diff options
| author | Roxie Linden <roxie@lindenlab.com> | 2010-05-19 15:22:46 -0700 |
|---|---|---|
| committer | Roxie Linden <roxie@lindenlab.com> | 2010-05-19 15:22:46 -0700 |
| commit | ca9737d6d6efac7ce9aba1f9686a86b7f6863636 (patch) | |
| tree | bf52d89a58eb03feeeda2e8de219f274c7f0e5a2 | |
| parent | 61cb3d31137f30f3766dbe3c22d700fbdf517d80 (diff) | |
The certificate hostname verification was not taking into account changes in
hostname due to a redirect which is handled via curl.
I turned off the secapi hostname verification just allowing libcurls hostname
verification, as it's better anyway (it handles alt names)
| -rw-r--r-- | indra/newview/llsecapi.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index 89b799f297..1caeec5b04 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -121,7 +121,10 @@ int secapiSSLCertVerifyCallback(X509_STORE_CTX *ctx, void *param) validation_params[CERT_HOSTNAME] = uri.hostName(); try { - chain->validate(VALIDATION_POLICY_SSL, store, validation_params); + // we rely on libcurl to validate the hostname, as libcurl does more extensive validation + // leaving our hostname validation call mechanism for future additions with respect to + // OS native (Mac keyring, windows CAPI) validation. + chain->validate(VALIDATION_POLICY_SSL & (~VALIDATION_POLICY_HOSTNAME), store, validation_params); } catch (LLCertValidationTrustException& cert_exception) { |