diff options
| author | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-01-06 11:53:57 +0800 |
|---|---|---|
| committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-01-23 10:25:29 +0800 |
| commit | 221463c2b337072532ed4ab8ffe3b566574724d8 (patch) | |
| tree | 63ffb4a63b9d2aa5ac7f8cd05352313df5d63af0 /NetworkPkg/HttpDxe | |
| parent | 70420e31a04b56f99c1306e281434532a86bde70 (diff) | |
NetworkPkg: Add PCD to enable the HTTP connections switch
v3:
* Correct the commits grammar
v2:
* Rename the PCD to PcdAllowHttpConnections.
* Refine the PCD descriptions.
If the value of PcdAllowHttpConnections is TRUE, HTTP connections are
allowed. Both the "https://" and "http://" URI schemes are permitted.
Otherwise, HTTP connections are denied. Only the "https://" URI scheme
is permitted.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Kinney Michael D <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Gary Lin <glin@suse.com>
Tested-by: Gary Lin <glin@suse.com>
Diffstat (limited to 'NetworkPkg/HttpDxe')
| -rw-r--r-- | NetworkPkg/HttpDxe/HttpDxe.inf | 5 | ||||
| -rw-r--r-- | NetworkPkg/HttpDxe/HttpImpl.c | 12 |
2 files changed, 15 insertions, 2 deletions
diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf index 111818138c..df2efdc257 100644 --- a/NetworkPkg/HttpDxe/HttpDxe.inf +++ b/NetworkPkg/HttpDxe/HttpDxe.inf @@ -1,7 +1,7 @@ ## @file
# Implementation of EFI HTTP protocol interfaces.
#
-# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -75,5 +75,8 @@ [Guids]
gEfiTlsCaCertificateGuid ## CONSUMES ## GUID
+[Pcd]
+ gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections ## CONSUMES
+
[UserExtensions.TianoCore."ExtraFiles"]
HttpDxeExtra.uni
\ No newline at end of file diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index d19f73348d..85b0083349 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -1,7 +1,7 @@ /** @file
Implementation of EFI_HTTP_PROTOCOL protocol interfaces.
- Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
@@ -355,6 +355,16 @@ EfiHttpRequest ( HttpInstance->UseHttps = IsHttpsUrl (Url);
//
+ // HTTP is disabled, return directly if the URI is not HTTPS.
+ //
+ if (!PcdGetBool (PcdAllowHttpConnections) && !(HttpInstance->UseHttps)) {
+
+ DEBUG ((EFI_D_ERROR, "EfiHttpRequest: HTTP is disabled.\n"));
+
+ return EFI_ACCESS_DENIED;
+ }
+
+ //
// Check whether we need to create Tls child and open the TLS protocol.
//
if (HttpInstance->UseHttps && HttpInstance->TlsChildHandle == NULL) {
|