[edk2-devel] [PATCH 1/2] NetworkPkg/HttpDxe: provide function to disable TLS host verify
Michael Brown
mcb30 at ipxe.org
Wed Feb 1 11:27:44 UTC 2023
On 01/02/2023 11:06, Nickle Wang via groups.io wrote:
> Thanks for catching this. To prevent the change to data structure, would
> you suggest me to create new interface in EFI_HTTP_PROTOCOL and disable
> TLS host verify?
Adding an interface to EFI_HTTP_PROTOCOL would also break the ABI by
changing the layout of a data structure defined in the UEFI
specification, and so can't be done.
I took a quick look through Http.h and I can't immediately see any way
you can convey the information you want without making a breaking
change. There are no flags fields (that could be extended with extra
flags in the same memory slot), no structure version number fields (that
could allow structures to be extended, subject to a version number
check), and no general-purpose "additional information" extension
mechanism besides the one for passing arbitrary HTTP headers.
I suspect you'll need to either make a new protocol (lots of work, very
ugly) or find some sideband mechanism you can use to work around the
problem, like a PCD to globally enable/disable host verification.
It may be worth waiting for one of the HttpDxe maintainers to offer an
opinion on this, since I am totally unfamiliar with this part of the
codebase.
Sorry,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99397): https://edk2.groups.io/g/devel/message/99397
Mute This Topic: https://groups.io/mt/96669380/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list