1. Patchew
  2. EDK2
  3. View series

[edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Jiaxin Wu posted 2 patches 6 years, 2 months ago
Failed in applying to current master (apply log)
NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
NetworkPkg/HttpDxe/HttpsSupport.c       | 92 ++++++++++++++++++++++++++++++++-
NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
NetworkPkg/NetworkPkg.dec               |  3 ++
5 files changed, 136 insertions(+), 3 deletions(-)
create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
[edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Jiaxin Wu 6 years, 2 months ago 
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Kinney Michael D <michael.d.kinney@intel.com>
Cc: Zimmer Vincent <vincent.zimmer@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>

Jiaxin Wu (2):
  NetworkPkg: Define one private variable for TLS CipherList
    configuration.
  NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
    session.

 NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
 NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
 NetworkPkg/HttpDxe/HttpsSupport.c       | 92 ++++++++++++++++++++++++++++++++-
 NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
 NetworkPkg/NetworkPkg.dec               |  3 ++
 5 files changed, 136 insertions(+), 3 deletions(-)
 create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h

-- 
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Fu, Siyuan 6 years, 2 months ago 
Hi, Jiaxin

I think we can remove the "TlsCipherList.h" to another name like "HttpTlsCipherListVariable.h" to  highlight that the variable is only used for HTTP configuration. And also the variable name and GUID name. 

Siyuan

> -----Original Message-----
> From: Wu, Jiaxin
> Sent: Friday, February 9, 2018 12:00 PM
> To: edk2-devel@lists.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Zimmer, Vincent <vincent.zimmer@intel.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
> Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Kinney Michael D <michael.d.kinney@intel.com>
> Cc: Zimmer Vincent <vincent.zimmer@intel.com>
> Cc: Yao Jiewen <jiewen.yao@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> 
> Jiaxin Wu (2):
>   NetworkPkg: Define one private variable for TLS CipherList
>     configuration.
>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
>     session.
> 
>  NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
>  NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
>  NetworkPkg/HttpDxe/HttpsSupport.c       | 92
> ++++++++++++++++++++++++++++++++-
>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
>  NetworkPkg/NetworkPkg.dec               |  3 ++
>  5 files changed, 136 insertions(+), 3 deletions(-)
>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> 
> --
> 1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Wu, Jiaxin 6 years, 2 months ago 
Thanks the comment, I will refine the series patch.



> -----Original Message-----
> From: Fu, Siyuan
> Sent: Friday, February 9, 2018 1:23 PM
> To: Wu, Jiaxin <jiaxin.wu@intel.com>; edk2-devel@lists.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Ye,
> Ting <ting.ye@intel.com>
> Subject: RE: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Hi, Jiaxin
> 
> I think we can remove the "TlsCipherList.h" to another name like
> "HttpTlsCipherListVariable.h" to  highlight that the variable is only used for
> HTTP configuration. And also the variable name and GUID name.
> 
> Siyuan
> 
> > -----Original Message-----
> > From: Wu, Jiaxin
> > Sent: Friday, February 9, 2018 12:00 PM
> > To: edk2-devel@lists.01.org
> > Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>;
> > Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
> > Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> > Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> > CipherList.
> >
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Kinney Michael D <michael.d.kinney@intel.com>
> > Cc: Zimmer Vincent <vincent.zimmer@intel.com>
> > Cc: Yao Jiewen <jiewen.yao@intel.com>
> > Cc: Ye Ting <ting.ye@intel.com>
> > Cc: Fu Siyuan <siyuan.fu@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> >
> > Jiaxin Wu (2):
> >   NetworkPkg: Define one private variable for TLS CipherList
> >     configuration.
> >   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> >     session.
> >
> >  NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
> >  NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
> >  NetworkPkg/HttpDxe/HttpsSupport.c       | 92
> > ++++++++++++++++++++++++++++++++-
> >  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
> >  NetworkPkg/NetworkPkg.dec               |  3 ++
> >  5 files changed, 136 insertions(+), 3 deletions(-)
> >  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> >
> > --
> > 1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Li, Ruth 6 years, 2 months ago 
Jiaxin

