From: "Nickle Wang" <nicklew@nvidia.com>
To: Michael Brown <mcb30@ipxe.org>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>,
Siyuan Fu <siyuan.fu@intel.com>,
Abner Chang <abner.chang@amd.com>,
Igor Kulchytskyy <igork@ami.com>,
Nick Ramirez <nramirez@nvidia.com>
Subject: Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify
Date: Wed, 1 Feb 2023 11:06:55 +0000 [thread overview]
Message-ID: <MW4PR12MB7031CEF49744E284D2EE1D97D9D19@MW4PR12MB7031.namprd12.prod.outlook.com> (raw)
In-Reply-To: <010201860c96846b-a8bde2d8-b485-4c67-8946-70263fa807d9-000000@eu-west-1.amazonses.com>
[-- Attachment #1: Type: text/plain, Size: 2055 bytes --]
Hi Michael,
Thanks for catching this. To prevent the change to data structure, would you suggest me to create new interface in EFI_HTTP_PROTOCOL and disable TLS host verify?
Regards,
Nickle
________________________________
From: Michael Brown <mcb30@ipxe.org>
Sent: Wednesday, February 1, 2023 6:47 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>; Nickle Wang <nicklew@nvidia.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>; Siyuan Fu <siyuan.fu@intel.com>; Abner Chang <abner.chang@amd.com>; Igor Kulchytskyy <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
Subject: Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify
External email: Use caution opening links or attachments
On 01/02/2023 03:46, Nickle Wang via groups.io wrote:
> diff --git a/MdePkg/Include/Protocol/Http.h b/MdePkg/Include/Protocol/Http.h
> index 28e6221593..21a782eaac 100644
> --- a/MdePkg/Include/Protocol/Http.h
> +++ b/MdePkg/Include/Protocol/Http.h
> @@ -6,6 +6,7 @@
>
> Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
> (C) Copyright 2015-2017 Hewlett Packard Enterprise Development LP<BR>
> + Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @par Revision Reference:
> @@ -161,6 +162,10 @@ typedef struct {
> /// this instance will use EFI_DNS6_PROTOCOL and EFI_TCP6_PROTOCOL.
> ///
> BOOLEAN LocalAddressIsIPv6;
> + ///
> + /// Verify server certificate during HTTPS handshake.
> + ///
> + BOOLEAN HostCertificateVerifyDisabled;
>
> union {
> ///
This change would break the ABI by changing the layout of a data
structure defined in the UEFI specification.
Even worse, it does so by inserting a field into the middle of a
structure: an ABI mismatch would result in one side attempting to
dereference the BOOLEAN value as a pointer.
Nacked-by: Michael Brown <mcb30@ipxe.org>
Thanks,
Michael
[-- Attachment #2: Type: text/html, Size: 4402 bytes --]
next prev parent reply other threads:[~2023-02-01 11:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-01 3:46 [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify Nickle Wang
2023-02-01 10:47 ` [edk2-devel] " Michael Brown
2023-02-01 11:06 ` Nickle Wang [this message]
2023-02-01 11:27 ` Michael Brown
2023-02-02 6:34 ` Nickle Wang
[not found] ` <173FEE62613A7ADA.16586@groups.io>
2023-03-07 8:21 ` Nickle Wang
2023-03-07 10:19 ` Michael Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR12MB7031CEF49744E284D2EE1D97D9D19@MW4PR12MB7031.namprd12.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox