Backed out changeset 63b699f90efd

6 files changed, 102 insertions, 85 deletions

diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp
index 91e11b8c0d..024e17a777 100644
--- a/indra/llmessage/llcurl.cpp
+++ b/indra/llmessage/llcurl.cpp
@@ -89,6 +89,10 @@ S32 gCurlMultiCount = 0;
 std::vector<LLMutex*> LLCurl::sSSLMutex;
 std::string LLCurl::sCAPath;
 std::string LLCurl::sCAFile;
+// Verify SSL certificates by default (matches libcurl default). The ability
+// to alter this flag is only to allow us to suppress verification if it's
+// broken for some reason.
+bool LLCurl::sSSLVerify = true;
 
 //static
 void LLCurl::setCAPath(const std::string& path)
@@ -103,6 +107,18 @@ void LLCurl::setCAFile(const std::string& file)
 }
 
 //static
+void LLCurl::setSSLVerify(bool verify)
+{
+	sSSLVerify = verify;
+}
+
+//static
+bool LLCurl::getSSLVerify()
+{
+	return sSSLVerify;
+}
+
+//static
 std::string LLCurl::getVersionString()
 {
 	return std::string(curl_version());
@@ -465,7 +481,8 @@ void LLCurl::Easy::prepRequest(const std::string& url,
 	setErrorBuffer();
 	setCA();
 
-	setopt(CURLOPT_SSL_VERIFYPEER, true);
+	setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify());
+	setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify()? 2 : 0);
 	setopt(CURLOPT_TIMEOUT, CURL_REQUEST_TIMEOUT);
 
 	setoptString(CURLOPT_URL, url);
@@ -895,15 +912,6 @@ void LLCurlEasyRequest::setReadCallback(curl_read_callback callback, void* userd
 	}
 }
 
-void LLCurlEasyRequest::setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata)
-{
-	if (mEasy)
-	{
-		mEasy->setopt(CURLOPT_SSL_CTX_FUNCTION, (void*)callback);
-		mEasy->setopt(CURLOPT_SSL_CTX_DATA, userdata);
-	}
-}
-
 void LLCurlEasyRequest::slist_append(const char* str)
 {
 	if (mEasy)
@@ -1053,4 +1061,3 @@ void LLCurl::cleanupClass()
 #endif
 	curl_global_cleanup();
 }
-
diff --git a/indra/llmessage/llcurl.h b/indra/llmessage/llcurl.h
index b6a637ae5b..caf02cccd9 100644
--- a/indra/llmessage/llcurl.h
+++ b/indra/llmessage/llcurl.h
@@ -158,6 +158,16 @@ public:
 	static const std::string& getCAPath() { return sCAPath; }
 
 	/**
+	 * @ brief Set flag controlling whether to verify HTTPS certs.
+	 */
+	static void setSSLVerify(bool verify);
+
+	/**
+	 * @ brief Get flag controlling whether to verify HTTPS certs.
+	 */
+	static bool getSSLVerify();
+
+	/**
 	 * @ brief Initialize LLCurl class
 	 */
 	static void initClass();
@@ -182,6 +192,7 @@ public:
 private:
 	static std::string sCAPath;
 	static std::string sCAFile;
+	static bool sSSLVerify;
 };
 
 namespace boost
@@ -229,7 +240,6 @@ public:
 	void setHeaderCallback(curl_header_callback callback, void* userdata);
 	void setWriteCallback(curl_write_callback callback, void* userdata);
 	void setReadCallback(curl_read_callback callback, void* userdata);
-	void setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata);
 	void slist_append(const char* str);
 	void sendRequest(const std::string& url);
 	void requestComplete();
diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp
index 345b76d1a1..dd56e18caf 100644
--- a/indra/llmessage/llhttpclient.cpp
+++ b/indra/llmessage/llhttpclient.cpp
@@ -31,7 +31,7 @@
  */
 
 #include "linden_common.h"
-#include <openssl/x509_vfy.h>
+
 #include "llhttpclient.h"
 
 #include "llassetstorage.h"
@@ -46,10 +46,7 @@
 #include "message.h"
 #include <curl/curl.h>
 
-
 const F32 HTTP_REQUEST_EXPIRY_SECS = 60.0f;
-LLURLRequest::SSLCertVerifyCallback LLHTTPClient::mCertVerifyCallback = NULL;
-
 ////////////////////////////////////////////////////////////////////////////
 
 // Responder class moved to LLCurl
@@ -209,19 +206,13 @@ namespace
 	LLPumpIO* theClientPump = NULL;
 }
 
-void LLHTTPClient::setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback)
-{
-	LLHTTPClient::mCertVerifyCallback = callback;
-}
-
 static void request(
 	const std::string& url,
 	LLURLRequest::ERequestAction method,
 	Injector* body_injector,
 	LLCurl::ResponderPtr responder,
 	const F32 timeout = HTTP_REQUEST_EXPIRY_SECS,
-	const LLSD& headers = LLSD()
-    )
+	const LLSD& headers = LLSD())
 {
 	if (!LLHTTPClient::hasPump())
 	{
@@ -231,7 +222,7 @@ static void request(
 	LLPumpIO::chain_t chain;
 
