From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+113319+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 0FA8A941C15
	for <rebecca@openfw.io>; Fri,  5 Jan 2024 20:27:17 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=6MIF5dIcJu9rQ6fnORoP4j1BbxfVYEURq9rgJMFRM2s=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1704486436; v=1;
 b=Cun9klVho5UK7C4OcsAG8lR86KCjT/oFnSL0KyEZxG5NpfxlHgkBbjUNaXWJl4RMPJnK2mk2
 1G7TyHWkSCui4jmY/phrDAsrCtnZuHGUQZsi5AZt1ubWhiaPMvBqSpUacNrJcqaERrYFmWpdlLh
 I6G4hG8MKH5IdwN1gVK0uyLY=
X-Received: by 127.0.0.2 with SMTP id wN3YYY7687511x3EjHWyvXOr; Fri, 05 Jan 2024 12:27:16 -0800
X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web10.33972.1704486435947003457
 for <devel@edk2.groups.io>;
 Fri, 05 Jan 2024 12:27:16 -0800
X-IronPort-AV: E=McAfee;i="6600,9927,10944"; a="382552294"
X-IronPort-AV: E=Sophos;i="6.04,334,1695711600"; 
   d="scan'208";a="382552294"
X-Received: from orviesa002.jf.intel.com ([10.64.159.142])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jan 2024 12:26:54 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.04,334,1695711600"; 
   d="scan'208";a="22586653"
X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16])
  by orviesa002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 05 Jan 2024 12:26:54 -0800
X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Fri, 5 Jan 2024 12:26:53 -0800
X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Fri, 5 Jan 2024 12:26:52 -0800
X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35 via Frontend Transport; Fri, 5 Jan 2024 12:26:52 -0800
X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Fri, 5 Jan 2024 12:26:52 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=OmYFEUFrR3XPGh4lugwTeQZgkfGnrb+Gaayb8OEb7Ppnzq+D4VjywXBabjHVvzCEtVqc7ZlY7YjM8Ewy7GE0vqo1KGF0NFUu2l0mO5Q75c+ZVgc4eW59Z1Rw078lhJaUns0bIn6qe7XSL2aZSqQgplRAjKG5Odwho6s1kEdnnd9G1lqEymaN6XYllkeo0FW9bxqi0CeXMVmSH9Fjj/H1i7mhiQKIny2uJ0Br2jt7ChMU60BbyDN6GqdYsYrtPVBBKhJC/3PZsaftHikzcdHzZgE0Y7EbMzcpSCLPR3u0ILBNcb/raLOSzNOStg1If7RCZaOJogoWcYjWJw+iwf5uwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=v14y9DL2DWeZfblgAZ2ytv/NGXoqz7L1oMjHxCffUd0=;
 b=cvkEq6QKE/tYS2zDMBtpCYS9YBY8wgvPY+MorrMfm0BM+d01a/ZcAlvbqKMOIBBVT5ZZjQEtEyqGKXRffsjX1YaKVm7zugryxWkGIfpWIL+zkQlGZCsUL4U+PQ6dJA7t4YNkb6//zoKq39cx71k0k4ecl1+isBj7qLIo2jwZ7zhHSGGPR7Oex/z0ofjArLSM8vZOln7MOIWpcrtE75k7/GeygYeh53FEPNVev3J6141nPsWRFazgOnuScpxnhjo02wCokN3w+//lHDfUyh2dnV9A9bqqXFEJPED0pnNKrl9tlonQNBWa9yZ1u+uqZnTbaKdxbCKKCzomjKsmjN9OvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com (2603:10b6:806:26b::20)
 by SJ0PR11MB5815.namprd11.prod.outlook.com (2603:10b6:a03:426::9) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.15; Fri, 5 Jan
 2024 20:26:45 +0000
X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com
 ([fe80::d2a9:6c81:214f:f89]) by SN7PR11MB8281.namprd11.prod.outlook.com
 ([fe80::d2a9:6c81:214f:f89%7]) with mapi id 15.20.7159.015; Fri, 5 Jan 2024
 20:26:45 +0000
From: "Saloni Kasbekar" <saloni.kasbekar@intel.com>
To: "abner.chang@amd.com" <abner.chang@amd.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Clark-williams, Zachary" <zachary.clark-williams@intel.com>, "Michael
