summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrey Lihatskiy <alihatskiy@productengine.com>2020-09-05 04:13:23 +0300
committerAndrey Lihatskiy <alihatskiy@productengine.com>2020-09-05 04:13:23 +0300
commit3ec597069594d538822d42b041f966c9820fe291 (patch)
treecf9d97b3e0296064c19eb93709db31a4845f45cf
parent128f0833cf8076a0eb76eb672017ac54c272ca79 (diff)
parent786de05651f25d42aacc92c4905375bf1fbd6562 (diff)
Merge branch 'marchcat/SL-13910' into DRTVWR-503-maint
-rw-r--r--indra/newview/llsecapi.cpp7
-rw-r--r--indra/newview/llsecapi.h7
-rw-r--r--indra/newview/llsechandler_basic.cpp7
-rw-r--r--indra/newview/tests/llsechandler_basic_test.cpp8
4 files changed, 22 insertions, 7 deletions
diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp
index 10e510b842..26a2df8270 100644
--- a/indra/newview/llsecapi.cpp
+++ b/indra/newview/llsecapi.cpp
@@ -154,3 +154,10 @@ void LLCredential::authenticatorType(std::string &idType)
}
}
+
+LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
+ : LLException(msg),
+ mCertData(cert_data)
+{
+ LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
+}
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index ae87cac53c..14059f828a 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -75,6 +75,7 @@
#define CERT_EXTENDED_KEY_USAGE "extendedKeyUsage"
#define CERT_EKU_SERVER_AUTH SN_server_auth
+#define CERT_EKU_TLS_SERVER_AUTH LN_server_auth
#define CERT_SUBJECT_KEY_IDENTFIER "subjectKeyIdentifier"
#define CERT_AUTHORITY_KEY_IDENTIFIER "authorityKeyIdentifier"
@@ -334,11 +335,7 @@ std::ostream& operator <<(std::ostream& s, const LLCredential& cred);
class LLCertException: public LLException
{
public:
- LLCertException(const LLSD& cert_data, const std::string& msg): LLException(msg),
- mCertData(cert_data)
- {
- LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
- }
+ LLCertException(const LLSD& cert_data, const std::string& msg);
virtual ~LLCertException() throw() {}
LLSD getCertData() const { return mCertData; }
protected:
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 8a922aee4f..656a2cf8cf 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -925,8 +925,11 @@ void _validateCert(int validation_policy,
}
// only validate EKU if the cert has it
if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() &&
- (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
- LLSD((std::string)CERT_EKU_SERVER_AUTH))))
+ ( (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
+ LLSD((std::string)CERT_EKU_SERVER_AUTH)))
+ || (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
+ LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH)))
+ ))
{
LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
}
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index 63967fae37..e5d226a2a4 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -124,6 +124,14 @@ S32 LLMachineID::getUniqueID(unsigned char *unique_id, size_t len)
S32 LLMachineID::init() { return 1; }
+LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
+ : LLException(msg),
+ mCertData(cert_data)
+{
+ LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
+}
+
+
// -------------------------------------------------------------------------------------------
// TUT
// -------------------------------------------------------------------------------------------