DEV-35248: Allow NoVerifySSLCert to uniformly disable verification

Introduce static LLCurl SSL verification flag, default 'true', accessed by
LLCurl::setSSLVerify() and getSSLVerify().
Make LLCurl::Easy::prepRequest() check LLCurl::getSSLVerify() instead of
unconditionally setting CURLOPT_SSL_VERIFYPEER 'true'. Also set
CURLOPT_SSL_VERIFYHOST to match.
Make LLXMLRPCTransaction::Impl::init() examine LLCurl::getSSLVerify(), instead
of directly examining gSavedSettings.getBOOL("NoVerifySSLCert").
Make LLURLRequest::checkRootCertificate() set CURLOPT_SSL_VERIFYHOST as well
as CURLOPT_SSL_VERIFYPEER.
Make request() in llhttpclient.cpp (used by LLHTTPClient::getByteRange(),
head(), get(), getHeaderOnly(), put(), post(), postRaw(), postFile(), del(),
move()) pass LLCurl::getSSLVerify() to checkRootCertificate(), rather than
constant 'true'.
Make LLAppViewer::mainLoop() call
    LLCurl::setSSLVerify(! gSavedSettings.getBOOL("NoVerifySSLCert"))
at the same time it calls LLCurl::setCAFile(), a comparable bit of static
setup.

1 files changed, 1 insertions, 0 deletions

diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp
index 81b7761ed5..4e7ceff984 100644
--- a/indra/llmessage/llurlrequest.cpp
+++ b/indra/llmessage/llurlrequest.cpp
@@ -163,6 +163,7 @@ void LLURLRequest::setBodyLimit(U32 size)
 void LLURLRequest::checkRootCertificate(bool check)
 {
 	mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE));
+	mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, (check? 2 : 0));
 	mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, "");
 }