From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [14.98.235.2]) by mx.groups.io with SMTP id smtpd.web11.1797.1577164609553681390 for ; Mon, 23 Dec 2019 21:16:50 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=SPF record not found (domain: amiindia.co.in, ip: 14.98.235.2, mailfrom: sivaramann@amiindia.co.in) Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A432082047; Tue, 24 Dec 2019 10:53:57 +0530 (IST) Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9138D82046; Tue, 24 Dec 2019 10:53:57 +0530 (IST) Received: from webmail.amiindia.co.in (venus2.in.megatrends.com [10.0.0.7]) by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTPS; Tue, 24 Dec 2019 10:53:57 +0530 (IST) Received: from VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5]) by Venus2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b%14]) with mapi id 14.03.0248.002; Tue, 24 Dec 2019 10:46:45 +0530 From: "Sivaraman Nainar" To: "devel@edk2.groups.io" , "Wu, Jiaxin" , "Fu, Siyuan" CC: "Madhan B. Santharam" , "Arun Subramanian B" , Arun Sura Soundara Pandian , Bhuvaneshwari M R , Ramesh R. Subject: reg: HTTPS Certificate Validation During Enrollment Thread-Topic: reg: HTTPS Certificate Validation During Enrollment Thread-Index: AdW6GCwZGYQmImgZSdqG4TUNbkHVhg== Date: Tue, 24 Dec 2019 05:16:44 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.0.84.197] MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-TM-AS-Product-Ver: IMSVA-9.1.0.1817-8.5.0.1020-25122.005 X-TM-AS-Result: No--13.546-5.0-31-10 X-imss-scan-details: No--13.546-5.0-31-10 X-TMASE-Version: IMSVA-9.1.0.1817-8.5.1020-25122.005 X-TMASE-Result: 10--13.545500-10.000000 X-TMASE-MatchedRID: oIksAoV5oL8Jhm6TjE4vNSfa1HFVDArQSWg+u4ir2NP/DuDKkEL9Twuf 3weHX1HzLSepnPcDkUIkTcioMeoiVH//aC4gn5TY/Sl5cYQQGW+YcCnZQnz5PErRZP/NcCCSkDN s4OMoXxKahG/i8Ja1Y7dYFVfIRaXS7zgtUFe2gc5ZwLSBgxghaPngX/aL8PCNI9L0l0rdbj9uBj xDCXijziRX5Ze8FsHwAf/oIhDrMcxcvC4hPS8YXiI9MxSOQ6CSwLaQzTC7PNak7BPGf466/mQyu G8zTQXl+gMue9wk4phpX+8EMeDZS5r8q/DaK2EqngIgpj8eDcBpkajQR5gb3qbyPFGTn+O4UUU0 +9x4QK/JzqAJgIs7jrI7zVffJqTzH1QIty8mOoDSzq51J59p5Ykt8pdhOtkm4LOo+/tx1aMcVQc HJ1sHd5Yu8q483clP2QQtk6LgyPD92hgkbrJh1HUkBQY2KPBP X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_B4DE137BDB63634BAC03BD9DE765F197029AE59FEEVENUS1inmegat_" --_000_B4DE137BDB63634BAC03BD9DE765F197029AE59FEEVENUS1inmegat_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello all: Right now the HTTPS Certificates are getting validated during TlsConfigCert= ificate()by HTTPDxe Driver. But during enrollment of certificate via TLSDXE driver, it does not have an= y validation and it keep appending the TLSCaCert variable with the certific= ate provided. Assume an invalid certificate keep loaded via TLS Auth configuration page, = the NVRAM would be filled with garbage. Is there any plan to have certificate validation during Enrollment? -Siva --_000_B4DE137BDB63634BAC03BD9DE765F197029AE59FEEVENUS1inmegat_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello all:

 

Right now the HTTPS Certificates are getting validat= ed during TlsConfigCertificate()by HTTPDxe Driver.

 

But during enrollment of certificate via TLSDXE driv= er, it does not have any validation and it keep appending the TLSCaCert var= iable with the certificate provided.

 

Assume an invalid certificate keep loaded via TLS Au= th configuration page, the NVRAM would be filled with garbage.

 

Is there any plan to have certificate validation dur= ing Enrollment?

 

-Siva

--_000_B4DE137BDB63634BAC03BD9DE765F197029AE59FEEVENUS1inmegat_--