UY5g2xANPECTQdu9vWPoqNSGDt87b3gXb1AiGGaI06vzgkejL580ul+9hz9D0S0U4
jkhJiA7EuTecP/CFtR72uYRBcunwwH3fciPjviDDAI9SnC/2aPY8ydehzuZutLbZdRJ5PDEJM/1t
yZR2niOYihZ+FCbtf3D9mB12D4ln9icgc7CwaxpNSCPt8i/GqK2HsOgkL3VYnwtx7cJUmpvVdZ4o
gnzgXtgtdk3ShrtOS1iAN2ZBXFiRmjVzmehoMof06r1xub+85hFQzVxZx5/bRaTKTlL8YXLI8nAb
R9HWdFqzcOoB/hxfEyIQpx9/s81rgzdEZOofSlZHynoSMYIDyjCCA8YCAQEwga0wgZcxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo
ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA4rtJSHkq7AnpxKUY8ZlYZjANBglghkgB
ZQMEAgEFAKCCAe0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkw
NjIwMTIzNTQ4WjAvBgkqhkiG9w0BCQQxIgQgPmPVWw4noX91gaucaSTgNLgkA1jYo5whYqoROQjO
gtkwgb4GCSsGAQQBgjcQBDGBsDCBrTCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg
TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx
PTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMIHABgsqhkiG9w0BCRACCzGBsKCBrTCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMA0GCSqGSIb3
DQEBAQUABIIBAHLZVRpF2qAGgdFqnJKm2yzyUDHfxBkvm+WSivY397NxnKBgd6kPwFaHmI4I+Wbv
PJiszTV7t1qJZcWreIcS+hrqZHtBsjR+U18S2qm5C8zMQfB1Thxo9tNylq0RqWZLT0+B2Y8PExnB
Tx0rRT0NmbycrrA1t0gEqgTK/BR8a5pzlX4+7Ql0T/Fpp8l2uj2vJdWnE7JIRwABiEo37lDAN4Oh
VWJbMIOhUs5+AwkdQvm3fhf5C3bbYwLEi7x8SoaniRa3KwY9TjnBHiq7Qh4O5FxZbh92QVr5mNRq
OyWFt3v2AEXpyw+m9U3qq2HauB/rOtqTGrvXu84WjeYHhbF3khUAAAAAAAA=

--=-KIy/Xy2ay5hUm0nBWlTk--

From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Thu, 20 Jun 2019 07:28:07 -0700
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id DFAE1308339A;
	Thu, 20 Jun 2019 14:28:01 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-226.ams2.redhat.com [10.36.117.226])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A2BFD60477;
	Thu, 20 Jun 2019 14:28:00 +0000 (UTC)
Subject: Re: [edk2-devel] reg: Multiple Host Name Certificate
To: devel@edk2.groups.io, dwmw2@infradead.org,
 Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: "jiaxin.wu@intel.com" <jiaxin.wu@intel.com>,
 "siyuan.fu@intel.com" <siyuan.fu@intel.com>
References: <B4DE137BDB63634BAC03BD9DE765F197028B255A3A@VENUS1.in.megatrends.com>
 <1ac12ecc87aa039ba36b64bc394769033f5ecf28.camel@infradead.org>
 <B4DE137BDB63634BAC03BD9DE765F197028B2565AD@VENUS1.in.megatrends.com>
 <c117bafc9dbdae40b348bca41ac6c8c96dc3b948.camel@infradead.org>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <4d6fad2a-f052-4444-3a68-7e79aeda2082@redhat.com>
Date: Thu, 20 Jun 2019 16:27:59 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <c117bafc9dbdae40b348bca41ac6c8c96dc3b948.camel@infradead.org>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Thu, 20 Jun 2019 14:28:02 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

Hello David,

On 06/20/19 14:35, David Woodhouse wrote:
> On Thu, 2019-06-20 at 11:27 +0000, Sivaraman Nainar wrote:
>> This support added when we integrating "TianoCore Bug 960
>> (HTTPS_HostName_Validation)". This has the support for performing
>> Host Name validation during HTTP Operations.
>=20
> Hm, I can't see bug 960, at least not without and account =E2=80=94 and
> bugzilla is sending its messages from an invalid address so registering
> an account failed on the first attempt. I'll add it to the "known
> broken senders" list and try again... in the meantime, do you have a
> link to the code please?=20

TianoCore#960 is a security BZ that I had reported on 2018-05-29.

The title of the ticket is

"server certificate with invalid domain name (CN) accepted in
HTTPS-over-IPv6 boot"

It is indeed the bug that you think it is ("From code inspection I'd
have guessed that the code would tolerate *any* valid certificate, even
for a host other than the one it actually attempted to connect to.")

There is still no CVE number assigned.

