From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web09.2898.1634093430530654874 for ; Tue, 12 Oct 2021 19:50:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=v38AUHHH; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10135"; a="227227357" X-IronPort-AV: E=Sophos;i="5.85,369,1624345200"; d="scan'208";a="227227357" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Oct 2021 19:50:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,369,1624345200"; d="scan'208";a="626179867" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga001.fm.intel.com with ESMTP; 12 Oct 2021 19:50:28 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Tue, 12 Oct 2021 19:50:28 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Tue, 12 Oct 2021 19:50:28 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.40) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Tue, 12 Oct 2021 19:50:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ApRdbIXiEw4cemBM+apmd/kUfEqhNfNIMntDNFNO6zf1QCNEi1cHZL2MU1NDRw5ThvaN5yVJYPZtwLkb99Ni+VFTZJDRDen+eE+cplFMrtsXvpzGbOdiakLfK5WTGGbo+wCMw971Jnu9GihppTPwNHwwPaI8TX+t3OqNM/bScdo4EmkFuvvWEpmH/IvA6XV77J7iCGoIzZiM+MPx3DokvRP6Zo5UpzT/hf3FJBOaa/NzqlGZsd7ykX+zfxwt+6roVpjDDRxedaIMpPQ/QWXSONgQx6Ha2tBqJ28fdRbpQ7QcOo/lwFOArOo61PLgBgArNy5JB28iozqLpZ6VVeaZUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/gym0E0P0SXk1niPqX8reYo6eGsAhWkXwmgJCKEA6bE=; b=E0TyBIBOwSKrfYyHcGV/7jnbmoNjd+P0IoAtbPJKH7Q2aHBAD/ywLICoWbv2Dn2+mp3pe9MglsWXnxPSdmYE6ChX2bGZhf8V/KL9PlYfJKSW8DIZ88EFcAWhYiY7TJlK8g9pWw+QLW/sxcj+fw7VeCFF7Esartx9J4GN6QTJoC7jHrbCuuny1SXZrEfocqTA6ozNrJ2cwwBjzK0mZOa3cTY96YEm+K+evYQ9YT+KIXDQuvX0DkNNpNS5KnKJIfJhWJShd00hY57+gmFJWPWWhGgOfwh8p+u0U3VOJdZy0qeL5GxwMPcYOkwUKBIi2YQlhqFupVh3vgdH5PX1897v/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/gym0E0P0SXk1niPqX8reYo6eGsAhWkXwmgJCKEA6bE=; b=v38AUHHHCNW1Js5/ULPYbK+Z/RFxu4hJxiTd3qO+uggfkPMomad1g9XEBT5d2vZlEkHGrz7XxWkOk6O/ObyzR1X2yHUPz0JMZnWLryiSXafYR09cItDdf7LnSV112mGfgvOfeV8eNAMA9UnQTjUw/hqv1T35ESVPK/O6NM1gUqo= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH7PR11MB5885.namprd11.prod.outlook.com (2603:10b6:510:134::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.20; Wed, 13 Oct 2021 02:50:27 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::c5cb:e37a:9f3:8f80]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::c5cb:e37a:9f3:8f80%6]) with mapi id 15.20.4608.014; Wed, 13 Oct 2021 02:50:27 +0000 From: "Yao, Jiewen" To: Vineel Kovvuri , "devel@edk2.groups.io" , "sean.brogan@microsoft.com" , "bret.barkelew@microsoft.com" , "Michael.Turner@microsoft.com" CC: Vineel Kovvuri Subject: Re: [PATCH 2/2] Allow wildcards in hostname Thread-Topic: [PATCH 2/2] Allow wildcards in hostname Thread-Index: AQHXvytp1ynBtiHOuU631TEEoWI926vQOnDw Date: Wed, 13 Oct 2021 02:50:26 +0000 Message-ID: References: <06e1abfade77dbf913e3e25f1e26dfc54f550696.1633999992.git.vineelko@microsoft.com> In-Reply-To: <06e1abfade77dbf913e3e25f1e26dfc54f550696.1633999992.git.vineelko@microsoft.