Hello all:

 

Need a clarification on the Host Name support added in the HTTP Boot.

 

When certificates are generated with the Wild Card in the SAN  the host name validation is getting failed with the below error codes.

Ex: DNS Name=*.ami.internal-test.com

 

TlsDoHandshake SSL_HANDSHAKE_ERROR State=0x4 SSL_ERROR_SSL

TlsDoHandshake ERROR 0x1416F086=L14:F16F:R86

Http Request failed. Code=Aborted

 

If the Host verify flag is changed from

HttpInstance->TlsConfigData.VerifyHost.Flags    = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS;

To

HttpInstance->TlsConfigData.VerifyHost.Flags    =  EFI_TLS_VERIFY_FLAG_NONE;

 

Then the Http request can pass.

 

Is the host Name support strictly not allowing Wild card support? In this case do we need to have multiple Certiricate to have each URL with exact Host Name?

 

Thanks

Siva