From: "Xiaoyu Lu" <xiaoyux.lu@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"rebecca@bluestop.org" <rebecca@bluestop.org>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>, Laszlo Ersek <lersek@redhat.com>
Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
Date: Wed, 19 Jun 2019 08:07:33 +0000 [thread overview]
Message-ID: <BFD21A70FD4B3446B866B6088E3259E50B977951@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <49280c46-1faa-5f3a-72ad-36f79c4473f6@bluestop.org>
Hi bcran,
> -----Original Message-----
> From: Rebecca Cran [mailto:rebecca@bluestop.org]
> Sent: Wednesday, June 19, 2019 5:27 AM
> To: Lu, XiaoyuX <xiaoyux.lu@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Laszlo Ersek <lersek@redhat.com>
> Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't
> find TLS Service Binding Protocol
>
> On 2019-06-18 11:53, rebecca@bluestop.org wrote:
> > On 2019-06-18 02:52, Lu, XiaoyuX wrote:
> >> I test this in my own environment, It works well.
> >> The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461
> >> Build command:
> >> build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D
> NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE
> >> DHCP server: Internet Systems Consortium DHCP Server 4.3.3
> >>
> >> Do you enroll your ca cert in Tls Auth Configuration?
> >> Could you give us more information?
> >
> > I set up a Linux environment to test, and found that it does actually
> > work there after all. So it seems the breakage is limited to running
> > OVMF built on FreeBSD, which I'll work on myself to fix.
> >
> >
>
> Sorry - actually, I realized I was only testing the NOOPT build on
> FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE
> does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT
> doesn't.
>
>
> Could you check if the NOOPT OVMF build works with HTTPS on your
> system,
> please?
>
Thanks for your information. I checked the NOOPT OVMF in linux environment, it failed too.
I think compiler optimization hides this problem.
By default, OpenSSL will auto load config file. But UEFI don't use it.
And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change openssl_config_int
function will cause this problem.
And I made a patch for it. You can find it at
https://edk2.groups.io/g/devel/message/42577
Thanks,
Xiaoyu
>
> --
> Rebecca Cran
next prev parent reply other threads:[~2019-06-19 8:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <15A91C212A9A35C2.15755@groups.io>
2019-06-18 0:43 ` [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol rebecca
2019-06-18 8:52 ` Xiaoyu Lu
2019-06-18 17:53 ` rebecca
[not found] ` <15A95C72ACE0D0D5.4869@groups.io>
2019-06-18 21:26 ` rebecca
2019-06-19 8:07 ` Xiaoyu Lu [this message]
2019-06-19 13:40 ` rebecca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BFD21A70FD4B3446B866B6088E3259E50B977951@SHSMSX101.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox