Hello All:
Need clarification on the Certificate Validation Procedure used in HTTP Boot.
The certificate parsing done at HttpDxe in file HttpsSupport.c in the function
TlsConfigCertificate().
The below code snippet is TlsSetSessionData call for each certificate data.
while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof
(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
//
// EfiTlsConfigDataTypeCACertificate
//
Status = HttpInstance->TlsConfiguration->SetData (
HttpInstance->TlsConfiguration,
EfiTlsConfigDataTypeCACertificate,
Cert->SignatureData,
CertList->SignatureSize -
sizeof (Cert->SignatureOwner)
);
if (EFI_ERROR (Status)) {
goto FreeCACert;
}
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
}
ItemDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList +
CertList->SignatureListSize);
}
In the attached code, once an invalid certificate of available certificates Set
via TLS, if its failed the code does not post further certificates even those
could be valid certificates.
Is the code is purposefully done? May we know the expected behavior of the code.
-Siva
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#52248): https://edk2.groups.io/g/devel/message/52248
Mute This Topic: https://groups.io/mt/68724546/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
