On 10/16/19 09:36, Laszlo Ersek wrote: > On 10/16/19 07:18, Wu, Jiaxin wrote:
>> Comment2: do we really need the app_verify_callback function setting? >> Why not call X509_VERIFY_PARAM_set1_ip_asc (TlsConn->Ssl->param, >> HostName) in TlsSetVerifyHost directly? anything I missed in the >> discussion? > > I don't think client code should access "Ssl->param" directly. SSL > should be treated as an opaque data structure. > > However, I think you may have a point. Formally, the SSL_get0_param() > function could be called to retrieve X509_VERIFY_PARAM. > > https://www.openssl.org/docs/man1.1.1/man3/SSL_get0_param.html > > And then we could call X509_VERIFY_PARAM_set1_ip_asc() on that, perhaps. > This would make both the ExData stuff and the custom certificate > verification procedure unnecessary. To be clear, this is meant to say: Jiaxin, I'm totally fine to drop "RFC v1 5/4". Just please post a v2, and use - SSL_get0_param() - X509_VERIFY_PARAM_set1_ip_asc() - X509_VERIFY_PARAM_set1_host() rather than SSL_set1_host() in patch v2 2/4 -- if it works, that is! :) Thanks! Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49075): https://edk2.groups.io/g/devel/message/49075 Mute This Topic: https://groups.io/mt/34551672/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
