diff options
| author | Andrey Kleshchev <andreykproductengine@lindenlab.com> | 2021-05-27 00:04:08 +0300 |
|---|---|---|
| committer | Andrey Kleshchev <andreykproductengine@lindenlab.com> | 2021-09-08 23:18:07 +0300 |
| commit | a212a862b48dbe07e069b87b68a5c202f0b34060 (patch) | |
| tree | 8a9ee53c3d7ad40ce4cb36bdc92fec4d8461534f | |
| parent | 5af8f15a0579bc88ca4249324db8b1f19c52bbd5 (diff) | |
SL-15211 SL-14541 Update OpenSSL library
Moving a copy of OpenSSL 1.1.1 to D543 from D520 to have less conflicts with zlib-ng integration later
| -rw-r--r-- | indra/cmake/Copy3rdPartyLibs.cmake | 11 | ||||
| -rw-r--r-- | indra/cmake/OpenSSL.cmake | 2 | ||||
| -rw-r--r-- | indra/llcorehttp/httpcommon.cpp | 55 | ||||
| -rw-r--r-- | indra/llmessage/llblowfishcipher.cpp | 28 | ||||
| -rw-r--r-- | indra/newview/CMakeLists.txt | 8 | ||||
| -rw-r--r-- | indra/newview/llsecapi.h | 2 | ||||
| -rw-r--r-- | indra/newview/llsechandler_basic.cpp | 48 | ||||
| -rw-r--r-- | indra/newview/llsechandler_basic.h | 4 | ||||
| -rw-r--r-- | indra/newview/tests/llsecapi_test.cpp | 2 | ||||
| -rw-r--r-- | indra/newview/tests/llsechandler_basic_test.cpp | 32 | ||||
| -rwxr-xr-x | indra/newview/viewer_manifest.py | 10 |
11 files changed, 85 insertions, 117 deletions
diff --git a/indra/cmake/Copy3rdPartyLibs.cmake b/indra/cmake/Copy3rdPartyLibs.cmake index 31537a43ef..b20d23cead 100644 --- a/indra/cmake/Copy3rdPartyLibs.cmake +++ b/indra/cmake/Copy3rdPartyLibs.cmake @@ -56,14 +56,21 @@ if(WINDOWS) libapr-1.dll libaprutil-1.dll libapriconv-1.dll - ssleay32.dll - libeay32.dll nghttp2.dll glod.dll libhunspell.dll uriparser.dll ) + # OpenSSL + if(ADDRESS_SIZE EQUAL 64) + set(release_files ${release_files} libcrypto-1_1-x64.dll) + set(release_files ${release_files} libssl-1_1-x64.dll) + else(ADDRESS_SIZE EQUAL 64) + set(release_files ${release_files} libcrypto-1_1.dll) + set(release_files ${release_files} libssl-1_1.dll) + endif(ADDRESS_SIZE EQUAL 64) + # Filenames are different for 32/64 bit BugSplat file and we don't # have any control over them so need to branch. if (USE_BUGSPLAT) diff --git a/indra/cmake/OpenSSL.cmake b/indra/cmake/OpenSSL.cmake index eb548bdcc1..32400f5e4e 100644 --- a/indra/cmake/OpenSSL.cmake +++ b/indra/cmake/OpenSSL.cmake @@ -9,7 +9,7 @@ if (USESYSTEMLIBS) else (USESYSTEMLIBS) use_prebuilt_binary(openssl) if (WINDOWS) - set(OPENSSL_LIBRARIES ssleay32 libeay32) + set(OPENSSL_LIBRARIES libssl libcrypto) else (WINDOWS) set(OPENSSL_LIBRARIES ssl crypto) endif (WINDOWS) diff --git a/indra/llcorehttp/httpcommon.cpp b/indra/llcorehttp/httpcommon.cpp index e37a38b05f..bbf23a6d70 100644 --- a/indra/llcorehttp/httpcommon.cpp +++ b/indra/llcorehttp/httpcommon.cpp @@ -23,13 +23,6 @@ * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA * $/LicenseInfo$ */ -#if LL_WINDOWS -#define SAFE_SSL 1 -#elif LL_DARWIN -#define SAFE_SSL 1 -#else -#define SAFE_SSL 1 -#endif #include "linden_common.h" // Modifies curl/curl.h interfaces #include "httpcommon.h" @@ -38,10 +31,6 @@ #include <curl/curl.h> #include <string> #include <sstream> -#if SAFE_SSL -#include <openssl/crypto.h> -#include <functional> // std::hash -#endif namespace LLCore @@ -348,34 +337,6 @@ void deallocateEasyCurl(CURL *curlp) } -#if SAFE_SSL -//static -void ssl_locking_callback(int mode, int type, const char *file, int line) -{ - if (type >= sSSLMutex.size()) - { - LL_WARNS() << "Attempt to get unknown MUTEX in SSL Lock." << LL_ENDL; - } - - if (mode & CRYPTO_LOCK) - { - sSSLMutex[type]->lock(); - } - else - { - sSSLMutex[type]->unlock(); - } -} - -//static -unsigned long ssl_thread_id(void) -{ - // std::thread::id is very deliberately opaque, but we can hash it - return std::hash<LLThread::id_t>()(LLThread::currentID()); -} -#endif - - } void initialize() @@ -387,27 +348,11 @@ void initialize() check_curl_code(code, CURL_GLOBAL_ALL); -#if SAFE_SSL - S32 mutex_count = CRYPTO_num_locks(); - for (S32 i = 0; i < mutex_count; i++) - { - sSSLMutex.push_back(LLMutex_ptr(new LLMutex())); - } - CRYPTO_set_id_callback(&ssl_thread_id); - CRYPTO_set_locking_callback(&ssl_locking_callback); -#endif - } void cleanup() { -#if SAFE_SSL - CRYPTO_set_id_callback(NULL); - CRYPTO_set_locking_callback(NULL); - sSSLMutex.clear(); -#endif - curl_global_cleanup(); } diff --git a/indra/llmessage/llblowfishcipher.cpp