Patches exist, but have not been posted to the list yet.

--*--

Normally, my above comments (in public) would amount to breaking a live
security embargo. In reality, this is not the case. That's because the
UEFI-2.8 spec has been released meanwhile (in March/April 2019 or so),
addressing Mantis#1921 ("HTTPS hostname validation"). Fixing the edk2
problem required changes to the UEFI spec too.

If you search both UEFI-2.7 and UEFI-2.8 for the enum constant
"EfiTlsVerifyHost", you will find it only in UEFI-2.8. Therefore, the
cat had been let out of the bag when UEFI-2.8 was released. In effect,
*that* ended the embargo on TianoCore#960. The fact that TianoCore#960
is still unreadable to the public (including the attached patches) is
"merely" a technical tidbit. :/

I'm CC'ing you on the BZ now, so you can read it even before it gets
opened up.

Thanks
Laszlo

From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@infradead.org header.s=bombadil.20170209 header.b=eSCFIqRV;
 spf=none, err=permanent DNS error (domain: bombadil.srs.infradead.org, ip: 198.137.202.133, mailfrom: batv+bbdedd61f4b92d35c875+5779+infradead.org+dwmw2@bombadil.srs.infradead.org)
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
 by groups.io with SMTP; Thu, 20 Jun 2019 08:20:46 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=bombadil.20170209; h=Mime-Version:Content-Type:References:
	In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	 bh=gyoWnTTPUf1TQoQXUt6xj8GXEYo9xceZ6Y+b03OiyU0=; b=eSCFIqRVeEenVebiOhsWaPr/a
	fVLmp59r5EUCqdsHwRyBtO9OmPZLDYYFp3SLafajEVOoqXr6dX0MvKTmsnQ6iHCDYptrHDxaDAUJz
	AUndVKLheTN8zBRXKjyGy7A8D27w6lm2qka8VjZofaCafYIpmm9uxdiTqI5nXpVY7OTx58HK7ClJu
	cn0I0jPTthWXcv//tBwvX51jj3W0IWC7p7+x8wtjXl8val1v+91cTiajzKCxRlIkGq/aBe6ooY5jI
	e3LzPO00QVJ9WQ9YCBFtvF6VDTLkYgQcWPY/wfDCSRA7UZu4b4ulkmmtiqoAo3q7mibC0uwVKHEB7
	llAshHorQ==;
Received: from 54-240-197-228.amazon.com ([54.240.197.228] helo=u3832b3a9db3152.ant.amazon.com)
	by bombadil.infradead.org with esmtpsa (Exim 4.92 #3 (Red Hat Linux))
	id 1hdyrj-0000DB-PU; Thu, 20 Jun 2019 15:20:44 +0000
Message-ID: <98a4ab4be8becd19be0695b164d3f9b9b2d89e58.camel@infradead.org>
Subject: Re: [edk2-devel] reg: Multiple Host Name Certificate
From: "David Woodhouse" <dwmw2@infradead.org>
To: devel@edk2.groups.io, lersek@redhat.com, Sivaraman Nainar
	 <sivaramann@amiindia.co.in>
Cc: "jiaxin.wu@intel.com" <jiaxin.wu@intel.com>, "siyuan.fu@intel.com"
	 <siyuan.fu@intel.com>
Date: Thu, 20 Jun 2019 16:20:41 +0100
In-Reply-To: <4d6fad2a-f052-4444-3a68-7e79aeda2082@redhat.com>
References: 
	<B4DE137BDB63634BAC03BD9DE765F197028B255A3A@VENUS1.in.megatrends.com>
	 <1ac12ecc87aa039ba36b64bc394769033f5ecf28.camel@infradead.org>
	 <B4DE137BDB63634BAC03BD9DE765F197028B2565AD@VENUS1.in.megatrends.com>
	 <c117bafc9dbdae40b348bca41ac6c8c96dc3b948.camel@infradead.org>
	 <4d6fad2a-f052-4444-3a68-7e79aeda2082@redhat.com>
X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.1 
Mime-Version: 1.0
X-SRS-Rewrite: SMTP reverse-path rewritten from <dwmw2@infradead.org> by bombadil.infradead.org. See http://www.infradead.org/rpr.html
X-Groupsio-MsgNum: 42649
Content-Type: multipart/signed; micalg="sha-256";
	protocol="application/x-pkcs7-signature";
	boundary="=-/qA2ONImGg1dORCPIe3u"

--=-/qA2ONImGg1dORCPIe3u
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2019-06-20 at 16:27 +0200, Laszlo Ersek wrote:
> It is indeed the bug that you think it is ("From code inspection I'd
> have guessed that the code would tolerate *any* valid certificate, even
> for a host other than the one it actually attempted to connect to.")

