diff options
| author | Oz Linden <oz@lindenlab.com> | 2017-04-14 16:05:59 -0400 |
|---|---|---|
| committer | Oz Linden <oz@lindenlab.com> | 2017-04-14 16:05:59 -0400 |
| commit | fd3628ef45a8160f2434e0d8b747d31d65685340 (patch) | |
| tree | 2f96fb0bde4f6e1163cadd7fb55698de8756ad32 /indra/newview/llappcorehttp.cpp | |
| parent | 3494eb79529f5fb754e0ae75de96b18c0dafd981 (diff) | |
Change certificate store infrastructure to key off of the Subject Key
Id rather than sha1 hash, since that is rarely used in modern
certs. The previous form was storing trusted certs using an empty sha1
hash value as the key, which meant most certificates matched... not good.
Modify the LLCertException to pass certificate information back as
LLSD rather than an LLPointer<LLCertificate>, because when the
exception is being thown from the certificate constructor that results
in one of a couple of other exceptions (even refcounting won't save
you when the problem is that the thing you're pointing to never
finished coming into being properly).
Update the certificates in the llsechandler_basic_test to modern
conventions, and extend the classes to allow for an optional
validation date so that the test can use a fixed date. Also make all
the certificates include the plain text form for ease of reference.
Diffstat (limited to 'indra/newview/llappcorehttp.cpp')
| -rw-r--r-- | indra/newview/llappcorehttp.cpp | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/indra/newview/llappcorehttp.cpp b/indra/newview/llappcorehttp.cpp index 411e78aabd..a31293709f 100644 --- a/indra/newview/llappcorehttp.cpp +++ b/indra/newview/llappcorehttp.cpp @@ -547,9 +547,8 @@ LLCore::HttpStatus LLAppCoreHttp::sslVerify(const std::string &url, // error codes. Should be refactored with login refactoring, perhaps. result = LLCore::HttpStatus(LLCore::HttpStatus::EXT_CURL_EASY, CURLE_SSL_CACERT); result.setMessage(cert_exception.what()); - LLPointer<LLCertificate> cert = cert_exception.getCert(); - cert->ref(); // adding an extra ref here - result.setErrorData(cert.get()); + LLSD certdata = cert_exception.getCertData(); + result.setErrorData(certdata); // We should probably have a more generic way of passing information // back to the error handlers. } @@ -557,9 +556,8 @@ LLCore::HttpStatus LLAppCoreHttp::sslVerify(const std::string &url, { result = LLCore::HttpStatus(LLCore::HttpStatus::EXT_CURL_EASY, CURLE_SSL_PEER_CERTIFICATE); result.setMessage(cert_exception.what()); - LLPointer<LLCertificate> cert = cert_exception.getCert(); - cert->ref(); // adding an extra ref here - result.setErrorData(cert.get()); + LLSD certdata = cert_exception.getCertData(); + result.setErrorData(certdata); } catch (...) { |