diff options
| author | Nat Goodspeed <nat@lindenlab.com> | 2010-01-20 15:48:13 -0500 |
|---|---|---|
| committer | Nat Goodspeed <nat@lindenlab.com> | 2010-01-20 15:48:13 -0500 |
| commit | df7e5dd1dc491e6f2a8bcff44d75f8e2113b8b6f (patch) | |
| tree | 526b2bf6e9516f6652c5cf8736296be6549f7746 /indra/llmessage/llcurl.cpp | |
| parent | ea875ca0eb3e3f9c5f7398ad721f5e2dd1427cf1 (diff) | |
DEV-35248: Allow NoVerifySSLCert to uniformly disable verification
Introduce static LLCurl SSL verification flag, default 'true', accessed by
LLCurl::setSSLVerify() and getSSLVerify().
Make LLCurl::Easy::prepRequest() check LLCurl::getSSLVerify() instead of
unconditionally setting CURLOPT_SSL_VERIFYPEER 'true'. Also set
CURLOPT_SSL_VERIFYHOST to match.
Make LLXMLRPCTransaction::Impl::init() examine LLCurl::getSSLVerify(), instead
of directly examining gSavedSettings.getBOOL("NoVerifySSLCert").
Make LLURLRequest::checkRootCertificate() set CURLOPT_SSL_VERIFYHOST as well
as CURLOPT_SSL_VERIFYPEER.
Make request() in llhttpclient.cpp (used by LLHTTPClient::getByteRange(),
head(), get(), getHeaderOnly(), put(), post(), postRaw(), postFile(), del(),
move()) pass LLCurl::getSSLVerify() to checkRootCertificate(), rather than
constant 'true'.
Make LLAppViewer::mainLoop() call
LLCurl::setSSLVerify(! gSavedSettings.getBOOL("NoVerifySSLCert"))
at the same time it calls LLCurl::setCAFile(), a comparable bit of static
setup.
Diffstat (limited to 'indra/llmessage/llcurl.cpp')
| -rw-r--r-- | indra/llmessage/llcurl.cpp | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index dc02367a62..024e17a777 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -89,6 +89,10 @@ S32 gCurlMultiCount = 0; std::vector<LLMutex*> LLCurl::sSSLMutex; std::string LLCurl::sCAPath; std::string LLCurl::sCAFile; +// Verify SSL certificates by default (matches libcurl default). The ability +// to alter this flag is only to allow us to suppress verification if it's +// broken for some reason. +bool LLCurl::sSSLVerify = true; //static void LLCurl::setCAPath(const std::string& path) @@ -103,6 +107,18 @@ void LLCurl::setCAFile(const std::string& file) } //static +void LLCurl::setSSLVerify(bool verify) +{ + sSSLVerify = verify; +} + +//static +bool LLCurl::getSSLVerify() +{ + return sSSLVerify; +} + +//static std::string LLCurl::getVersionString() { return std::string(curl_version()); @@ -465,7 +481,8 @@ void LLCurl::Easy::prepRequest(const std::string& url, setErrorBuffer(); setCA(); - setopt(CURLOPT_SSL_VERIFYPEER, true); + setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify()); + setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify()? 2 : 0); setopt(CURLOPT_TIMEOUT, CURL_REQUEST_TIMEOUT); setoptString(CURLOPT_URL, url); @@ -1044,4 +1061,3 @@ void LLCurl::cleanupClass() #endif curl_global_cleanup(); } - |