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.200.16 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3e29620a-75b7-4fc2-f4ce-08d98df4363b x-ms-traffictypediagnostic: PH7PR11MB5885: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: hVnkFw7fbQ9a2ve625n4KFDVx+OORPglrhozpwFlTuuoswIKKq+stlF7v0xCqgtxGMkkgFxQDpbq/NoWmkXqj8SE81S/ySaGBemWf4/T+2/L33TYRB+4IAvSxpvtcGH/ACy8W9/1S9tNIyHKX+Wn4yMJ8XbL6mR0BOgms/gT3Ic1uHRJT9CiN6hkTrIuqQp9MDiTmHEzAvs2twTbUFLg3obsRSbHmh5XFwVnQFXseLZul1bX4QMcQWoihBQ/9KoiDcDqpoEThcnl6QYF8qY2MECPPJ/dg/ihEWqFDeHcfhyD2ysuUjURAfoE/OwMMMiowZ5pSTTssh042GtYijrIuI1WD7QaUXLXkQR0qe6DkMDsRKegOVoWbaMsGZNL/HU9ybUt8JzF67jOcv8QYSsqzj3UMAx0l6I78h3CU/gNqXUZ+rj/N6MMBEBz2l86iusLovI/BYx4qNDJ1BwRPf40uYB8i/kaC+GKP5aKh2kTNNgh+SaXtmXHb6TQnArXD36LXgT4j0CeW3bkRIQHBZoQTNVZqqJt9XwuD7c4kIhrXQN1MEy51IZE4dl5Gj8R9/uXIrC5JWGNu1MA61jJ/mpCLapyaZjLVjRCv2ZTE2OSHR2VeIEn3q3dt+K2TbJDVBPASlXs2g8gEypybk6BlF+sR9z47bLIhL2q6OHdaUj+qoEU/+N8rHm5D8hs3YZIQc8KWqqS6Zl/pgkBKb9z9qiY1HZ1syRSIQqzEReB4kXI9nyJ1Ha8vwO/j5OR6Uxw3SiDRRN3qtww/fTE6JOy3GscjOGtpth3IQtxTibYBmFz1igAgmgk39eBs13n40maEjdxSGD/jpRkLoeSGagPKlzHbQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(66446008)(76116006)(53546011)(64756008)(316002)(82960400001)(6506007)(66556008)(7696005)(38100700002)(966005)(4326008)(110136005)(66946007)(2906002)(186003)(66476007)(508600001)(33656002)(5660300002)(122000001)(86362001)(52536014)(26005)(71200400001)(55016002)(83380400001)(8676002)(8936002)(38070700005)(9686003)(45080400002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?0h/tSeJ+vWon50kWSMHBEFNKU90xHCiyqn2eEiHFwDqFSUaLQ84salHizKqj?= =?us-ascii?Q?/x1ooUQbt7d7n70xUd9Sr0WE2TejwzP2NMQokZ8sR+c4cJbCWZP1GukTobTT?= =?us-ascii?Q?u92zIJXr6uaSaw8/Jp7Bo+4X/oUzpCf7DXJozv7IUmWysjOh8Ci3NiBw7MUZ?= =?us-ascii?Q?TDNhJCPRce9NqF825Qko/vlj59aDDqzXqO9X+iu6equEVvXljA4wqCLMQVSu?= =?us-ascii?Q?oeKPCAk86PN+THDBIxTRWDbXHboykl5cjajbtzksk045qDK2PRVBhUZ46OIm?= =?us-ascii?Q?GzyK5Bo1GqlLMOXw5h7TXwX1qAeCG6HEmF424rp9bSgtWFzcDv2w7PCN2v2a?= =?us-ascii?Q?4estSL3Sb3ci39W5L+r3odTo08jBJOO275EBzIecM8hW+PurjkEfDCOL4ctA?= =?us-ascii?Q?zFR8ehVfm0qf0ptQvNvchpf9eCn3qQt5P6DYv9CQzgHMQbe+vqh2eShd2jui?= =?us-ascii?Q?rkllFnGPvo4bYgs0jkSTPrCRmV/q8AMUuxH1mOpWHO4Oqxmd3rYj6fnfkr/b?= =?us-ascii?Q?WnVoL7bsJ8hdVm8ugiKo+H0vU5l1WiTQ6dPoeaZ0if69TcOH16ATpAetwQdA?= =?us-ascii?Q?bXbX/IQqzJNi/XAiv+mSDN4Uoxv43HrzgZ+IDNlg//oxklr7dGnJY/ml00Cw?= =?us-ascii?Q?TRLm6InPZ35arHGro/bzsjLw/KHiWyRiEviyG+1/OZvJihbUTDsm4NMkHaMa?= =?us-ascii?Q?Sr1RXwGlCifIkVMvsprMz1yJ9YyMl4Ed4bUKd0oShcdJh9rMZtrDQdO/edmV?= =?us-ascii?Q?T0IkX8D+drGWsACzZL4zHuRZnQIIhSKLjLYqc8qfizQHdtMjAvVOEDS4Hxry?= =?us-ascii?Q?afOrFCrryyu9x1Qx2iKw4HgHnodOWR4weJC9GzUD6Hau5mjlHsGZsxINaLR7?= =?us-ascii?Q?221sIbaOte27+w+foKqzPlLIpZz9BOo3InTkknyIcsZR+z41tKCUD7kILqR7?