REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3951
Add support for Proxy server to connect to a HTTPS EndPoint server.
TLS Connection to be created during GET/HEAD after CONNECT method.
Cc: Maciej Rabeda <maciej.rab...@linux.intel.com>
Cc: Wu Jiaxin <jiaxin...@intel.com>
Cc: Siyuan Fu <siyuan...@intel.com>
Signed-off-by: Saloni Kasbekar <saloni.kasbe...@intel.com>
---
NetworkPkg/HttpDxe/HttpImpl.c | 9 +++----
NetworkPkg/HttpDxe/HttpProto.c | 40 ++++++++++++++++++-------------
NetworkPkg/HttpDxe/HttpProto.h | 8 +++++--
NetworkPkg/HttpDxe/HttpsSupport.c | 16 +++++++++----
4 files changed, 46 insertions(+), 27 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c
index 2a305e0864..f7d6a4c8f6 100644
--- a/NetworkPkg/HttpDxe/HttpImpl.c
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
@@ -511,9 +511,10 @@ EfiHttpRequest (
if ((HttpInstance->ConnectionClose == FALSE) &&
(HttpInstance->RemotePort == RemotePort) &&
(AsciiStrCmp (HttpInstance->RemoteHost, HostName) == 0) &&
- (!HttpInstance->UseHttps || (HttpInstance->UseHttps &&
- !TlsConfigure &&
- (HttpInstance->TlsSessionState ==
EfiTlsSessionDataTransferring))))
+ (!HttpInstance->UseHttps ||
+ HttpInstance->ProxyConnected || (HttpInstance->UseHttps &&
+ !TlsConfigure &&
+ (HttpInstance->TlsSessionState ==
EfiTlsSessionDataTransferring))))
{
//
// Host Name and port number of the request URL are the same with
previous call to Request().
@@ -666,7 +667,7 @@ EfiHttpRequest (
goto Error2;
}
- if (!Configure && !ReConfigure && !TlsConfigure) {
+ if ((!Configure && !ReConfigure) && ((HttpInstance->ProxyConnected &&
TlsConfigure) || (!TlsConfigure))) {
//
// For the new HTTP token, create TX TCP token events.
//
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index 6767d90c7d..cc69401943 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1222,6 +1222,7 @@ HttpConfigureTcp6 (
connect one TLS session if required.
@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls
session.
@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP4 protocol child is not created or
configured.
@@ -1230,7 +1231,8 @@ HttpConfigureTcp6 (
**/
EFI_STATUS
HttpConnectTcp4 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
)
{
EFI_STATUS Status;
@@ -1253,16 +1255,18 @@ HttpConnectTcp4 (
return Status;
}
- if (Tcp4State == Tcp4StateEstablished) {
+ if ((Tcp4State == Tcp4StateEstablished) && (!HttpInstance->ProxyConnected ||
!TlsConfigure)) {
return EFI_SUCCESS;
- } else if (Tcp4State > Tcp4StateEstablished ) {
+ } else if (Tcp4State > Tcp4StateEstablished) {
HttpCloseConnection (HttpInstance);
}
- Status = HttpCreateConnection (HttpInstance);
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status));
- return Status;
+ if (!HttpInstance->ProxyConnected) {
+ Status = HttpCreateConnection (HttpInstance);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status));
+ return Status;
+ }
}
//
@@ -1314,6 +1318,7 @@ HttpConnectTcp4 (
connect one TLS session if required.
@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls
session.
@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP6 protocol child is not created or
configured.
@@ -1322,7 +1327,8 @@ HttpConnectTcp4 (
**/
EFI_STATUS
HttpConnectTcp6 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
)
{
EFI_STATUS Status;
@@ -1346,16 +1352,18 @@ HttpConnectTcp6 (
return Status;
}
- if (Tcp6State == Tcp6StateEstablished) {
+ if ((Tcp6State == Tcp6StateEstablished) && (!HttpInstance->ProxyConnected ||
!TlsConfigure)) {
return EFI_SUCCESS;
- } else if (Tcp6State > Tcp6StateEstablished ) {
+ } else if (Tcp6State > Tcp6StateEstablished) {
HttpCloseConnection (HttpInstance);
}
- Status = HttpCreateConnection (HttpInstance);
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status));
- return Status;
+ if (!HttpInstance->ProxyConnected) {
+ Status = HttpCreateConnection (HttpInstance);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status));
+ return Status;
+ }
}
//
@@ -1450,7 +1458,7 @@ HttpInitSession (
//
// Connect TCP.
//
- Status = HttpConnectTcp4 (HttpInstance);
+ Status = HttpConnectTcp4 (HttpInstance, TlsConfigure);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -1468,7 +1476,7 @@ HttpInitSession (
//
// Connect TCP.
//
- Status = HttpConnectTcp6 (HttpInstance);
+ Status = HttpConnectTcp6 (HttpInstance, TlsConfigure);
if (EFI_ERROR (Status)) {
return Status;
}
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
index 3e4e86dad9..6fd2082e1b 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -407,6 +407,7 @@ HttpConfigureTcp6 (
connect one TLS session if required.
@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls
session.
@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP4 protocol child is not created or
configured.
@@ -415,7 +416,8 @@ HttpConfigureTcp6 (
**/
EFI_STATUS
HttpConnectTcp4 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
);
/**
@@ -423,6 +425,7 @@ HttpConnectTcp4 (
connect one TLS session if required.
@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls
session.
@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP6 protocol child is not created or
configured.
@@ -431,7 +434,8 @@ HttpConnectTcp4 (
**/
EFI_STATUS
HttpConnectTcp6 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
);
/**
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c
b/NetworkPkg/HttpDxe/HttpsSupport.c
index ad611e7c38..81c65758d3 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -644,11 +644,17 @@ TlsConfigureSession (
//
// TlsConfigData initialization
//
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
- HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE;
- HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
+ HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE;
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+
+ if (HttpInstance->ProxyConnected) {
+ ASSERT (HttpInstance->EndPointHostName != NULL);
+ HttpInstance->TlsConfigData.VerifyHost.HostName =
HttpInstance->EndPointHostName;
+ } else {
+ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
+ }
//
// EfiTlsConnectionEnd,
--
2.36.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94820): https://edk2.groups.io/g/devel/message/94820
Mute This Topic: https://groups.io/mt/94189623/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