 Brown" <mcb30@ipxe.org>, Nickle Wang <nicklew@nvidia.com>, Igor Kulchytskyy
	<igork@ami.com>
Subject: Re: [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case
Thread-Topic: [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not
 found as a success case
Thread-Index: AQHaP7KaTKSSKzmro06J1hGNiESLnrDLq2vg
Date: Fri, 5 Jan 2024 20:26:45 +0000
Message-ID: <SN7PR11MB828147E35AD2BFCB02D2ECC1F1662@SN7PR11MB8281.namprd11.prod.outlook.com>
References: <20240105083716.340-1-abner.chang@amd.com>
 <20240105083716.340-3-abner.chang@amd.com>
In-Reply-To: <20240105083716.340-3-abner.chang@amd.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN7PR11MB8281:EE_|SJ0PR11MB5815:EE_
x-ms-office365-filtering-correlation-id: e99b4dc7-65e3-4646-5060-08dc0e2ca32f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: yiVYEsWVgA5dW99RW7YZ71EGYxsw4fg1eCPlNxanNZCdb0/zjPjdhGfs3c0RnsrPTMFUij5wuEfdaU4kFEHO9lHCZYW72EXppysOglRjiQPwgD65aOLEIqD04vahDB6aUJxd11gw6SaXe/yxOuyuAs9RGquB3xoZxXgasuxfoSSswGGEOuToQwSm6TjWDk0tD4pX0qfonh1PHDrarLncDXwBI2/VaRMckR2N/ZCLuuh/HSO57gAmpNs/CE8QK60XmlBJ1eLFSU5zJSatc9y+Jq48bX2SSw8g6MZeiDS2i/19B/KQGSbtTJbKpbrkj9Ip0FuxtSQbIlIysG8jHdo8XkGp/6YhundH9ZBEqFOVLw2Yl9oXBV/GlStIBlHzYF6WmRIXTHfG/ILyD1qm3zIo4BTVgLu5lNnDJh74itu0p2E3SRS9RUUatrfVLm0pUafeHOh4KiurCAqBlO7+a8mapTPObEHG1JacN2uf8GfxPe8IB6X5WzzNDhhTtSkzRL1lZCS2b+/VLkOdY2PsJlk2wr1A1Gwl4O+Fp7pvHSTWWuGLCsLy2CfauBlayw5r1wQ5bwLsxkDL73v1HlY/9jQtcrA6PINKz5Z5IvD+9c0EANQltl2vztAxL24ap4PbjygJ
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?1Bspyk+xXySb/3vTqRuPepRyQvypK08YU7cWL2XbLjLkDQ4dNjPhEbtrD36R?=
 =?us-ascii?Q?KBJqBqKgFxGEi0Uc4f4Nq67hlzgXFRHzYuzk6GKt1lhu+2dytg1QpS2FGVLN?=
 =?us-ascii?Q?7dSGjMfAxS0zEWpBt4q3VnG0JSCQbmCeusE8fCqoQhCfBv8400tyCNkCZM2C?=
 =?us-ascii?Q?6dgOehkOrcnL2xtuFN9dC+m7szaAh+sdmA73tYIdYYXeA0e8AuowR324D/B0?=
 =?us-ascii?Q?bVwCXyBpZUnq7S0AHCfBFr2kEo83zkOWkpfbM+XIyEC5CEymMtbi2AKr0qgV?=
 =?us-ascii?Q?R1JDLNQjVyb8/I6HV0c0ep3b1xP5cMvE0eK4mVtO8BJBTTJ5V9qYoy6i4Anb?=
 =?us-ascii?Q?en3lP6uRQrpB/Akmw1cTu48ydIBIXkiV269SqE2lZFVpLs/nTn3SQxSbbGOo?=
 =?us-ascii?Q?8B+IKzJxG6RvjdsRNoxD+mhidBYhHSUdM7P4S4Uqv1B3zGmNxhGV3Kn1Vayv?=
 =?us-ascii?Q?cuCm3SrBQ/gx4v70ZIMoeMN1PK77fYbbqx3tyfYRbmIPXjieY3WPTrvNDhUn?=
 =?us-ascii?Q?iySmu73b2ERdTx2YIBjo19vPouiogsWmC5H9AGIp9//OrcieSeepETFgY1Bs?=
 =?us-ascii?Q?ysIHXQRhBHvfRKkIkDOtVM+bS9/x/1sNZDP+73r5qFfEmLKdoN+LZJOn+3g3?=
 =?us-ascii?Q?8F+yha+c438xaQjug4HYlWOHTkZyntQPxVmXvrSAQGi894KeLIuecpUY3w5j?=
 =?us-ascii?Q?ySTB6nLXuD1bzFrUkVELX/rUDeMXNa6CFt9QI28qxqg4VhGh0vCdUxSelavi?=
 =?us-ascii?Q?g1fJPbYLHcrX6R8DDEOJMM0tbV6hBwjsxVRRMrjbB19WYCg8FnGY6Iw0r7V6?=
 =?us-ascii?Q?5lFL4oMd7gztMr+l9ppqLU5EHH6MvANaIfn0cZtvqSP2MGLHeRsM5vK+A/Uv?=
 =?us-ascii?Q?wI6XsN36Pi3Ne3IId/ku4Hntsw8aAF+geDyPwWIAK9NT/S6esyueozqJ/aJz?=
 =?us-ascii?Q?G37oiL14Or7i7ZKOEaYQHB30pXXBePBeJf5EWw2N/hVwmoUtkKcccZQN9AHP?=
 =?us-ascii?Q?XTQwOZiNmquFXi/GvMEGMCtmFWCMp3Bw3qjtzND9BX29fwdVWm/84ATII+eJ?=
 =?us-ascii?Q?ABuTYQP96gKDkj7MAPo8ejF+SCLRave5+8mUMsTF23ye+cobCE59j7MZRMlU?=
 =?us-ascii?Q?BZTQM/OJd6aVK22eD8jy/FsU+M46wpkot73MyMTGANOgvF1H8lKugdVhQ98M?=
 =?us-ascii?Q?eEbuzvhoQzwLouXbq8FypiTN5Ii5COavjGU9fXOXcf9deh+2aTdwI1igzgCI?=
 =?us-ascii?Q?Q3RscHflKFjLSqxp5GFsn/UvOtXctU6s16lPiHi3EODCj4kXb87orSPOPww0?=
