DEV-35248: Allow NoVerifySSLCert to uniformly disable verification

Introduce static LLCurl SSL verification flag, default 'true', accessed by
LLCurl::setSSLVerify() and getSSLVerify().
Make LLCurl::Easy::prepRequest() check LLCurl::getSSLVerify() instead of
unconditionally setting CURLOPT_SSL_VERIFYPEER 'true'. Also set
CURLOPT_SSL_VERIFYHOST to match.
Make LLXMLRPCTransaction::Impl::init() examine LLCurl::getSSLVerify(), instead
of directly examining gSavedSettings.getBOOL("NoVerifySSLCert").
Make LLURLRequest::checkRootCertificate() set CURLOPT_SSL_VERIFYHOST as well
as CURLOPT_SSL_VERIFYPEER.
Make request() in llhttpclient.cpp (used by LLHTTPClient::getByteRange(),
head(), get(), getHeaderOnly(), put(), post(), postRaw(), postFile(), del(),
move()) pass LLCurl::getSSLVerify() to checkRootCertificate(), rather than
constant 'true'.
Make LLAppViewer::mainLoop() call
    LLCurl::setSSLVerify(! gSavedSettings.getBOOL("NoVerifySSLCert"))
at the same time it calls LLCurl::setCAFile(), a comparable bit of static
setup.

1 files changed, 2 insertions, 3 deletions

diff --git a/indra/newview/llxmlrpctransaction.cpp b/indra/newview/llxmlrpctransaction.cpp
index 70859e8ea5..c19be37e75 100644
--- a/indra/newview/llxmlrpctransaction.cpp
+++ b/indra/newview/llxmlrpctransaction.cpp
@@ -252,9 +252,8 @@ void LLXMLRPCTransaction::Impl::init(XMLRPC_REQUEST request, bool useGzip)
 //	mCurlRequest->setopt(CURLOPT_VERBOSE, 1); // usefull for debugging
 	mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1);
 	mCurlRequest->setWriteCallback(&curlDownloadCallback, (void*)this);
-    	BOOL vefifySSLCert = !gSavedSettings.getBOOL("NoVerifySSLCert");
-	mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, vefifySSLCert);
-	mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, vefifySSLCert ? 2 : 0);
+	mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify());
+	mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify() ? 2 : 0);
 	// Be a little impatient about establishing connections.
 	mCurlRequest->setopt(CURLOPT_CONNECTTIMEOUT, 40L);