summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrey Kleshchev <andreykproductengine@lindenlab.com>2020-09-09 18:05:11 +0300
committerAndrey Kleshchev <andreykproductengine@lindenlab.com>2020-09-09 18:07:21 +0300
commit4eefce9767784742cd394ddf948d345cfbced8c8 (patch)
tree08806da75b6c5679ddcb12930e0a82cb1494c904
parentd50131c0ac43cb5cfc247bd388a10100bc3dfec0 (diff)
SL-13921 Only one of extended key usages is needed
LN (EKU_TLS) is more likely to be present thus should be checked first
-rw-r--r--indra/newview/llsechandler_basic.cpp11
1 files changed, 6 insertions, 5 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 656a2cf8cf..737ef30ada 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -924,12 +924,13 @@ void _validateCert(int validation_policy,
LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
}
// only validate EKU if the cert has it
- if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() &&
- ( (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
+ if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE)
+ && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray()
+ && (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
+ LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH)))
+ && (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
LLSD((std::string)CERT_EKU_SERVER_AUTH)))
- || (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
- LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH)))
- ))
+ )
{
LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
}