From nobody Wed May 8 20:16:21 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94820+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94820+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665178491; cv=none; d=zohomail.com; s=zohoarc; b=j9sW+1PgrHSljZBHTYZrGz9xvBhWO6ga3YWvDDR0Uq2ySv1o599IHWABuJPz6HGTRK+m/pZYxvApaeuoWH1K1PLxHnF2w3QzwgIvIr1FXzbsDKJ2rUUsSAqvfhxBSvznTD3c8iyZNaUls8WQdZXFwj4Jt8JzWgxYpa+m0QYgNgg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665178491; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=PGDTgznLXsct0gJiISA4T7UDDoEG/kFWBNH75HIL0QU=; b=kiclHPOv9WygHYoxZ9QM39SQewkMuMKG0Uwp9skT2ovwe3AeS1ocOZxUBisrRVyLUfBJn3qcoZpzoRTD+QKbrQzWZJg0PltPhY0vJzrmDlYG8TThuwq9FlOgGbtZFPtBYG9ObQW+lVP1tJH+jA64b3q9kBZwF+nNYfGky+VtPUo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94820+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665178491901417.8542915300243; Fri, 7 Oct 2022 14:34:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id r9X8YY1788612xVOwCsZDXHL; Fri, 07 Oct 2022 14:34:51 -0700 X-Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web11.262.1665178478972669259 for ; Fri, 07 Oct 2022 14:34:50 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10493"; a="287069126" X-IronPort-AV: E=Sophos;i="5.95,167,1661842800"; d="scan'208";a="287069126" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Oct 2022 14:34:46 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10493"; a="658479404" X-IronPort-AV: E=Sophos;i="5.95,167,1661842800"; d="scan'208";a="658479404" X-Received: from fmbiosdev02.amr.corp.intel.com ([10.80.127.10]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Oct 2022 14:34:46 -0700 From: "Saloni Kasbekar" To: devel@edk2.groups.io Cc: Saloni Kasbekar , Maciej Rabeda , Wu Jiaxin , Siyuan Fu Subject: [edk2-devel] [[edk2-staging/HttpProxy PATCH v2] 6/6] NetworkPkg/HttpDxe: Support HTTPS EndPoint server with Proxy Date: Fri, 7 Oct 2022 14:34:30 -0700 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com X-Gm-Message-State: JGSmdcGCQcWp4TlAA3ROeVjOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665178491; bh=uThuDX8hynUFcX4nttszwuuRfId2Rfo8IxyAQzO+I4I=; h=Cc:Date:From:Reply-To:Subject:To; b=L1RWnvuth7uZ6P41pEByDRDAn0z9GsKQobbgfYjp1enLL4mjMUL+Y4pUA/6sXuo9Dec pN6U5P4rkCSWKYKaY+VtpCr9v6Zdqx205QK/QZnY1SFYHeaGVamq6o08z4t90H5Z6BtFr BmQ9YIDB2C4UfJtOFBDKY4OeNs32IXx+4Fo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665178494063100003 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3951 Add support for Proxy server to connect to a HTTPS EndPoint server. TLS Connection to be created during GET/HEAD after CONNECT method. Cc: Maciej Rabeda Cc: Wu Jiaxin Cc: Siyuan Fu Signed-off-by: Saloni Kasbekar --- NetworkPkg/HttpDxe/HttpImpl.c | 9 +++---- NetworkPkg/HttpDxe/HttpProto.c | 40 ++++++++++++++++++------------- NetworkPkg/HttpDxe/HttpProto.h | 8 +++++-- NetworkPkg/HttpDxe/HttpsSupport.c | 16 +++++++++---- 4 files changed, 46 insertions(+), 27 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index 2a305e0864..f7d6a4c8f6 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -511,9 +511,10 @@ EfiHttpRequest ( if ((HttpInstance->ConnectionClose =3D=3D FALSE) && (HttpInstance->RemotePort =3D=3D RemotePort) && (AsciiStrCmp (HttpInstance->RemoteHost, HostName) =3D=3D 0) && - (!HttpInstance->UseHttps || (HttpInstance->UseHttps && - !TlsConfigure && - (HttpInstance->TlsSessionState =3D= =3D EfiTlsSessionDataTransferring)))) + (!HttpInstance->UseHttps || + HttpInstance->ProxyConnected || (HttpInstance->UseHttps && + !TlsConfigure && + (HttpInstance->TlsSessionState= =3D=3D EfiTlsSessionDataTransferring)))) { // // Host Name and port number of the request URL are the same with = previous call to Request(). @@ -666,7 +667,7 @@ EfiHttpRequest ( goto Error2; } =20 - if (!Configure && !ReConfigure && !TlsConfigure) { + if ((!Configure && !ReConfigure) && ((HttpInstance->ProxyConnected && Tl= sConfigure) || (!TlsConfigure))) { // // For the new HTTP token, create TX TCP token events. // diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index 6767d90c7d..cc69401943 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -1222,6 +1222,7 @@ HttpConfigureTcp6 ( connect one TLS session if required. =20 @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new T= ls session. =20 @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP4 protocol child is not created or con= figured. @@ -1230,7 +1231,8 @@ HttpConfigureTcp6 ( **/ EFI_STATUS HttpConnectTcp4 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ) { EFI_STATUS