Yes Best Regards Siyuan
From: Sivaraman Nainar <[email protected]> Sent: 2019年12月27日 15:26 To: Fu, Siyuan <[email protected]>; [email protected]; Wu, Jiaxin <[email protected]> Cc: Madhan B. Santharam <[email protected]>; Arun Subramanian B <[email protected]>; Arun Sura Soundara Pandian <[email protected]>; Bhuvaneshwari M R <[email protected]>; Ramesh R. <[email protected]> Subject: RE: HTTPS Certificate Validation During Enrollment Siyuan: I agree. The basic check whatever we are doing here is the file extension only. Do you mean that could be enough and TLS will take care of validating the certificate during the connection State? -Siva From: Fu, Siyuan [mailto:[email protected]] Sent: Tuesday, December 24, 2019 1:30 PM To: Sivaraman Nainar; [email protected]<mailto:[email protected]>; Wu, Jiaxin Cc: Madhan B. Santharam; Arun Subramanian B; Arun Sura Soundara Pandian; Bhuvaneshwari M R; Ramesh R. Subject: RE: HTTPS Certificate Validation During Enrollment Hi, Siva We don’t think this is a real problem. The cert is saved as NV variable just like any other EFI variables, there are some basic checks like verify it’s a valid DER-encoded certificate before saving the certificate, and TLS config driver also provides a page to allow user to delete unused cert from system. If someone want to fill the NV variable storage full with garbage, they can simply use SetVaraible service, not necessary to use this page. Best Regards Siyuan From: Sivaraman Nainar <[email protected]<mailto:[email protected]>> Sent: 2019年12月24日 13:17 To: [email protected]<mailto:[email protected]>; Wu, Jiaxin <[email protected]<mailto:[email protected]>>; Fu, Siyuan <[email protected]<mailto:[email protected]>> Cc: Madhan B. Santharam <[email protected]<mailto:[email protected]>>; Arun Subramanian B <[email protected]<mailto:[email protected]>>; Arun Sura Soundara Pandian <[email protected]<mailto:[email protected]>>; Bhuvaneshwari M R <[email protected]<mailto:[email protected]>>; Ramesh R. <[email protected]<mailto:[email protected]>> Subject: reg: HTTPS Certificate Validation During Enrollment Hello all: Right now the HTTPS Certificates are getting validated during TlsConfigCertificate()by HTTPDxe Driver. But during enrollment of certificate via TLSDXE driver, it does not have any validation and it keep appending the TLSCaCert variable with the certificate provided. Assume an invalid certificate keep loaded via TLS Auth configuration page, the NVRAM would be filled with garbage. Is there any plan to have certificate validation during Enrollment? -Siva -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52588): https://edk2.groups.io/g/devel/message/52588 Mute This Topic: https://groups.io/mt/69246372/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
