From: Abner Chang <abner.ch...@amd.com>
For the HTTPS connetion that doesn't require TLS peer verification,
We introduce a new HTTP event HttpEventTlsConfigured to notify HTTP callback
functions after TlsConfigureSession(). With this event, the upper layer
HTTP application can listen to HttpEventTlsConfigured HTTP event and
reconfigure TLS configuration data in the callback function to set TLS verify
method to TLS_VERIFY_NONE.
The use case such as Redfish service connction which doesn't require the
TLS peer verification on the cetificate, especially to the Redfish service
connection through the in-band network interface.
The root cause we are fixing is the TLS config data is hardcoded in
TlsConfigureSession() for any TLS child in HttpSupport.c. With this hardcoded
code, HTTP application has no way to give the proper TLS config data when TLS
session is initiated.
In Patch 1/5: We agreed to refactor TlsCreateChild and install TLS on
the given HTTP handle.
In Patch 2/5: We consider TLS certificate not found as a success case to
ensures HTTP session is still initiated and HttpInitSession()
returns EFI_SUCCESS to the caller. The failure is pushed back to
TLS DXE driver if the HTTP communication actually requires
certificate.
In Patch 3/5: Introduce HttpEventTlsConfigured HTTP callback event
In Patch 4/5: REST EX DXE provides HTTP event callback protocol
In Patch 5/5: REST EX DXE fix.
Signed-off-by: Abner Chang <abner.ch...@amd.com>
Cc: Saloni Kasbekar <saloni.kasbe...@intel.com>
Cc: Zachary Clark-williams <zachary.clark-willi...@intel.com>
Cc: Michael Brown <mc...@ipxe.org>
Cc: Nickle Wang <nick...@nvidia.com>
Cc: Igor Kulchytskyy <ig...@ami.com>
Abner Chang (5):
NetwokrPkg/HttpDxe: Refactor TlsCreateChild
NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success
case
NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event
RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL
RedfishPkg/RedfishRestExDxe: Update Supported function
.../RedfishRestExDxe/RedfishRestExDxe.inf | 2 +
NetworkPkg/HttpDxe/HttpProto.h | 3 +-
NetworkPkg/HttpDxe/HttpsSupport.h | 18 ++--
NetworkPkg/Include/Protocol/HttpCallback.h | 11 +++
.../RedfishRestExDxe/RedfishRestExDriver.h | 31 ++++--
NetworkPkg/HttpDxe/HttpImpl.c | 23 +----
NetworkPkg/HttpDxe/HttpProto.c | 8 +-
NetworkPkg/HttpDxe/HttpsSupport.c | 95 ++++++++++++-------
.../RedfishRestExDxe/RedfishRestExDriver.c | 84 ++++++++++++++++
9 files changed, 198 insertions(+), 77 deletions(-)
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113224): https://edk2.groups.io/g/devel/message/113224
Mute This Topic: https://groups.io/mt/103539577/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
