Introduce PCD PcdRedfishTlsHostVerifyDisabled to RedfishDiscoverDxe
driver. Setting this PCD to true will turn off TLS host verify in
HTTPS connection between host and BMC.
Signed-off-by: Nickle Wang <nick...@nvidia.com>
Cc: Abner Chang <abner.ch...@amd.com>
Cc: Igor Kulchytskyy <ig...@ami.com>
Cc: Nick Ramirez <nrami...@nvidia.com>
---
RedfishPkg/RedfishPkg.dec | 5 +++++
RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf | 3 ++-
RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c | 8 +++++---
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
index d2b189b13d..707228d22e 100644
--- a/RedfishPkg/RedfishPkg.dec
+++ b/RedfishPkg/RedfishPkg.dec
@@ -3,6 +3,7 @@
#
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
@@ -97,3 +98,7 @@
# protocol instance.
#
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDiscoverAccessModeInBand|FALSE|BOOLEAN|0x00001002
+ #
+ # Setting this PCD to TRUE will turn off TLS host verify during HTTPS
handshake.
+ #
+
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishTlsHostVerifyDisabled|TRUE|BOOLEAN|0x00001003
diff --git a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
index 345bacf44d..e872966693 100644
--- a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
+++ b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
@@ -2,6 +2,7 @@
# Implementation of EFI_REDFISH_DISCOVER_PROTOCOL interfaces.
#
# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -52,4 +53,4 @@
[Pcd]
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDiscoverAccessModeInBand ## CONSUMES
-
+ gEfiRedfishPkgTokenSpaceGuid.PcdRedfishTlsHostVerifyDisabled ## CONSUMES
diff --git a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
index 042d6d5fd5..1d4398e9d7 100644
--- a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
+++ b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
@@ -4,6 +4,7 @@
(C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) 2022, AMD Incorporated. All rights reserved.
+ Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -840,9 +841,10 @@ AddAndSignalNewRedfishService (
goto EXIT_FREE_CONFIG_DATA;
}
- RestExHttpConfigData->SendReceiveTimeout = 5000;
- RestExHttpConfigData->HttpConfigData.HttpVersion = HttpVersion11;
- RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6 =
CheckIsIpVersion6 (NetworkInterface);
+ RestExHttpConfigData->SendReceiveTimeout =
5000;
+ RestExHttpConfigData->HttpConfigData.HttpVersion =
HttpVersion11;
+ RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6 =
CheckIsIpVersion6 (NetworkInterface);
+ RestExHttpConfigData->HttpConfigData.HostCertificateVerifyDisabled =
PcdGetBool (PcdRedfishTlsHostVerifyDisabled);
if (RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6) {
RestExHttpConfigData->HttpConfigData.AccessPoint.IPv6Node =
AllocateZeroPool (sizeof (EFI_HTTPv6_ACCESS_POINT));
if (RestExHttpConfigData->HttpConfigData.AccessPoint.IPv6Node == NULL)
{
--
2.39.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99382): https://edk2.groups.io/g/devel/message/99382
Mute This Topic: https://groups.io/mt/96669392/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
