summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoxie Linden <roxie@lindenlab.com>2010-05-18 22:18:54 -0700
committerRoxie Linden <roxie@lindenlab.com>2010-05-18 22:18:54 -0700
commitcae4e785be149467095897e7b0e18ba7d4d60b50 (patch)
treea31dcc847ac21e2e4d190de3e7b76ec3a3e51136
parent75755a675120002fd7cbc3dc324bd8b50a9dba23 (diff)
Allow update of the default CAs on install
-rw-r--r--indra/newview/llsechandler_basic.cpp45
1 files changed, 23 insertions, 22 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index df55ccf142..edf5ce9b60 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -585,6 +585,11 @@ LLBasicCertificateStore::LLBasicCertificateStore(const std::string& filename)
void LLBasicCertificateStore::load_from_file(const std::string& filename)
{
// scan the PEM file extracting each certificate
+ if (!LLFile::isfile(filename))
+ {
+ return;
+ }
+
BIO* file_bio = BIO_new(BIO_s_file());
if(file_bio)
{
@@ -1148,30 +1153,26 @@ void LLSecAPIBasicHandler::init()
"bin_conf.dat");
std::string store_file = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
"CA.pem");
- // copy the CA file to a user writable location so we can manipulate it.
- // for this provider, by using a user writable file, there is a risk that
- // an attacking program can modify the file, but OS dependent providers
- // will reduce that risk.
- // by using a user file, modifications will be limited to one user if
- // we read-only the main file
- if (!LLFile::isfile(store_file))
- {
-
- std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem");
- llifstream ca_file(ca_file_path.c_str(), llifstream::binary | llifstream::in);
- llofstream copied_store_file(store_file.c_str(), llofstream::binary | llofstream::out);
-
- while(!ca_file.fail())
- {
- char buffer[BUFFER_READ_SIZE];
- ca_file.read(buffer, sizeof(buffer));
- copied_store_file.write(buffer, ca_file.gcount());
- }
- ca_file.close();
- copied_store_file.close();
- }
+
+
LL_INFOS("SECAPI") << "Loading certificate store from " << store_file << LL_ENDL;
mStore = new LLBasicCertificateStore(store_file);
+
+ // grab the application CA.pem file that contains the well-known certs shipped
+ // with the product
+ std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem");
+ llinfos << "app path " << ca_file_path << llendl;
+ LLBasicCertificateStore app_ca_store = LLBasicCertificateStore(ca_file_path);
+
+ // push the applicate CA files into the store, therefore adding any new CA certs that
+ // updated
+ for(LLCertificateVector::iterator i = app_ca_store.begin();
+ i != app_ca_store.end();
+ i++)
+ {
+ mStore->add(*i);
+ }
+
}
_readProtectedData(); // initialize mProtectedDataMap
// may throw LLProtectedDataException if saved datamap is not decryptable