 	LLURLRequest* req = new LLURLRequest(method, url);
-	req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req);
+	req->checkRootCertificate(LLCurl::getSSLVerify());
 
 	
 	lldebugs << LLURLRequest::actionAsVerb(method) << " " << url << " "
@@ -426,6 +417,7 @@ static LLSD blocking_request(
 	std::string body_str;
 	
 	// other request method checks root cert first, we skip?
+	//req->checkRootCertificate(true);
 	
 	// * Set curl handle options
 	curl_easy_setopt(curlp, CURLOPT_NOSIGNAL, 1);	// don't use SIGALRM for timeouts
diff --git a/indra/llmessage/llhttpclient.h b/indra/llmessage/llhttpclient.h
index 8afbc9e0fc..3d0646e5fe 100644
--- a/indra/llmessage/llhttpclient.h
+++ b/indra/llmessage/llhttpclient.h
@@ -40,8 +40,7 @@
 #include <string>
 
 #include <boost/intrusive_ptr.hpp>
-#include <openssl/x509_vfy.h>
-#include "llurlrequest.h"
+
 #include "llassettype.h"
 #include "llcurl.h"
 #include "lliopipe.h"
@@ -62,7 +61,6 @@ public:
 	typedef LLCurl::Responder Responder;
 	typedef LLCurl::ResponderPtr ResponderPtr;
 
-	
 	/** @name non-blocking API */
 	//@{
 	static void head(
@@ -157,12 +155,7 @@ public:
 	static void setPump(LLPumpIO& pump);
 		///< must be called before any of the above calls are made
 	static bool hasPump();
-
-	static void setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback);
-	static  LLURLRequest::SSLCertVerifyCallback getCertVerifyCallback() { return mCertVerifyCallback; }
-
-protected:
-	static LLURLRequest::SSLCertVerifyCallback mCertVerifyCallback;
+		///< for testing
 };
 
 #endif // LL_LLHTTPCLIENT_H
diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp
index 1e76d10828..4e7ceff984 100644
--- a/indra/llmessage/llurlrequest.cpp
+++ b/indra/llmessage/llurlrequest.cpp
@@ -36,8 +36,7 @@
 #include "llurlrequest.h"
 
 #include <algorithm>
-#include <openssl/x509_vfy.h>
-#include <openssl/ssl.h>
+
 #include "llcurl.h"
 #include "llioutil.h"
 #include "llmemtype.h"
@@ -57,8 +56,6 @@ const std::string CONTEXT_TRANSFERED_BYTES("transfered_bytes");
 
 static size_t headerCallback(void* data, size_t size, size_t nmemb, void* user);
 
-
-
 /**
  * class LLURLRequestDetail
  */
@@ -75,7 +72,6 @@ public:
 	U32 mBodyLimit;
 	S32 mByteAccumulator;
 	bool mIsBodyLimitSet;
-	LLURLRequest::SSLCertVerifyCallback mSSLVerifyCallback;
 };
 
 LLURLRequestDetail::LLURLRequestDetail() :
@@ -84,8 +80,7 @@ LLURLRequestDetail::LLURLRequestDetail() :
 	mLastRead(NULL),
 	mBodyLimit(0),
 	mByteAccumulator(0),
-	mIsBodyLimitSet(false),
-    mSSLVerifyCallback(NULL)
+	mIsBodyLimitSet(false)
 {
 	LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST);
 	mCurlRequest = new LLCurlEasyRequest();
@@ -99,36 +94,6 @@ LLURLRequestDetail::~LLURLRequestDetail()
 	mLastRead = NULL;
 }
 
-void LLURLRequest::setSSLVerifyCallback(SSLCertVerifyCallback callback, void *param)
-{
-	mDetail->mSSLVerifyCallback = callback;
-	mDetail->mCurlRequest->setSSLCtxCallback(LLURLRequest::_sslCtxCallback, (void *)this);
-	mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, true);
-	mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, 2);	
-}
-
-
-// _sslCtxFunction
-// Callback function called when an SSL Context is created via CURL
-// used to configure the context for custom cert validation
-
-CURLcode LLURLRequest::_sslCtxCallback(CURL * curl, void *sslctx, void *param)
-{	
-	LLURLRequest *req = (LLURLRequest *)param;
-	if(req == NULL || req->mDetail->mSSLVerifyCallback == NULL)
-	{
-		SSL_CTX_set_cert_verify_callback((SSL_CTX *)sslctx, NULL, NULL);
-		return CURLE_OK;
-	}
-	SSL_CTX * ctx = (SSL_CTX *) sslctx;
-	// disable any default verification for server certs
-	SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-	// set the verification callback.
-	SSL_CTX_set_cert_verify_callback(ctx, req->mDetail->mSSLVerifyCallback, (void *)req);
-	// the calls are void
-	return CURLE_OK;
-	
-}
 