b/indra/llmessage/llblowfishcipher.cpp index 0b5025a422..949d4cc0c7 100644 --- a/indra/llmessage/llblowfishcipher.cpp +++ b/indra/llmessage/llblowfishcipher.cpp @@ -52,24 +52,28 @@ U32 LLBlowfishCipher::encrypt(const U8* src, U32 src_len, U8* dst, U32 dst_len) if (src_len > dst_len) return 0; // OpenSSL uses "cipher contexts" to hold encryption parameters. - EVP_CIPHER_CTX context; - EVP_CIPHER_CTX_init(&context); + EVP_CIPHER_CTX *context = EVP_CIPHER_CTX_new(); + if (!context) + { + LL_WARNS() << "LLBlowfishCipher::encrypt EVP_CIPHER_CTX initiation failure" << LL_ENDL; + return 0; + } // We want a blowfish cyclic block chain cipher, but need to set // the key length before we pass in a key, so call EncryptInit // first with NULLs. - EVP_EncryptInit_ex(&context, EVP_bf_cbc(), NULL, NULL, NULL); - EVP_CIPHER_CTX_set_key_length(&context, (int)mSecretSize); + EVP_EncryptInit_ex(context, EVP_bf_cbc(), NULL, NULL, NULL); + EVP_CIPHER_CTX_set_key_length(context, (int)mSecretSize); // Complete initialization. Per EVP_EncryptInit man page, the // cipher pointer must be NULL. Apparently initial_vector must // be 8 bytes for blowfish, as this is the block size. unsigned char initial_vector[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - EVP_EncryptInit_ex(&context, NULL, NULL, mSecret, initial_vector); + EVP_EncryptInit_ex(context, NULL, NULL, mSecret, initial_vector); - int blocksize = EVP_CIPHER_CTX_block_size(&context); - int keylen = EVP_CIPHER_CTX_key_length(&context); - int iv_length = EVP_CIPHER_CTX_iv_length(&context); + int blocksize = EVP_CIPHER_CTX_block_size(context); + int keylen = EVP_CIPHER_CTX_key_length(context); + int iv_length = EVP_CIPHER_CTX_iv_length(context); LL_DEBUGS() << "LLBlowfishCipher blocksize " << blocksize << " keylen " << keylen << " iv_len " << iv_length @@ -77,7 +81,7 @@ U32 LLBlowfishCipher::encrypt(const U8* src, U32 src_len, U8* dst, U32 dst_len) int output_len = 0; int temp_len = 0; - if (!EVP_EncryptUpdate(&context, + if (!EVP_EncryptUpdate(context, dst, &output_len, src, @@ -89,18 +93,18 @@ U32 LLBlowfishCipher::encrypt(const U8* src, U32 src_len, U8* dst, U32 dst_len) // There may be some final data left to encrypt if the input is // not an exact multiple of the block size. - if (!EVP_EncryptFinal_ex(&context, (unsigned char*)(dst + output_len), &temp_len)) + if (!EVP_EncryptFinal_ex(context, (unsigned char*)(dst + output_len), &temp_len)) { LL_WARNS() << "LLBlowfishCipher::encrypt EVP_EncryptFinal failure" << LL_ENDL; goto ERROR; } output_len += temp_len; - EVP_CIPHER_CTX_cleanup(&context); + EVP_CIPHER_CTX_free(context); return output_len; ERROR: - EVP_CIPHER_CTX_cleanup(&context); + EVP_CIPHER_CTX_free(context); return 0; } diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt index cc27232eae..cc6d98d1b9 100644 --- a/indra/newview/CMakeLists.txt +++ b/indra/newview/CMakeLists.txt @@ -1835,10 +1835,6 @@ if (WINDOWS) ${CMAKE_CURRENT_SOURCE_DIR}/licenses-win32.txt ${CMAKE_CURRENT_SOURCE_DIR}/featuretable.txt ${CMAKE_CURRENT_SOURCE_DIR}/featuretable_xp.txt - ${ARCH_PREBUILT_DIRS_RELEASE}/libeay32.dll - ${ARCH_PREBUILT_DIRS_RELEASE}/ssleay32.dll - ${ARCH_PREBUILT_DIRS_DEBUG}/libeay32.dll - ${ARCH_PREBUILT_DIRS_DEBUG}/ssleay32.dll ${viewer_APPSETTINGS_FILES} SLPlugin media_plugin_cef @@ -1851,11 +1847,15 @@ if (WINDOWS) list(APPEND COPY_INPUT_DEPENDENCIES ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk_x64.dll ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp_x64.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1-x64.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1-x64.dll ) else (ADDRESS_SIZE EQUAL 64) list(APPEND COPY_INPUT_DEPENDENCIES ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk.dll ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1.dll ) endif (ADDRESS_SIZE EQUAL 64) diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 14059f828a..1e6f2154bc 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -452,7 +452,7 @@ public: virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0; // instantiate a chain from an X509_STORE_CTX - virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0; + virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0; // instantiate a cert store given it's id. if a persisted version // exists, it'll