Hi David, I just realized you have the comments on Bugzilla 960:
>"...given that testing is failing and code inspection shows it would never >have been expected to work." Do you mean you didn't pass the verification if URLs with IPv6 literals (https://[2001:8b0:10b:1236::1]/)? Can you also show me where the code inspection indicated it would never have been expected to work? We do pass the testing for the URLs with IPv6 if the CN or SAN in certificate has the corresponding IPv6 address (at least working with openssl 1.1.0). For the series patches here, we are intending to support the host name validation, I think we can commit the series patches since we pass the verification of IPV6 URL, what do you think? Thanks, Jiaxin > -----Original Message----- > From: David Woodhouse <dw...@infradead.org> > Sent: Tuesday, October 1, 2019 5:02 PM > To: Laszlo Ersek <ler...@redhat.com>; devel@edk2.groups.io; Wang, Jian J > <jian.j.w...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>; Bret Barkelew > <bret.barke...@microsoft.com> > Subject: Re: [edk2-devel] [PATCH v1 0/4] Support HTTPS HostName > validation feature(CVE-2019-14553) > > On Tue, 2019-10-01 at 01:21 +0200, Laszlo Ersek wrote: > > On 09/29/19 08:09, Wang, Jian J wrote: > > > For this patch series, > > > 1. " Contributed-under: TianoCore Contribution Agreement 1.1" is not > needed any more. > > > Remove it at push time and no need to send a v2. > > > 2. Since it's security patch which had been reviewed separately, I see no > reason for new r-b > > > required. Please raise it asap if any objections. > > > 3. Acked-by: Jian J Wang <jian.j.w...@intel.com> > > > > > > * Can you please confirm that these patches match those that we > > discussed here: > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c18 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c19 > > > > > > * In the BZ, David and Bret raised some questions: > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c31 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c32 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c35 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c36 > > > > and > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c40 > > > > The latest comment in the bug is c#41. I'm not under the impression that > > all concerns raised by David and Bret have been addressed (or > > abandoned). I'd like David and Bret to ACK the patches. > > I do not believe my comment #35 has been addressed, nor the requested > testing performed. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48547): https://edk2.groups.io/g/devel/message/48547 Mute This Topic: https://groups.io/mt/34307578/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