With this capability introduced, could you update Wiki page to notify platform to configure that if needed? https://github.com/tianocore/tianocore.github.io/wiki/HTTPS-Boot 

Thanks,
Ruth
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Fu, Siyuan
Sent: Friday, February 9, 2018 1:23 PM
To: Wu, Jiaxin <jiaxin.wu@intel.com>; edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Zimmer, Vincent <vincent.zimmer@intel.com>; Ye, Ting <ting.ye@intel.com>; Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Hi, Jiaxin

I think we can remove the "TlsCipherList.h" to another name like "HttpTlsCipherListVariable.h" to  highlight that the variable is only used for HTTP configuration. And also the variable name and GUID name. 

Siyuan

> -----Original Message-----
> From: Wu, Jiaxin
> Sent: Friday, February 9, 2018 12:00 PM
> To: edk2-devel@lists.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Zimmer, Vincent <vincent.zimmer@intel.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
> Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Kinney Michael D <michael.d.kinney@intel.com>
> Cc: Zimmer Vincent <vincent.zimmer@intel.com>
> Cc: Yao Jiewen <jiewen.yao@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> 
> Jiaxin Wu (2):
>   NetworkPkg: Define one private variable for TLS CipherList
>     configuration.
>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
>     session.
> 
>  NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
>  NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
>  NetworkPkg/HttpDxe/HttpsSupport.c       | 92
> ++++++++++++++++++++++++++++++++-
>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
>  NetworkPkg/NetworkPkg.dec               |  3 ++
>  5 files changed, 136 insertions(+), 3 deletions(-)
>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> 
> --
> 1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Wu, Jiaxin 6 years, 2 months ago 
Sure, I will update the wiki once the patch is committed.

Thanks
Jiaxin



> -----Original Message-----
> From: Li, Ruth
> Sent: Friday, February 9, 2018 3:08 PM
> To: Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Ye, Ting <ting.ye@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>
> Subject: RE: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Jiaxin
> 
> With this capability introduced, could you update Wiki page to notify platform
> to configure that if needed?
> https://github.com/tianocore/tianocore.github.io/wiki/HTTPS-Boot
> 
> Thanks,
> Ruth
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Fu,
> Siyuan
> Sent: Friday, February 9, 2018 1:23 PM
> To: Wu, Jiaxin <jiaxin.wu@intel.com>; edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Ye, Ting <ting.ye@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to
> configure TLS CipherList.
> 
> Hi, Jiaxin
> 
> I think we can remove the "TlsCipherList.h" to another name like
> "HttpTlsCipherListVariable.h" to  highlight that the variable is only used for
> HTTP configuration. And also the variable name and GUID name.
> 
> Siyuan
> 
> > -----Original Message-----
> > From: Wu, Jiaxin
> > Sent: Friday, February 9, 2018 12:00 PM
> > To: edk2-devel@lists.01.org
> > Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>;
> > Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
> > Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> > Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> > CipherList.
> >
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Kinney Michael D <michael.d.kinney@intel.com>
> > Cc: Zimmer Vincent <vincent.zimmer@intel.com>
> > Cc: Yao Jiewen <jiewen.yao@intel.com>
> > Cc: Ye Ting <ting.ye@intel.com>
> > Cc: Fu Siyuan <siyuan.fu@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> >
> > Jiaxin Wu (2):
> >   NetworkPkg: Define one private variable for TLS CipherList
> >     configuration.
> >   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> >     session.
> >
> >  NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
> >  NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
> >  NetworkPkg/HttpDxe/HttpsSupport.c       | 92
> > ++++++++++++++++++++++++++++++++-
> >  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
> >  NetworkPkg/NetworkPkg.dec               |  3 ++
> >  5 files changed, 136 insertions(+), 3 deletions(-)
> >  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> >
> > --
> > 1.9.5.msysgit.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Laszlo Ersek 6 years, 2 months ago 
On 02/09/18 06:22, Fu, Siyuan wrote:
> Hi, Jiaxin
> 
> I think we can remove the "TlsCipherList.h" to another name like
> "HttpTlsCipherListVariable.h" to  highlight that the variable is only
> used for HTTP configuration. And also the variable name and GUID
> name.
If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term
as new name, something like "gHttpTlsVariableGuid"? And then put both
variables, the CA List and the Cipher List, in that (same) namespace GUID?