Status; @@ -1253,16 +1255,18 @@ HttpConnectTcp4 ( return Status; } =20 - if (Tcp4State =3D=3D Tcp4StateEstablished) { + if ((Tcp4State =3D=3D Tcp4StateEstablished) && (!HttpInstance->ProxyConn= ected || !TlsConfigure)) { return EFI_SUCCESS; - } else if (Tcp4State > Tcp4StateEstablished ) { + } else if (Tcp4State > Tcp4StateEstablished) { HttpCloseConnection (HttpInstance); } =20 - Status =3D HttpCreateConnection (HttpInstance); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status)); - return Status; + if (!HttpInstance->ProxyConnected) { + Status =3D HttpCreateConnection (HttpInstance); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status)); + return Status; + } } =20 // @@ -1314,6 +1318,7 @@ HttpConnectTcp4 ( connect one TLS session if required. =20 @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new T= ls session. =20 @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP6 protocol child is not created or con= figured. @@ -1322,7 +1327,8 @@ HttpConnectTcp4 ( **/ EFI_STATUS HttpConnectTcp6 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ) { EFI_STATUS Status; @@ -1346,16 +1352,18 @@ HttpConnectTcp6 ( return Status; } =20 - if (Tcp6State =3D=3D Tcp6StateEstablished) { + if ((Tcp6State =3D=3D Tcp6StateEstablished) && (!HttpInstance->ProxyConn= ected || !TlsConfigure)) { return EFI_SUCCESS; - } else if (Tcp6State > Tcp6StateEstablished ) { + } else if (Tcp6State > Tcp6StateEstablished) { HttpCloseConnection (HttpInstance); } =20 - Status =3D HttpCreateConnection (HttpInstance); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status)); - return Status; + if (!HttpInstance->ProxyConnected) { + Status =3D HttpCreateConnection (HttpInstance); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status)); + return Status; + } } =20 // @@ -1450,7 +1458,7 @@ HttpInitSession ( // // Connect TCP. // - Status =3D HttpConnectTcp4 (HttpInstance); + Status =3D HttpConnectTcp4 (HttpInstance, TlsConfigure); if (EFI_ERROR (Status)) { return Status; } @@ -1468,7 +1476,7 @@ HttpInitSession ( // // Connect TCP. // - Status =3D HttpConnectTcp6 (HttpInstance); + Status =3D HttpConnectTcp6 (HttpInstance, TlsConfigure); if (EFI_ERROR (Status)) { return Status; } diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h index 3e4e86dad9..6fd2082e1b 100644 --- a/NetworkPkg/HttpDxe/HttpProto.h +++ b/NetworkPkg/HttpDxe/HttpProto.h @@ -407,6 +407,7 @@ HttpConfigureTcp6 ( connect one TLS session if required. =20 @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new T= ls session. =20 @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP4 protocol child is not created or con= figured. @@ -415,7 +416,8 @@ HttpConfigureTcp6 ( **/ EFI_STATUS HttpConnectTcp4 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ); =20 /** @@ -423,6 +425,7 @@ HttpConnectTcp4 ( connect one TLS session if required. =20 @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new T= ls session. =20 @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP6 protocol child is not created or con= figured. @@ -431,7 +434,8 @@ HttpConnectTcp4 ( **/ EFI_STATUS HttpConnectTcp6 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ); =20 /** diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu= pport.c index ad611e7c38..81c65758d3 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -644,11 +644,17 @@ TlsConfigureSession ( // // TlsConfigData initialization // - HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient; - HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEER; - HttpInstance->TlsConfigData.VerifyHost.Flags =3D EFI_TLS_VERIFY_FLAG_= NONE; - HttpInstance->TlsConfigData.VerifyHost.HostName =3D HttpInstance->Remote= Host; - HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotStar= ted; + HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient; + HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEER; + HttpInstance->TlsConfigData.VerifyHost.Flags =3D EFI_TLS_VERIFY_FLAG_NON= E; + HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotStarted; + + if (HttpInstance->ProxyConnected) { + ASSERT (HttpInstance->EndPointHostName !=3D NULL); + HttpInstance->TlsConfigData.VerifyHost.HostName =3D HttpInstance->EndP= ointHostName; + } else { + HttpInstance->TlsConfigData.VerifyHost.HostName =3D HttpInstance->Remo= teHost; + } =20 // // EfiTlsConnectionEnd, --=20 2.36.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94820): https://edk2.groups.io/g/devel/message/94820 Mute This Topic: https://groups.io/mt/94189623/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-