summaryrefslogtreecommitdiff
path: root/indra/newview/llsechandler_basic.cpp
diff options
context:
space:
mode:
authorVadim Savchuk <vsavchuk@productengine.com>2010-05-20 14:05:32 +0300
committerVadim Savchuk <vsavchuk@productengine.com>2010-05-20 14:05:32 +0300
commitfe641682176a4940ad5d71366f0b74f9eabe7118 (patch)
tree82f1a09547b4c92bfa405b51e4683595c0cc26bb /indra/newview/llsechandler_basic.cpp
parent56e88c6b2e656a28b25154e27c05e7ced65d90a8 (diff)
parent13d2501c847929ce9ee155dbb4dcfcf166710d3e (diff)
Manual merge from default branch.
Auto-resolved conflicts in: - indra/newview/llpaneleditwearable.cpp - indra/newview/llviewermenu.cpp - indra/newview/llviewerwindow.cpp - indra/newview/skins/default/xui/en/notifications.xml --HG-- branch : product-engine
Diffstat (limited to 'indra/newview/llsechandler_basic.cpp')
-rw-r--r--indra/newview/llsechandler_basic.cpp45
1 files changed, 23 insertions, 22 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index df55ccf142..edf5ce9b60 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -585,6 +585,11 @@ LLBasicCertificateStore::LLBasicCertificateStore(const std::string& filename)
void LLBasicCertificateStore::load_from_file(const std::string& filename)
{
// scan the PEM file extracting each certificate
+ if (!LLFile::isfile(filename))
+ {
+ return;
+ }
+
BIO* file_bio = BIO_new(BIO_s_file());
if(file_bio)
{
@@ -1148,30 +1153,26 @@ void LLSecAPIBasicHandler::init()
"bin_conf.dat");
std::string store_file = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
"CA.pem");
- // copy the CA file to a user writable location so we can manipulate it.
- // for this provider, by using a user writable file, there is a risk that
- // an attacking program can modify the file, but OS dependent providers
- // will reduce that risk.
- // by using a user file, modifications will be limited to one user if
- // we read-only the main file
- if (!LLFile::isfile(store_file))
- {
-
- std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem");
- llifstream ca_file(ca_file_path.c_str(), llifstream::binary | llifstream::in);
- llofstream copied_store_file(store_file.c_str(), llofstream::binary | llofstream::out);
-
- while(!ca_file.fail())
- {
- char buffer[BUFFER_READ_SIZE];
- ca_file.read(buffer, sizeof(buffer));
- copied_store_file.write(buffer, ca_file.gcount());
- }
- ca_file.close();
- copied_store_file.close();
- }
+
+
LL_INFOS("SECAPI") << "Loading certificate store from " << store_file << LL_ENDL;
mStore = new LLBasicCertificateStore(store_file);
+
+ // grab the application CA.pem file that contains the well-known certs shipped
+ // with the product
+ std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem");
+ llinfos << "app path " << ca_file_path << llendl;
+ LLBasicCertificateStore app_ca_store = LLBasicCertificateStore(ca_file_path);
+
+ // push the applicate CA files into the store, therefore adding any new CA certs that
+ // updated
+ for(LLCertificateVector::iterator i = app_ca_store.begin();
+ i != app_ca_store.end();
+ i++)
+ {
+ mStore->add(*i);
+ }
+
}
_readProtectedData(); // initialize mProtectedDataMap
// may throw LLProtectedDataException if saved datamap is not decryptable