It's not that we'll run out of GUIDs any time soon :) , but I think
these variables belong closely together.

Thanks,
Laszlo

>> -----Original Message-----
>> From: Wu, Jiaxin
>> Sent: Friday, February 9, 2018 12:00 PM
>> To: edk2-devel@lists.01.org
>> Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Zimmer, Vincent <vincent.zimmer@intel.com>;
>> Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
>> Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
>> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
>> CipherList.
>>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Kinney Michael D <michael.d.kinney@intel.com>
>> Cc: Zimmer Vincent <vincent.zimmer@intel.com>
>> Cc: Yao Jiewen <jiewen.yao@intel.com>
>> Cc: Ye Ting <ting.ye@intel.com>
>> Cc: Fu Siyuan <siyuan.fu@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
>>
>> Jiaxin Wu (2):
>>   NetworkPkg: Define one private variable for TLS CipherList
>>     configuration.
>>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
>>     session.
>>
>>  NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
>>  NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
>>  NetworkPkg/HttpDxe/HttpsSupport.c       | 92
>> ++++++++++++++++++++++++++++++++-
>>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
>>  NetworkPkg/NetworkPkg.dec               |  3 ++
>>  5 files changed, 136 insertions(+), 3 deletions(-)
>>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
>>
>> --
>> 1.9.5.msysgit.1
> 

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Wu, Jiaxin 6 years, 2 months ago 
Hi Laszlo,

Besides the compatibility consideration, we'd better *not* put CipherList and CaCertificate into one variable. In the future, we prefer to manage the CaCertificate with other cert configuration items together (e.g. HostPublicCert, HostPrivateCert, etc ) rather than the parameters like CipherList.  You know we can't save the host cert pairs as variable due to the security consideration.

So, case by case, let's keep current solution to define the variable named as "HttpTlsCipherList".

Thanks,
Jiaxin


> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Friday, February 9, 2018 6:12 PM
> To: Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Ye,
> Ting <ting.ye@intel.com>
> Subject: Re: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> On 02/09/18 06:22, Fu, Siyuan wrote:
> > Hi, Jiaxin
> >
> > I think we can remove the "TlsCipherList.h" to another name like
> > "HttpTlsCipherListVariable.h" to  highlight that the variable is only
> > used for HTTP configuration. And also the variable name and GUID
> > name.
> If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term
> as new name, something like "gHttpTlsVariableGuid"? And then put both
> variables, the CA List and the Cipher List, in that (same) namespace GUID?
> 
> It's not that we'll run out of GUIDs any time soon :) , but I think
> these variables belong closely together.
> 
> Thanks,
> Laszlo
> 
> >> -----Original Message-----
> >> From: Wu, Jiaxin
> >> Sent: Friday, February 9, 2018 12:00 PM
> >> To: edk2-devel@lists.01.org
> >> Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>;
> >> Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
> >> Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> >> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> >> CipherList.
> >>
> >> Cc: Laszlo Ersek <lersek@redhat.com>
> >> Cc: Kinney Michael D <michael.d.kinney@intel.com>
> >> Cc: Zimmer Vincent <vincent.zimmer@intel.com>
> >> Cc: Yao Jiewen <jiewen.yao@intel.com>
> >> Cc: Ye Ting <ting.ye@intel.com>
> >> Cc: Fu Siyuan <siyuan.fu@intel.com>
> >> Contributed-under: TianoCore Contribution Agreement 1.0
> >> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> >>
> >> Jiaxin Wu (2):
> >>   NetworkPkg: Define one private variable for TLS CipherList
> >>     configuration.
> >>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> >>     session.
> >>
> >>  NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
> >>  NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
> >>  NetworkPkg/HttpDxe/HttpsSupport.c       | 92
> >> ++++++++++++++++++++++++++++++++-
> >>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
> >>  NetworkPkg/NetworkPkg.dec               |  3 ++
> >>  5 files changed, 136 insertions(+), 3 deletions(-)
> >>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> >>
> >> --
> >> 1.9.5.msysgit.1
> >