 =?us-ascii?Q?h5g7NbG0ffOU3we86DQAhY0AWjth1MTGbvoEhRcKhRvyAWHfzSDSJUmbapaP?=
 =?us-ascii?Q?rW67gQPqDq9aEZKiFUklr2HfN3/iIkXoMHsvx/hKzjD/cG3OlGuHqHQ3F12D?=
 =?us-ascii?Q?kvJoQXQzPNbCoIOG0aYD57i9mNOfFEz8V9Wo1O6fAozTc1kpjH3uPP+hg5Yn?=
 =?us-ascii?Q?QdRmCru3+pp8LhaaxVhA9pfYBZ+9uCbg1Ba0FMdr9WbGC/Wj91YcUzSbykvQ?=
 =?us-ascii?Q?A4plYWcRmlnDOUZUeNkWH9iT6FG6++jsDPnym6kn?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB8281.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e99b4dc7-65e3-4646-5060-08dc0e2ca32f
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2024 20:26:45.8490
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zEyUmi7HYO1jI8NN2o68DLavZkGZddSZ098TmIQ2HCfgGypoH2K/rNb6UpyH6+sYjWICdTKakBBuMKu1u60uM79ujVLQftydDz1cWpB9vXc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5815
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: am9fO7cJ8WKSqW5PzUlAIhQnx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=Cun9klVh;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>

-----Original Message-----
From: abner.chang@amd.com <abner.chang@amd.com>=20
Sent: Friday, January 5, 2024 12:37 AM
To: devel@edk2.groups.io
Cc: Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary <=
zachary.clark-williams@intel.com>; Michael Brown <mcb30@ipxe.org>; Nickle W=
ang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>
Subject: [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found=
 as a success case

From: Abner Chang <abner.chang@amd.com>

We still return EFI_SUCCESS to the caller when TlsConfigCertificate returns=
 error, for the use case the platform doesn't require certificate for the s=
pecific HTTP session. This ensures HttpInitSession function still initiated=
 and returns EFI_SUCCESS to the caller. The failure is pushed back to TLS D=
XE driver if the HTTP communication actually requires certificate.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 NetworkPkg/HttpDxe/HttpsSupport.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu=
pport.c
index a07323ff0bd..04a830f7152 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -722,8 +722,21 @@ TlsConfigureSession (
   //
   Status =3D TlsConfigCertificate (HttpInstance);
   if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
-    return Status;
+    if (Status =3D=3D EFI_NOT_FOUND) {
+      DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"))=
;
+      //
+      // We still return EFI_SUCCESS to the caller when TlsConfigCertifica=
te
+      // returns error, for the use case the platform doesn't require
+      // certificate for the specific HTTP session. This ensures
+      // HttpInitSession function still initiated and returns EFI_SUCCESS =
to
+      // the caller. The failure is pushed back to TLS DXE driver if the
+      // HTTP communication actually requires certificate.
+      //
+      Status =3D EFI_SUCCESS;
+    } else {
+      DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+      return Status;
+    }
   }
=20
   //
--
2.37.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113319): https://edk2.groups.io/g/devel/message/113319
Mute This Topic: https://groups.io/mt/103539579/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-