 /**
  * class LLURLRequest
@@ -183,11 +148,6 @@ void LLURLRequest::setURL(const std::string& url)
 	mDetail->mURL = url;
 }
 
-std::string LLURLRequest::getURL() const
-{
-	return mDetail->mURL;
-}
-
 void LLURLRequest::addHeader(const char* header)
 {
 	LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST);
@@ -200,6 +160,13 @@ void LLURLRequest::setBodyLimit(U32 size)
 	mDetail->mIsBodyLimitSet = true;
 }
 
+void LLURLRequest::checkRootCertificate(bool check)
+{
+	mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE));
+	mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, (check? 2 : 0));
+	mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, "");
+}
+
 void LLURLRequest::setCallback(LLURLRequestComplete* callback)
 {
 	LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST);
diff --git a/indra/llmessage/llurlrequest.h b/indra/llmessage/llurlrequest.h
index 69fd22e592..cb3c466440 100644
--- a/indra/llmessage/llurlrequest.h
+++ b/indra/llmessage/llurlrequest.h
@@ -44,8 +44,6 @@
 #include "lliopipe.h"
 #include "llchainio.h"
 #include "llerror.h"
-#include <openssl/x509_vfy.h>
-#include "llcurl.h"
 
 
 extern const std::string CONTEXT_REQUEST;
@@ -74,8 +72,6 @@ class LLURLRequest : public LLIOPipe
 {
 	LOG_CLASS(LLURLRequest);
 public:
-
-	typedef int (* SSLCertVerifyCallback)(X509_STORE_CTX *ctx, void *param);
 	/** 
 	 * @brief This enumeration is for specifying the type of request.
 	 */
@@ -129,7 +125,7 @@ public:
 	 * 
 	 */
 	void setURL(const std::string& url);
-	std::string getURL() const;
+
 	/** 
 	 * @brief Add a header to the http post.
 	 *
@@ -147,9 +143,8 @@ public:
 	 * Set whether request will check that remote server
 	 * certificates are signed by a known root CA when using HTTPS.
 	 */
-	void setSSLVerifyCallback(SSLCertVerifyCallback callback, void * param);
+	void checkRootCertificate(bool check);
 
-	
 	/**
 	 * @brief Return at most size bytes of body.
 	 *
@@ -194,7 +189,6 @@ public:
 	 * @brief Give this pipe a chance to handle a generated error
 	 */
 	virtual EStatus handleError(EStatus status, LLPumpIO* pump);
-
 	
 protected:
 	/** 
@@ -223,8 +217,6 @@ protected:
 	 S32 mRequestTransferedBytes;
 	 S32 mResponseTransferedBytes;
 
-	static CURLcode _sslCtxCallback(CURL * curl, void *sslctx, void *param);
-	
 private:
 	/** 
 	 * @brief Initialize the object. Called during construction.
@@ -372,6 +364,62 @@ protected:
 };
 
 
+/** 
+ * @class LLURLRequestClientFactory
+ * @brief Template class to build url request based client chains 
+ *
+ * This class eases construction of a basic sd rpc client. Here is an
+ * example of it's use:
+ * <code>
+ *  class LLUsefulService : public LLService { ... }<br>
+ *  LLService::registerCreator(<br>
+ *    "useful",<br>
+ *    LLService::creator_t(new LLURLRequestClientFactory<LLUsefulService>))<br>
+ * </code>
+ *
+ * This class should work, but I never got around to using/testing it.
+ *
+ */
+#if 0
+template<class Client>
+class LLURLRequestClientFactory : public LLChainIOFactory
+{
+public:
+	LLURLRequestClientFactory(LLURLRequest::ERequestAction action) {}
+	LLURLRequestClientFactory(
+		LLURLRequest::ERequestAction action,
+		const std::string& fixed_url) :
+		mAction(action),
+		mURL(fixed_url)
+	{
+	}
+	virtual bool build(LLPumpIO::chain_t& chain, LLSD context) const
+	{
+		lldebugs << "LLURLRequestClientFactory::build" << llendl;
+		LLIOPipe::ptr_t service(new Client);
+		chain.push_back(service);
+		LLURLRequest* http(new LLURLRequest(mAction));
+		LLIOPipe::ptr_t http_pipe(http);
+		// *FIX: how do we know the content type?
+		//http->addHeader("Content-Type: text/llsd");
+		if(mURL.empty())
+		{
+			chain.push_back(LLIOPipe::ptr_t(new LLContextURLExtractor(http)));
+		}
+		else
+		{
+			http->setURL(mURL);
+		}
+		chain.push_back(http_pipe);
+		chain.push_back(service);
+		return true;
+	}
+
+protected:
+	LLURLRequest::ERequestAction mAction;
+	std::string mURL;
+};
+#endif
 
 /**
  * External constants