be loaded. If not, one will be created (but not diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 19db020a31..b4853d270a 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert, LLBasicCertificate::LLBasicCertificate(X509* pCert, const LLSD* validation_params) { - if (!pCert || !pCert->cert_info) + if (!pCert) { LLTHROW(LLInvalidCertificate(LLSD::emptyMap())); } @@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name) char buffer[32]; X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index); - std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), - M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); + std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), + ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry); OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0); @@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const // LLBasicCertificateChain // This class represents a chain of certs, each cert being signed by the next cert // in the chain. Certs must be properly signed by the parent -LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store) +LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store) { // we're passed in a context, which contains a cert, and a blob of untrusted // certificates which compose the chain. - if((store == NULL) || (store->cert == NULL)) + if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL) { LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL; return; } // grab the child cert - LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert); + LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store)); add(current); - if(store->untrusted != NULL) + if(X509_STORE_CTX_get0_untrusted(store) != NULL) { // if there are other certs in the chain, we build up a vector // of untrusted certs so we can search for the parents of each // consecutive cert. LLBasicCertificateVector untrusted_certs; - for(int i = 0; i < sk_X509_num(store->untrusted); i++) + for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) { - LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i)); + LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i)); untrusted_certs.add(cert); } @@ -1348,9 +1348,10 @@ void LLSecAPIBasicHandler::_readProtectedData() // read in the rest of the file. - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL); + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + // todo: ctx error handling + + EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL); // allocate memory: std::string decrypted_data; @@ -1358,14 +1359,14 @@ void LLSecAPIBasicHandler::_readProtectedData() // read data as a block: protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE); - EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length, + EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length, buffer, protected_data_stream.gcount()); decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount()); } // RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is // no block padding. - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); std::istringstream parse_stream(decrypted_data); if (parser->parse(parse_stream, mProtectedDataMap, LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE) @@ -1401,12 +1402,14 @@ void LLSecAPIBasicHandler::_writeProtectedData() llofstream protected_data_stream(tmp_filename.c_str(), std::ios_base::binary); + EVP_CIPHER_CTX *ctx = NULL; try { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL); + ctx = EVP_CIPHER_CTX_new(); + // todo: ctx error handling + + EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL); unsigned char unique_id[MAC_ADDRESS_BYTES]; LLMachineID::getUniqueID(unique_id, sizeof(unique_id)); LLXORCipher cipher(unique_id, sizeof(unique_id)); @@ -1421,13 +1424,13 @@ void LLSecAPIBasicHandler::_writeProtectedData() break; } int encrypted_length; - EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length, + EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length, buffer, formatted_data_istream.gcount()); protected_data_stream.write((const char *)encrypted_buffer, encrypted_length); } // no EVP_EncrypteFinal, as this is a stream cipher - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); protected_data_stream.close(); } @@ -1439,6 +1442,11 @@ void LLSecAPIBasicHandler::_writeProtectedData() // it