:)

> I'm CC'ing you on the BZ now, so you can read it even before it gets
> opened up.

... and I've pointed out the problem in the implementation of
TlsSetVerifyHost(). :)

Thanks.


--=-/qA2ONImGg1dORCPIe3u
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCECow
ggUcMIIEBKADAgECAhEA4rtJSHkq7AnpxKUY8ZlYZjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTkwMTAyMDAwMDAwWhcNMjIwMTAxMjM1
OTU5WjAkMSIwIAYJKoZIhvcNAQkBFhNkd213MkBpbmZyYWRlYWQub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAsv3wObLTCbUA7GJqKj9vHGf+Fa+tpkO+ZRVve9EpNsMsfXhvFpb8
RgL8vD+L133wK6csYoDU7zKiAo92FMUWaY1Hy6HqvVr9oevfTV3xhB5rQO1RHJoAfkvhy+wpjo7Q
cXuzkOpibq2YurVStHAiGqAOMGMXhcVGqPuGhcVcVzVUjsvEzAV9Po9K2rpZ52FE4rDkpDK1pBK+
uOAyOkgIg/cD8Kugav5tyapydeWMZRJQH1vMQ6OVT24CyAn2yXm2NgTQMS1mpzStP2ioPtTnszIQ
Ih7ASVzhV6csHb8Yrkx8mgllOyrt9Y2kWRRJFm/FPRNEurOeNV6lnYAXOymVJwIDAQABo4IB0zCC
Ac8wHwYDVR0jBBgwFoAUgq9sjPjF/pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFLfuNf820LvaT4AK
xrGK3EKx1DE7MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMEBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1o
dHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3Js
LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWls
Q0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2Eu
Y29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAeBgNVHREEFzAVgRNkd213MkBpbmZy
YWRlYWQub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQALbSykFusvvVkSIWttcEeifOGGKs7Wx2f5f45b
nv2ghcxK5URjUvCnJhg+soxOMoQLG6+nbhzzb2rLTdRVGbvjZH0fOOzq0LShq0EXsqnJbbuwJhK+
PnBtqX5O23PMHutP1l88AtVN+Rb72oSvnD+dK6708JqqUx2MAFLMevrhJRXLjKb2Mm+/8XBpEw+B
7DisN4TMlLB/d55WnT9UPNHmQ+3KFL7QrTO8hYExkU849g58Dn3Nw3oCbMUgny81ocrLlB2Z5fFG
Qu1AdNiBA+kg/UxzyJZpFbKfCITd5yX49bOriL692aMVDyqUvh8fP+T99PqorH4cIJP6OxSTdxKM
MIIFHDCCBASgAwIBAgIRAOK7SUh5KuwJ6cSlGPGZWGYwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo
ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE5MDEwMjAwMDAwMFoXDTIyMDEwMTIz
NTk1OVowJDEiMCAGCSqGSIb3DQEJARYTZHdtdzJAaW5mcmFkZWFkLm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALL98Dmy0wm1AOxiaio/bxxn/hWvraZDvmUVb3vRKTbDLH14bxaW
/EYC/Lw/i9d98CunLGKA1O8yogKPdhTFFmmNR8uh6r1a/aHr301d8YQea0DtURyaAH5L4cvsKY6O
0HF7s5DqYm6tmLq1UrRwIhqgDjBjF4XFRqj7hoXFXFc1VI7LxMwFfT6PStq6WedhROKw5KQytaQS
vrjgMjpICIP3A/CroGr+bcmqcnXljGUSUB9bzEOjlU9uAsgJ9sl5tjYE0DEtZqc0rT9oqD7U57My
ECIewElc4VenLB2/GK5MfJoJZTsq7fWNpFkUSRZvxT0TRLqznjVepZ2AFzsplScCAwEAAaOCAdMw
ggHPMB8GA1UdIwQYMBaAFIKvbIz4xf6WYXzoHz0rcUhexIvAMB0GA1UdDgQWBBS37jX/NtC72k+A
CsaxitxCsdQxOzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
BQcDBAYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYd
aHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny
bC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFp
bENBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2Nh
LmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5m
cmFkZWFkLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAC20spBbrL71ZEiFrbXBHonzhhirO1sdn+X+O
