Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify

Wed, 01 Feb 2023 03:07:02 -0800 

Hi Michael,

Thanks for catching this. To prevent the change to data structure, would you 
suggest me to create new interface in EFI_HTTP_PROTOCOL and disable TLS host 
verify?

Regards,
Nickle
________________________________
From: Michael Brown <mc...@ipxe.org>
Sent: Wednesday, February 1, 2023 6:47 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>; Nickle Wang 
<nick...@nvidia.com>
Cc: Maciej Rabeda <maciej.rab...@linux.intel.com>; Siyuan Fu 
<siyuan...@intel.com>; Abner Chang <abner.ch...@amd.com>; Igor Kulchytskyy 
<ig...@ami.com>; Nick Ramirez <nrami...@nvidia.com>
Subject: Re: [edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to 
disable TLS host verify

External email: Use caution opening links or attachments


On 01/02/2023 03:46, Nickle Wang via groups.io wrote:
> diff --git a/MdePkg/Include/Protocol/Http.h b/MdePkg/Include/Protocol/Http.h
> index 28e6221593..21a782eaac 100644
> --- a/MdePkg/Include/Protocol/Http.h
> +++ b/MdePkg/Include/Protocol/Http.h
> @@ -6,6 +6,7 @@
>
>     Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
>     (C) Copyright 2015-2017 Hewlett Packard Enterprise Development LP<BR>
> +  Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
>     SPDX-License-Identifier: BSD-2-Clause-Patent
>
>     @par Revision Reference:
> @@ -161,6 +162,10 @@ typedef struct {
>     /// this instance will use EFI_DNS6_PROTOCOL and EFI_TCP6_PROTOCOL.
>     ///
>     BOOLEAN             LocalAddressIsIPv6;
> +  ///
> +  /// Verify server certificate during HTTPS handshake.
> +  ///
> +  BOOLEAN             HostCertificateVerifyDisabled;
>
>     union {
>       ///

This change would break the ABI by changing the layout of a data
structure defined in the UEFI specification.

Even worse, it does so by inserting a field into the middle of a
structure: an ABI mismatch would result in one side attempting to
dereference the BOOLEAN value as a pointer.

Nacked-by: Michael Brown <mc...@ipxe.org>

Thanks,

Michael



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99395): https://edk2.groups.io/g/devel/message/99395
Mute This Topic: https://groups.io/mt/96669380/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to