may be, however. LLFile::remove(tmp_filename); + if (ctx) + { + EVP_CIPHER_CTX_free(ctx); + } + // EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData() // Decided throwing an exception here was overkill until we figure out why this happens //LLTHROW(LLProtectedDataException("Error writing Protected Data Store")); @@ -1491,7 +1499,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert } // instantiate a chain from an X509_STORE_CTX -LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) +LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain); return result; diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index 0bc7f5230f..82670f9083 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -197,7 +197,7 @@ class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public { public: - LLBasicCertificateChain(const X509_STORE_CTX * store); + LLBasicCertificateChain(X509_STORE_CTX * store); virtual ~LLBasicCertificateChain() {} @@ -241,7 +241,7 @@ public: virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert); // instantiate a chain from an X509_STORE_CTX - virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain); + virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain); // instantiate a cert store given it's id. if a persisted version // exists, it'll be loaded. If not, one will be created (but not diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp index caa3016d2e..37fbbb449b 100644 --- a/indra/newview/tests/llsecapi_test.cpp +++ b/indra/newview/tests/llsecapi_test.cpp @@ -57,7 +57,7 @@ void LLSecAPIBasicHandler::init() {} LLSecAPIBasicHandler::~LLSecAPIBasicHandler() {} LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(const std::string& pem_cert) { return NULL; } LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert) { return NULL; } -LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { return NULL; } +LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { return NULL; } LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const std::string& store_id) { return NULL; } void LLSecAPIBasicHandler::setProtectedData(const std::string& data_type, const std::string& data_id, const LLSD& data) {} void LLSecAPIBasicHandler::addToProtectedMap(const std::string& data_type, const std::string& data_id, const std::string& map_elem, const LLSD& data) {} diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp index e5d226a2a4..4c8d6c51b0 100644 --- a/indra/newview/tests/llsechandler_basic_test.cpp +++ b/indra/newview/tests/llsechandler_basic_test.cpp @@ -1217,8 +1217,8 @@ namespace tut // Single cert in the chain. X509_STORE_CTX *test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = NULL; + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, NULL); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 1); @@ -1229,9 +1229,9 @@ namespace tut // cert + CA test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509IntermediateCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 2); @@ -1245,9 +1245,9 @@ namespace tut // cert + nonrelated test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509TestCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 1); @@ -1257,10 +1257,10 @@ namespace tut // cert + CA + nonrelated test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509IntermediateCert); - sk_X509_push(test_store->untrusted, mX509TestCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 2); @@ -1273,10 +1273,10 @@ namespace tut // cert + intermediate + CA test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509IntermediateCert); - sk_X509_push(test_store->untrusted, mX509RootCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("three elements in store", test_chain->size(), 3); diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py index eb5071c2b8..43dcc6fffe 100755 --- a/indra/newview/viewer_manifest.py +++ b/indra/newview/viewer_manifest.py @@ -553,9 +553,13 @@ class WindowsManifest(ViewerManifest): self.path("vivoxsdk.dll") self.path("ortp.dll") - # Security - self.path("ssleay32.dll") - self.path("libeay32.dll") + # OpenSSL + if (self.address_size == 64): + self.path("libcrypto-1_1-x64.dll") + self.path("libssl-1_1-x64.dll") + else: + self.path("libcrypto-1_1.dll") + self.path("libssl-1_1.dll") # HTTP/2 self.path("nghttp2.dll") |