W579oIXMSuVEY1LwpyYYPrKMTjKECxuvp24c829qy03UVRm742R9Hzjs6tC0oatBF7KpyW27sCYS
vj5wbal+TttzzB7rT9ZfPALVTfkW+9qEr5w/nSuu9PCaqlMdjABSzHr64SUVy4ym9jJvv/FwaRMP
gew4rDeEzJSwf3eeVp0/VDzR5kPtyhS+0K0zvIWBMZFPOPYOfA59zcN6AmzFIJ8vNaHKy5QdmeXx
RkLtQHTYgQPpIP1Mc8iWaRWynwiE3ecl+PWzq4i+vdmjFQ8qlL4fHz/k/fT6qKx+HCCT+jsUk3cS
jDCCBeYwggPOoAMCAQICEGqb4Tg7/ytrnwHV2binUlYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MB4XDTEzMDExMDAwMDAwMFoXDTI4MDEwOTIzNTk1OVowgZcxCzAJBgNVBAYT
AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNV
BAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvrOeV6wodnVAFsc4A5jTxhh2IVDzJXkLTLWg0X06WD6cpzEup/Y0dtmEatrQPTRI5Or1u6zf
+bGBSyD9aH95dDSmeny1nxdlYCeXIoymMv6pQHJGNcIDpFDIMypVpVSRsivlJTRENf+RKwrB6vcf
WlP8dSsE3Rfywq09N0ZfxcBa39V0wsGtkGWC+eQKiz4pBZYKjrc5NOpG9qrxpZxyb4o4yNNwTqza
aPpGRqXB7IMjtf7tTmU2jqPMLxFNe1VXj9XB1rHvbRikw8lBoNoSWY66nJN/VCJv5ym6Q0mdCbDK
CMPybTjoNCQuelc0IAaO4nLUXk0BOSxSxt8kCvsUtQIDAQABo4IBPDCCATgwHwYDVR0jBBgwFoAU
u69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFIKvbIz4xf6WYXzoHz0rcUhexIvAMA4GA1Ud
DwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGA1UdIAQKMAgwBgYEVR0gADBMBgNVHR8E
RTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29t
b2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAHhcsoEoNE887l9Wzp+XVuyPomsX9vP2
SQgG1NgvNc3fQP7TcePo7EIMERoh42awGGsma65u/ITse2hKZHzT0CBxhuhb6txM1n/y78e/4ZOs
0j8CGpfb+SJA3GaBQ+394k+z3ZByWPQedXLL1OdK8aRINTsjk/H5Ns77zwbjOKkDamxlpZ4TKSDM
KVmU/PUWNMKSTvtlenlxBhh7ETrN543j/Q6qqgCWgWuMAXijnRglp9fyadqGOncjZjaaSOGTTFB+
E2pvOUtY+hPebuPtTbq7vODqzCM6ryEhNhzf+enm0zlpXK7q332nXttNtjv7VFNYG+I31gnMrwfH
M5tdhYF/8v5UY5g2xANPECTQdu9vWPoqNSGDt87b3gXb1AiGGaI06vzgkejL580ul+9hz9D0S0U4
jkhJiA7EuTecP/CFtR72uYRBcunwwH3fciPjviDDAI9SnC/2aPY8ydehzuZutLbZdRJ5PDEJM/1t
yZR2niOYihZ+FCbtf3D9mB12D4ln9icgc7CwaxpNSCPt8i/GqK2HsOgkL3VYnwtx7cJUmpvVdZ4o
gnzgXtgtdk3ShrtOS1iAN2ZBXFiRmjVzmehoMof06r1xub+85hFQzVxZx5/bRaTKTlL8YXLI8nAb
R9HWdFqzcOoB/hxfEyIQpx9/s81rgzdEZOofSlZHynoSMYIDyjCCA8YCAQEwga0wgZcxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo
ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA4rtJSHkq7AnpxKUY8ZlYZjANBglghkgB
ZQMEAgEFAKCCAe0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkw
NjIwMTUyMDQxWjAvBgkqhkiG9w0BCQQxIgQg6V2phXm0pGie2Ra63fviEeEBI5UVi93uqSmDqhad
dtYwgb4GCSsGAQQBgjcQBDGBsDCBrTCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg
TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx
PTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMIHABgsqhkiG9w0BCRACCzGBsKCBrTCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMA0GCSqGSIb3
DQEBAQUABIIBAGmerqjxe5cmC6uNP64AgdgJxwf14wyM7Mugn78YdsHamjx2LjDlXoG3NcVYNEqZ
tZ1buWklPtZaI582rSpAnRQFf94cXBnIaCHfWvt6GZm0a/PaI/kOcjnlqy1YxGvoQ4ZGWBB7fSHf
5OBIEOe94v8rELp25me4vTRuew50Oo+xVzagQ9eUm/Z7Bea6GM9IbJJpy/rld9aV1wQYj3qCLP+6
Qg+lh6gKOY/GMXW4wUR4tTIkxXfOAQrC1nj+/K688EFHsCl8jmwoP4BHP1/DoVxwrms/K1zLkvr6
UGAYWOFFbQqdnkUbl5J8wFZhPe6NG0KwxTBbwSjwp2mipfAP87UAAAAAAAA=

--=-/qA2ONImGg1dORCPIe3u--