From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0721.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe49::721]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4D7701A1E27 for ; Fri, 29 Jul 2016 15:32:32 -0700 (PDT) Received: from CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM (10.162.189.30) by CS1PR84MB0149.NAMPRD84.PROD.OUTLOOK.COM (10.162.189.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.15; Fri, 29 Jul 2016 22:32:30 +0000 Received: from CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM ([10.162.189.30]) by CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM ([10.162.189.30]) with mapi id 15.01.0549.016; Fri, 29 Jul 2016 22:32:29 +0000 From: "Palmer, Thomas" To: Jiaxin Wu , "edk2-devel@lists.01.org" CC: Samer El-Haj-Mahmoud , Long Qin , Ye Ting , Fu Siyuan Thread-Topic: [staging/HTTPS-TLS][PATCH 2/2] NetworkPkg: Continue the session even no local cert found Thread-Index: AQHR2BpN6MLhNVp8Ek6gUMW89ep+26AwIepA Date: Fri, 29 Jul 2016 22:32:29 +0000 Message-ID: References: <1467873537-32344-1-git-send-email-jiaxin.wu@intel.com> <1467873537-32344-3-git-send-email-jiaxin.wu@intel.com> In-Reply-To: <1467873537-32344-3-git-send-email-jiaxin.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.palmer@hpe.com; x-originating-ip: [15.203.227.4] x-ms-office365-filtering-correlation-id: 235dc8ad-65e2-43f0-99ec-08d3b8003994 x-microsoft-exchange-diagnostics: 1; CS1PR84MB0149; 6:+phv3trDR0ejJ2jqyESLIiKZD84bFHHLQkmkysPygquQmOXfxZFRvDEPMzTLoAEqFYnYhSBIjUexX507dRLQWJFu6sKAX76gIwPqI09kLVynpMOIwy98UjQH+h6f8bl4ZLdInR/+aeX1LnLRg/GmUco76ocmbhLFGU2lYBl5+5+iO7ZGlxMSL+22M2VrlTmvNaf6M5M6/06V2SmOQVQam0erubs+ECj+pn3DqX98rnIlkBUM8lOinRa7KpWVrHkgUzwxhr62TYy3dMS2IzfdANBvfcWTmztz1+xmwc2i1b6+hakqo+k0uWNpwXSOmzrAwbWK3TB5aATn8a2syyqJNg==; 5:scgOyNxgThFGNOYD7lK6u4t0i5lwn7tSkv1nqeQAVMhjTvEOr8kXBwUjv6Ff3TAzUTs13rze7UZ+WrAVr5jBKDNbb+l9xFvyXegmeAL78M2FZaIbbNZqwrbNR1zuoSRWD8C6Xve+W+FN6aewgDkGhg==; 24:Nfr9M36PP3vE+Xrfm12n2LmNCU2vxcChEGYiMm2d9W4JUQA+uIEEC7T9PJ0V7n12jQWFA4tuUqg+P7dODtP/CEsm5AHdO1H4nJvMiHB6ttA=; 7:4BTarMH6foycriIWW0LaILr6flp8uK8GsyOu7/72pKZHqvkQF6eKW54BnExJGqeheZE5PyXr2iNY2IXo5SPdoaep3tF2/TfNRq7QLKy7urLh/LvYBPviz8345sw5WUc2l1XdWaqGFlU0ipK4E5opG/hkafsL2S+cJvIzVsC65bauau31lUIcmnNLEwy+m1Rd4IcEOcsNgCr876VXUaheBZrxtdtCLN23oNM713J7PNPbFAuf2GGJa30CMVU3Zhvr x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CS1PR84MB0149; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(227479698468861)(3940261145250)(162533806227266)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:CS1PR84MB0149; BCL:0; PCL:0; RULEID:; SRVR:CS1PR84MB0149; x-forefront-prvs: 0018A2705B x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(377454003)(189002)(199003)(13464003)(8676002)(2900100001)(3280700002)(106356001)(81156014)(74316002)(106116001)(33656002)(97736004)(2501003)(189998001)(77096005)(3660700001)(8936002)(5001770100001)(4326007)(86362001)(2906002)(81166006)(2950100001)(87936001)(305945005)(92566002)(7736002)(586003)(66066001)(122556002)(9686002)(19580395003)(68736007)(6116002)(19580405001)(10400500002)(102836003)(3846002)(5002640100001)(54356999)(105586002)(99286002)(101416001)(7696003)(76176999)(50986999)(7846002); DIR:OUT; SFP:1102; SCL:1; SRVR:CS1PR84MB0149; H:CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: hpe.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: hpe.com X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2016 22:32:29.3961 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc X-MS-Exchange-Transport-CrossTenantHeadersStamped: CS1PR84MB0149 Subject: Re: [staging/HTTPS-TLS][PATCH 2/2] NetworkPkg: Continue the session even no local cert found X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jul 2016 22:32:32 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed by Thomas Palmer -----Original Message----- From: Jiaxin Wu [mailto:jiaxin.wu@intel.com]=20 Sent: Thursday, July 7, 2016 1:39 AM To: edk2-devel@lists.01.org Cc: Palmer, Thomas ; Samer El-Haj-Mahmoud ; Long Qin ; Ye Ting ; Fu= Siyuan Subject: [staging/HTTPS-TLS][PATCH 2/2] NetworkPkg: Continue the session ev= en no local cert found This patch did following updates: * To support "Live Certificate" case, allow to continue the session even no= local cert found. * Fix potential assert issue when connection failed. Cc: Palmer Thomas Cc: Samer El-Haj-Mahmoud Cc: Long Qin Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/HttpDxe/HttpsSupport.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu= pport.c index 36f658c..969225d 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -531,14 +531,14 @@ TlsConfigureSession ( if (EFI_ERROR (Status)) { goto ERROR; } =20 // - // Tls Config Certificate + // Tls Config Certificate if 'TlsCaCertificate' variable existed.=20 // Status =3D TlsConfigCertificate (HttpInstance); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) && Status !=3D EFI_NOT_FOUND) { DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n")); goto ERROR; } =20 // @@ -1184,11 +1184,13 @@ TlsConnectSession ( if(HttpInstance->TlsSessionState =3D=3D EfiTlsSessionError) { =20 return EFI_ABORTED; =20 } } =20 - ASSERT(HttpInstance->TlsSessionState =3D=3D EfiTlsSessionDataTransferrin= g); + if (HttpInstance->TlsSessionState !=3D EfiTlsSessionDataTransferring) { + Status =3D EFI_ABORTED; + } =20 return Status; } =20 /** -- 1.9.5.msysgit.1