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Posted by Laszlo Ersek 6 years, 2 months ago 
On 02/11/18 03:33, Wu, Jiaxin wrote:
> Hi Laszlo,
> 
> Besides the compatibility consideration, we'd better *not* put
> CipherList and CaCertificate into one variable.

I didn't suggest to put them in the same variable -- I meant to put them
in separate variables, just the two variables should belong to the same
namespace GUID.

> In the future, we prefer to manage the CaCertificate with other cert
> configuration items together (e.g. HostPublicCert, HostPrivateCert,
> etc ) rather than the parameters like CipherList.  You know we can't
> save the host cert pairs as variable due to the security
> consideration.
> 
> So, case by case, let's keep current solution to define the variable
> named as "HttpTlsCipherList".

Sure, that works for me.

Thanks,
Laszlo


>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Friday, February 9, 2018 6:12 PM
>> To: Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
>> edk2-devel@lists.01.org
>> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Zimmer, Vincent
>> <vincent.zimmer@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Ye,
>> Ting <ting.ye@intel.com>
>> Subject: Re: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
>> CipherList.
>>
>> On 02/09/18 06:22, Fu, Siyuan wrote:
>>> Hi, Jiaxin
>>>
>>> I think we can remove the "TlsCipherList.h" to another name like
>>> "HttpTlsCipherListVariable.h" to  highlight that the variable is only
>>> used for HTTP configuration. And also the variable name and GUID
>>> name.
>> If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term
>> as new name, something like "gHttpTlsVariableGuid"? And then put both
>> variables, the CA List and the Cipher List, in that (same) namespace GUID?
>>
>> It's not that we'll run out of GUIDs any time soon :) , but I think
>> these variables belong closely together.
>>
>> Thanks,
>> Laszlo
>>
>>>> -----Original Message-----
>>>> From: Wu, Jiaxin
>>>> Sent: Friday, February 9, 2018 12:00 PM
>>>> To: edk2-devel@lists.01.org
>>>> Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Zimmer, Vincent
>> <vincent.zimmer@intel.com>;
>>>> Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
>>>> Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
>>>> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
>>>> CipherList.
>>>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>>> Cc: Kinney Michael D <michael.d.kinney@intel.com>
>>>> Cc: Zimmer Vincent <vincent.zimmer@intel.com>
>>>> Cc: Yao Jiewen <jiewen.yao@intel.com>
>>>> Cc: Ye Ting <ting.ye@intel.com>
>>>> Cc: Fu Siyuan <siyuan.fu@intel.com>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
>>>>
>>>> Jiaxin Wu (2):
>>>>   NetworkPkg: Define one private variable for TLS CipherList
>>>>     configuration.
>>>>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
>>>>     session.
>>>>
>>>>  NetworkPkg/HttpDxe/HttpDriver.h         |  3 +-
>>>>  NetworkPkg/HttpDxe/HttpDxe.inf          |  3 +-
>>>>  NetworkPkg/HttpDxe/HttpsSupport.c       | 92
>>>> ++++++++++++++++++++++++++++++++-
>>>>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
>>>>  NetworkPkg/NetworkPkg.dec               |  3 ++
>>>>  5 files changed, 136 insertions(+), 3 deletions(-)
>>>>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
>>>>
>>>> --
>>>> 1.9.5.msysgit.1
>>>
> 

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.