Hello Jiaxin: Would you please provide your comments on the below Query.
-Siva From: [email protected] [mailto:[email protected]] On Behalf Of Sivaraman Nainar Sent: Friday, March 6, 2020 11:37 AM To: To:; Wu, Jiaxin; Fu, Siyuan Cc: Madhan B. Santharam; Arun Subramanian B; Bhuvaneshwari M R; Ramesh R.; Srini Narayana Subject: [edk2-devel] reg: Host Name Validation with Wild Card Certificate Hello all: Need a clarification on the Host Name support added in the HTTP Boot. When certificates are generated with the Wild Card in the SAN the host name validation is getting failed with the below error codes. Ex: DNS Name=*.ami.internal-test.com TlsDoHandshake SSL_HANDSHAKE_ERROR State=0x4 SSL_ERROR_SSL TlsDoHandshake ERROR 0x1416F086=L14:F16F:R86 Http Request failed. Code=Aborted If the Host verify flag is changed from HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS; To HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE; Then the Http request can pass. Is the host Name support strictly not allowing Wild card support? In this case do we need to have multiple Certiricate to have each URL with exact Host Name? Thanks Siva This e-mail is intended for the use of the addressee only and may contain privileged, confidential, or proprietary information that is exempt from disclosure under law. If you have received this message in error, please inform us promptly by reply e-mail, then delete the e-mail and destroy any printed copy. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#55710): https://edk2.groups.io/g/devel/message/55710 Mute This Topic: https://groups.io/mt/71767263/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
