Re: [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case

Fri, 05 Jan 2024 12:27:19 -0800 

Reviewed-by: Saloni Kasbekar <saloni.kasbe...@intel.com>

-----Original Message-----
From: abner.ch...@amd.com <abner.ch...@amd.com> 
Sent: Friday, January 5, 2024 12:37 AM
To: devel@edk2.groups.io
Cc: Kasbekar, Saloni <saloni.kasbe...@intel.com>; Clark-williams, Zachary 
<zachary.clark-willi...@intel.com>; Michael Brown <mc...@ipxe.org>; Nickle Wang 
<nick...@nvidia.com>; Igor Kulchytskyy <ig...@ami.com>
Subject: [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as 
a success case

From: Abner Chang <abner.ch...@amd.com>

We still return EFI_SUCCESS to the caller when TlsConfigCertificate returns 
error, for the use case the platform doesn't require certificate for the 
specific HTTP session. This ensures HttpInitSession function still initiated 
and returns EFI_SUCCESS to the caller. The failure is pushed back to TLS DXE 
driver if the HTTP communication actually requires certificate.

Signed-off-by: Abner Chang <abner.ch...@amd.com>
Cc: Saloni Kasbekar <saloni.kasbe...@intel.com>
Cc: Zachary Clark-williams <zachary.clark-willi...@intel.com>
Cc: Michael Brown <mc...@ipxe.org>
Cc: Nickle Wang <nick...@nvidia.com>
Cc: Igor Kulchytskyy <ig...@ami.com>
---
 NetworkPkg/HttpDxe/HttpsSupport.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c 
b/NetworkPkg/HttpDxe/HttpsSupport.c
index a07323ff0bd..04a830f7152 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -722,8 +722,21 @@ TlsConfigureSession (
   //
   Status = TlsConfigCertificate (HttpInstance);
   if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
-    return Status;
+    if (Status == EFI_NOT_FOUND) {
+      DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
+      //
+      // We still return EFI_SUCCESS to the caller when TlsConfigCertificate
+      // returns error, for the use case the platform doesn't require
+      // certificate for the specific HTTP session. This ensures
+      // HttpInitSession function still initiated and returns EFI_SUCCESS to
+      // the caller. The failure is pushed back to TLS DXE driver if the
+      // HTTP communication actually requires certificate.
+      //
+      Status = EFI_SUCCESS;
+    } else {
+      DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+      return Status;
+    }
   }
 
   //
--
2.37.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113319): https://edk2.groups.io/g/devel/message/113319
Mute This Topic: https://groups.io/mt/103539579/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to