/** @file\r
Implementation of EFI TLS Protocol Interfaces.\r
\r
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
UINT16 *CipherId;\r
CONST EFI_TLS_CIPHER *TlsCipherList;\r
UINTN CipherCount;\r
+ CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;\r
+ EFI_TLS_VERIFY VerifyMethod;\r
+ UINTN VerifyMethodSize;\r
UINTN Index;\r
\r
EFI_TPL OldTpl;\r
\r
- Status = EFI_SUCCESS;\r
- CipherId = NULL;\r
+ Status = EFI_SUCCESS;\r
+ CipherId = NULL;\r
+ VerifyMethodSize = sizeof (EFI_TLS_VERIFY);\r
\r
if (This == NULL || Data == NULL || DataSize == 0) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));\r
+ break;\r
+ case EfiTlsVerifyHost:\r
+ if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;\r
+\r
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&\r
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&\r
+ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||\r
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);\r
+\r
break;\r
case EfiTlsSessionID:\r
if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {\r