NetworkPkg/HttpDxe: Consider TLS certificate not found as a success case

We still return EFI_SUCCESS to the caller when TlsConfigCertificate
returns error, for the use case the platform doesn't require
certificate for the specific HTTP session. This ensures
HttpInitSession function still initiated and returns EFI_SUCCESS to
the caller. The failure is pushed back to TLS DXE driver if the
HTTP communication actually requires certificate.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Reviewed-by: Michael Brown <mcb30@ipxe.org>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>

1 files changed, 15 insertions, 2 deletions

diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index a07323ff0b..04a830f715 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -722,8 +722,21 @@ TlsConfigureSession (
   //

   Status = TlsConfigCertificate (HttpInstance);

   if (EFI_ERROR (Status)) {

-    DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));

-    return Status;

+    if (Status == EFI_NOT_FOUND) {

+      DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));

+      //

+      // We still return EFI_SUCCESS to the caller when TlsConfigCertificate

+      // returns error, for the use case the platform doesn't require

+      // certificate for the specific HTTP session. This ensures

+      // HttpInitSession function still initiated and returns EFI_SUCCESS to

+      // the caller. The failure is pushed back to TLS DXE driver if the

+      // HTTP communication actually requires certificate.

+      //

+      Status = EFI_SUCCESS;

+    } else {

+      DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));

+      return Status;

+    }

   }

 

   //