Thanks Jiaxin for the prompt reply. Created ticket : https://bugzilla.tianocore.org/show_bug.cgi?id=2433
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Wu, Jiaxin Sent: Friday, December 20, 2019 3:17 PM To: Sivaraman Nainar; devel@edk2.groups.io; Fu, Siyuan; Rabeda, Maciej Cc: Madhan B. Santharam; Arun Subramanian B; Arun Sura Soundara Pandian; Bhuvaneshwari M R Subject: Re: [edk2-devel] reg: HTTPS Certificate Update Hi Siva, I agree we should continue the next certificates configuration even the current one is invalid (since we already have the sanity check before the setting). Please report one Bugzilla for the issue. Maciej, can you help fix on that? Thanks, Jiaxin From: Sivaraman Nainar <sivaram...@amiindia.co.in<mailto:sivaram...@amiindia.co.in>> Sent: Friday, December 20, 2019 12:16 PM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Wu, Jiaxin <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; Fu, Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>> Cc: Madhan B. Santharam <madh...@ami.com<mailto:madh...@ami.com>>; Arun Subramanian B <arunsubramani...@ami.com<mailto:arunsubramani...@ami.com>>; Arun Sura Soundara Pandian <arunsu...@amiindia.co.in<mailto:arunsu...@amiindia.co.in>>; Bhuvaneshwari M R <bhuvaneshwar...@amiindia.co.in<mailto:bhuvaneshwar...@amiindia.co.in>> Subject: RE: reg: HTTPS Certificate Update Hello Jiaxin / Siyuan: Would you please feedback on this. -Siva From: Sivaraman Nainar Sent: Monday, December 16, 2019 4:42 PM To: 'devel@edk2.groups.io'; 'Wu, Jiaxin'; 'Fu, Siyuan' Cc: Madhan B. Santharam; Arun Subramanian B; Arun Sura Soundara Pandian; Bhuvaneshwari M R Subject: reg: HTTPS Certificate Update Hello All: Need clarification on the Certificate Validation Procedure used in HTTP Boot. The certificate parsing done at HttpDxe in file HttpsSupport.c in the function TlsConfigCertificate(). The below code snippet is TlsSetSessionData call for each certificate data. while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; for (Index = 0; Index < CertCount; Index++) { // // EfiTlsConfigDataTypeCACertificate // Status = HttpInstance->TlsConfiguration->SetData ( HttpInstance->TlsConfiguration, EfiTlsConfigDataTypeCACertificate, Cert->SignatureData, CertList->SignatureSize - sizeof (Cert->SignatureOwner) ); if (EFI_ERROR (Status)) { goto FreeCACert; } Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); } ItemDataSize -= CertList->SignatureListSize; CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); } In the attached code, once an invalid certificate of available certificates Set via TLS, if its failed the code does not post further certificates even those could be valid certificates. Is the code is purposefully done? May we know the expected behavior of the code. -Siva -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52459): https://edk2.groups.io/g/devel/message/52459 Mute This Topic: https://groups.io/mt/68724546/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
