REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3951

Add support for Proxy server to connect to a HTTPS EndPoint server.
TLS Connection to be created during GET/HEAD after CONNECT method.

Cc: Maciej Rabeda <maciej.rabeda@...>
Cc: Wu Jiaxin <jiaxin.wu@...>
Cc: Siyuan Fu <siyuan.fu@...>
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@...>
---
NetworkPkg/HttpDxe/HttpImpl.c | 9 +++----
NetworkPkg/HttpDxe/HttpProto.c | 40 ++++++++++++++++++-------------
NetworkPkg/HttpDxe/HttpProto.h | 8 +++++--
NetworkPkg/HttpDxe/HttpsSupport.c | 16 +++++++++----
4 files changed, 46 insertions(+), 27 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c
index 2a305e0864..f7d6a4c8f6 100644
--- a/NetworkPkg/HttpDxe/HttpImpl.c
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
@@ -511,9 +511,10 @@ EfiHttpRequest (
if ((HttpInstance->ConnectionClose == FALSE) &&
(HttpInstance->RemotePort == RemotePort) &&
(AsciiStrCmp (HttpInstance->RemoteHost, HostName) == 0) &&
- (!HttpInstance->UseHttps || (HttpInstance->UseHttps &&
- !TlsConfigure &&
- (HttpInstance->TlsSessionState == EfiTlsSessionDataTransferring))))
+ (!HttpInstance->UseHttps ||
+ HttpInstance->ProxyConnected || (HttpInstance->UseHttps &&
+ !TlsConfigure &&
+ (HttpInstance->TlsSessionState == EfiTlsSessionDataTransferring))))
{
//
// Host Name and port number of the request URL are the same with previous call to Request().
@@ -666,7 +667,7 @@ EfiHttpRequest (
goto Error2;
}

- if (!Configure && !ReConfigure && !TlsConfigure) {
+ if ((!Configure && !ReConfigure) && ((HttpInstance->ProxyConnected && TlsConfigure) || (!TlsConfigure))) {
//
// For the new HTTP token, create TX TCP token events.
//
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index 6767d90c7d..cc69401943 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1222,6 +1222,7 @@ HttpConfigureTcp6 (
connect one TLS session if required.

@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls session.

@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP4 protocol child is not created or configured.
@@ -1230,7 +1231,8 @@ HttpConfigureTcp6 (
**/
EFI_STATUS
HttpConnectTcp4 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
)
{
EFI_STATUS Status;
@@ -1253,16 +1255,18 @@ HttpConnectTcp4 (
return Status;
}

- if (Tcp4State == Tcp4StateEstablished) {
+ if ((Tcp4State == Tcp4StateEstablished) && (!HttpInstance->ProxyConnected || !TlsConfigure)) {
return EFI_SUCCESS;
- } else if (Tcp4State > Tcp4StateEstablished ) {
+ } else if (Tcp4State > Tcp4StateEstablished) {
HttpCloseConnection (HttpInstance);
}

- Status = HttpCreateConnection (HttpInstance);
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status));
- return Status;
+ if (!HttpInstance->ProxyConnected) {
+ Status = HttpCreateConnection (HttpInstance);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status));
+ return Status;
+ }
}

//
@@ -1314,6 +1318,7 @@ HttpConnectTcp4 (
connect one TLS session if required.

@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls session.

@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP6 protocol child is not created or configured.
@@ -1322,7 +1327,8 @@ HttpConnectTcp4 (
**/
EFI_STATUS
HttpConnectTcp6 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
)
{
EFI_STATUS Status;
@@ -1346,16 +1352,18 @@ HttpConnectTcp6 (
return Status;
}

- if (Tcp6State == Tcp6StateEstablished) {
+ if ((Tcp6State == Tcp6StateEstablished) && (!HttpInstance->ProxyConnected || !TlsConfigure)) {
return EFI_SUCCESS;
- } else if (Tcp6State > Tcp6StateEstablished ) {
+ } else if (Tcp6State > Tcp6StateEstablished) {
HttpCloseConnection (HttpInstance);
}

- Status = HttpCreateConnection (HttpInstance);
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status));
- return Status;
+ if (!HttpInstance->ProxyConnected) {
+ Status = HttpCreateConnection (HttpInstance);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status));
+ return Status;
+ }
}

//
@@ -1450,7 +1458,7 @@ HttpInitSession (
//
// Connect TCP.
//
- Status = HttpConnectTcp4 (HttpInstance);
+ Status = HttpConnectTcp4 (HttpInstance, TlsConfigure);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -1468,7 +1476,7 @@ HttpInitSession (
//
// Connect TCP.
//
- Status = HttpConnectTcp6 (HttpInstance);
+ Status = HttpConnectTcp6 (HttpInstance, TlsConfigure);
if (EFI_ERROR (Status)) {
return Status;
}
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
index 3e4e86dad9..6fd2082e1b 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -407,6 +407,7 @@ HttpConfigureTcp6 (
connect one TLS session if required.

@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls session.

@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP4 protocol child is not created or configured.
@@ -415,7 +416,8 @@ HttpConfigureTcp6 (
**/
EFI_STATUS
HttpConnectTcp4 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
);

/**
@@ -423,6 +425,7 @@ HttpConnectTcp4 (
connect one TLS session if required.

@param[in] HttpInstance The HTTP instance private data.
+ @param[in] TlsConfigure The Flag indicates whether it's the new Tls session.

@retval EFI_SUCCESS The TCP connection is established.
@retval EFI_NOT_READY TCP6 protocol child is not created or configured.
@@ -431,7 +434,8 @@ HttpConnectTcp4 (
**/
EFI_STATUS
HttpConnectTcp6 (
- IN HTTP_PROTOCOL *HttpInstance
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN BOOLEAN TlsConfigure
);

/**
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index ad611e7c38..81c65758d3 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -644,11 +644,17 @@ TlsConfigureSession (
//
// TlsConfigData initialization
//
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
- HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE;
- HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
+ HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE;
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+
+ if (HttpInstance->ProxyConnected) {
+ ASSERT (HttpInstance->EndPointHostName != NULL);
+ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->EndPointHostName;
+ } else {
+ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
+ }

//
// EfiTlsConnectionEnd,
--
2.36.1.windows.1