Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
On 2019-06-19 02:07, Lu, XiaoyuX wrote: > > Thanks for your information. I checked the NOOPT OVMF in linux environment, > it failed too. > I think compiler optimization hides this problem. > By default, OpenSSL will auto load config file. But UEFI don't use it. > And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change > openssl_config_int > function will cause this problem. > > And I made a patch for it. You can find it at > https://edk2.groups.io/g/devel/message/42577 Thanks! That fixed the problem. -- Rebecca Cran -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42598): https://edk2.groups.io/g/devel/message/42598 Mute This Topic: https://groups.io/mt/32100684/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
Hi bcran, > -Original Message- > From: Rebecca Cran [mailto:rebe...@bluestop.org] > Sent: Wednesday, June 19, 2019 5:27 AM > To: Lu, XiaoyuX ; devel@edk2.groups.io > Cc: Wang, Jian J ; Laszlo Ersek > Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't > find TLS Service Binding Protocol > > On 2019-06-18 11:53, rebe...@bluestop.org wrote: > > On 2019-06-18 02:52, Lu, XiaoyuX wrote: > >>I test this in my own environment, It works well. > >>The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 > >>Build command: > >>build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D > NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE > >>DHCP server: Internet Systems Consortium DHCP Server 4.3.3 > >> > >>Do you enroll your ca cert in Tls Auth Configuration? > >>Could you give us more information? > > > > I set up a Linux environment to test, and found that it does actually > > work there after all. So it seems the breakage is limited to running > > OVMF built on FreeBSD, which I'll work on myself to fix. > > > > > > Sorry - actually, I realized I was only testing the NOOPT build on > FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE > does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT > doesn't. > > > Could you check if the NOOPT OVMF build works with HTTPS on your > system, > please? > Thanks for your information. I checked the NOOPT OVMF in linux environment, it failed too. I think compiler optimization hides this problem. By default, OpenSSL will auto load config file. But UEFI don't use it. And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change openssl_config_int function will cause this problem. And I made a patch for it. You can find it at https://edk2.groups.io/g/devel/message/42577 Thanks, Xiaoyu > > -- > Rebecca Cran -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42579): https://edk2.groups.io/g/devel/message/42579 Mute This Topic: https://groups.io/mt/32100684/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
On 2019-06-18 11:53, rebe...@bluestop.org wrote: > On 2019-06-18 02:52, Lu, XiaoyuX wrote: >> I test this in my own environment, It works well. >> The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 >> Build command: >> build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D >> NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE >> DHCP server: Internet Systems Consortium DHCP Server 4.3.3 >> >> Do you enroll your ca cert in Tls Auth Configuration? >> Could you give us more information? > > I set up a Linux environment to test, and found that it does actually > work there after all. So it seems the breakage is limited to running > OVMF built on FreeBSD, which I'll work on myself to fix. > > Sorry - actually, I realized I was only testing the NOOPT build on FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT doesn't. Could you check if the NOOPT OVMF build works with HTTPS on your system, please? -- Rebecca Cran -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42557): https://edk2.groups.io/g/devel/message/42557 Mute This Topic: https://groups.io/mt/32100684/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
On 2019-06-18 02:52, Lu, XiaoyuX wrote: > I test this in my own environment, It works well. > The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 > Build command: > build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D > NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE > DHCP server: Internet Systems Consortium DHCP Server 4.3.3 > > Do you enroll your ca cert in Tls Auth Configuration? > Could you give us more information? I set up a Linux environment to test, and found that it does actually work there after all. So it seems the breakage is limited to running OVMF built on FreeBSD, which I'll work on myself to fix. -- Rebecca Cran -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42552): https://edk2.groups.io/g/devel/message/42552 Mute This Topic: https://groups.io/mt/32100684/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
Hi bcran, I test this in my own environment, It works well. The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461 Build command: build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE DHCP server: Internet Systems Consortium DHCP Server 4.3.3 Do you enroll your ca cert in Tls Auth Configuration? Could you give us more information? Thanks, Xiaoyu > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > rebe...@bluestop.org > Sent: Tuesday, June 18, 2019 8:44 AM > To: devel@edk2.groups.io; Laszlo Ersek > Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't > find TLS Service Binding Protocol > > On 2019-06-17 16:14, rebe...@bluestop.org wrote: > > I'm having problems using HTTPS boot in OVMF: Http->Request can't find > > the EFI_TLS_SERVICE_BINDING_PROTOCOL. > > > > It appears the OpenSSL update broke it. Revision b739678918 works, but > f03859ea6c doesn't. > > > -- > Rebecca Cran > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42536): https://edk2.groups.io/g/devel/message/42536 Mute This Topic: https://groups.io/mt/32100684/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol
On 2019-06-17 16:14, rebe...@bluestop.org wrote: > I'm having problems using HTTPS boot in OVMF: Http->Request can't find > the EFI_TLS_SERVICE_BINDING_PROTOCOL. > It appears the OpenSSL update broke it. Revision b739678918 works, but f03859ea6c doesn't. -- Rebecca Cran -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42519): https://edk2.groups.io/g/devel/message/42519 Mute This Topic: https://groups.io/mt/32100684/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-