= =?us-ascii?Q?kAz2eu+QcWHBjdwjmv8hMPpmfmLQS7mofiJ1zhpO2Tc1ugbvN+A57DvSD91Z?= =?us-ascii?Q?+sEUlWsDHCqtYJxjRvWzsngLUAddhTlv6SBcX7JoPV/CrjmE0KZiuLJ9pX2z?= =?us-ascii?Q?MFB/6GSes1CnvDMgfzQSfpLIJUgNDp6NH8ddiK5NmoI4la875rcmNTUQINKq?= =?us-ascii?Q?CjOB0CuBZfKWw/zp56kA2+hHk+bvLbiza+KXxJmhlF+EX4iC9QB9qHKSSJnq?= =?us-ascii?Q?DlRqTjpqs3wrx/nJZz29b3JbzNm0T+JPO6thgufAG4QAgH8UjE4FzQgPkepI?= =?us-ascii?Q?ymHzQB7KefjklISyTD9PCRxwsAezwyZzEiN70s3fznviwo/I2KoENJk0Ao9h?= =?us-ascii?Q?6wU924GbqdBF/Xhzl4hr/7BP?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3e29620a-75b7-4fc2-f4ce-08d98df4363b X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Oct 2021 02:50:26.9727 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hdJhjNCvPyE8qHtzzGVvKKzWTxhfDuLKeKpb4d+enFuhQzNsCeWjq9l3lJUuJYq6m70CAlHptftykfCZ7e9GMw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB5885 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable It seems the Bugzilla only describes the ECC, but no much info on why we ne= ed allow wildcards in hostname. The git log in mu is also unclear to me - "This enables certain local netwo= rk recovery stories. May re-evaluate as those stories change. " I am OK with ECC change, and give R-B. But I would like to understand more on why we need allow wildcards in gener= al. What are the stories? If this is only for "recovery stories", should we also allow wildcards in r= ecovery boot path? For example, should we have a PCD to platform owner make decision? E.g. nor= mal boot - NO. recovery boot - YES ? Thank you Yao Jiewen > -----Original Message----- > From: Vineel Kovvuri > Sent: Tuesday, October 12, 2021 1:38 PM > To: devel@edk2.groups.io; Yao, Jiewen ; > sean.brogan@microsoft.com; bret.barkelew@microsoft.com; > Michael.Turner@microsoft.com > Cc: Vineel Kovvuri > Subject: [PATCH 2/2] Allow wildcards in hostname >=20 > This PR is cherry-picked from > https://github.com/microsoft/mu_basecore/commit/d0c7733400c35722499ee > dcd4279042a9bcb0eb4 >=20 > BugZilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3679 >=20 > Signed-off-by: Vineel Kovvuri > --- > NetworkPkg/HttpDxe/HttpsSupport.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c > b/NetworkPkg/HttpDxe/HttpsSupport.c > index 7e0bf85c3c..0f28ae9447 100644 > --- a/NetworkPkg/HttpDxe/HttpsSupport.c > +++ b/NetworkPkg/HttpDxe/HttpsSupport.c > @@ -625,7 +625,7 @@ TlsConfigureSession ( > // > HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient; > HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEE= R; > - HttpInstance->TlsConfigData.VerifyHost.Flags =3D > EFI_TLS_VERIFY_FLAG_NO_WILDCARDS; > + HttpInstance->TlsConfigData.VerifyHost.Flags =3D > EFI_TLS_VERIFY_FLAG_NONE; > HttpInstance->TlsConfigData.VerifyHost.HostName =3D HttpInstance- > >RemoteHost; > HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotSt= arted; >=20 > -- > 2.17.1