diff options
author | Eli Linden <eli@lindenlab.com> | 2010-04-07 10:27:10 -0700 |
---|---|---|
committer | Eli Linden <eli@lindenlab.com> | 2010-04-07 10:27:10 -0700 |
commit | de62c3378171a69ff9a39f2f626f1b1d33d0763f (patch) | |
tree | 053883ba8ae6d02460736ed8a786f1913761b00d /indra/newview/llxmlrpctransaction.cpp | |
parent | 25df7aca29074b6ae7f108c91673be117522bfc9 (diff) | |
parent | 3ecec85feb4e9878b32f5737ab8e35747360f138 (diff) |
Merge
Diffstat (limited to 'indra/newview/llxmlrpctransaction.cpp')
-rw-r--r-- | indra/newview/llxmlrpctransaction.cpp | 102 |
1 files changed, 8 insertions, 94 deletions
diff --git a/indra/newview/llxmlrpctransaction.cpp b/indra/newview/llxmlrpctransaction.cpp index d75c8ff1fb..5884cdd1c3 100644 --- a/indra/newview/llxmlrpctransaction.cpp +++ b/indra/newview/llxmlrpctransaction.cpp @@ -31,9 +31,6 @@ */ #include "llviewerprecompiledheaders.h" -#include <openssl/x509_vfy.h> -#include <openssl/ssl.h> -#include "llsecapi.h" #include "llxmlrpctransaction.h" #include "llxmlrpclistener.h" @@ -179,8 +176,6 @@ public: std::string mResponseText; XMLRPC_REQUEST mResponse; - std::string mCertStore; - LLPointer<LLCertificate> mErrorCert; Impl(const std::string& uri, XMLRPC_REQUEST request, bool useGzip); Impl(const std::string& uri, @@ -195,8 +190,7 @@ public: private: void init(XMLRPC_REQUEST request, bool useGzip); - static int _sslCertVerifyCallback(X509_STORE_CTX *ctx, void *param); - static CURLcode _sslCtxFunction(CURL * curl, void *sslctx, void *param); + static size_t curlDownloadCallback( char* data, size_t size, size_t nmemb, void* user_data); }; @@ -234,74 +228,8 @@ LLXMLRPCTransaction::Impl::Impl(const std::string& uri, XMLRPC_RequestFree(request, 1); } -// _sslCertVerifyCallback -// callback called when a cert verification is requested. -// calls SECAPI to validate the context -int LLXMLRPCTransaction::Impl::_sslCertVerifyCallback(X509_STORE_CTX *ctx, void *param) -{ - LLXMLRPCTransaction::Impl *transaction = (LLXMLRPCTransaction::Impl *)param; - LLPointer<LLCertificateStore> store = gSecAPIHandler->getCertificateStore(transaction->mCertStore); - LLPointer<LLCertificateChain> chain = gSecAPIHandler->getCertificateChain(ctx); - LLSD validation_params = LLSD::emptyMap(); - LLURI uri(transaction->mURI); - validation_params[CERT_HOSTNAME] = uri.hostName(); - try - { - chain->validate(VALIDATION_POLICY_SSL, store, validation_params); - } - catch (LLCertValidationTrustException& cert_exception) - { - // this exception is is handled differently than the general cert - // exceptions, as we allow the user to actually add the certificate - // for trust. - // therefore we pass back a different error code - // NOTE: We're currently 'wired' to pass around CURL error codes. This is - // somewhat clumsy, as we may run into errors that do not map directly to curl - // error codes. Should be refactored with login refactoring, perhaps. - transaction->mCurlCode = CURLE_SSL_CACERT; - // set the status directly. set curl status generates error messages and we want - // to use the fixed ones from the exceptions - transaction->setStatus(StatusCURLError, cert_exception.getMessage(), std::string()); - // We should probably have a more generic way of passing information - // back to the error handlers. - transaction->mErrorCert = cert_exception.getCert(); - return 0; - } - catch (LLCertException& cert_exception) - { - transaction->mCurlCode = CURLE_SSL_PEER_CERTIFICATE; - // set the status directly. set curl status generates error messages and we want - // to use the fixed ones from the exceptions - transaction->setStatus(StatusCURLError, cert_exception.getMessage(), std::string()); - transaction->mErrorCert = cert_exception.getCert(); - return 0; - } - catch (...) - { - // any other odd error, we just handle as a connect error. - transaction->mCurlCode = CURLE_SSL_CONNECT_ERROR; - transaction->setCurlStatus(CURLE_SSL_CONNECT_ERROR); - return 0; - } - return 1; -} -// _sslCtxFunction -// Callback function called when an SSL Context is created via CURL -// used to configure the context for custom cert validate(<, <#const & xs#>, <#T * #>, <#long #>)tion -// based on SECAPI -CURLcode LLXMLRPCTransaction::Impl::_sslCtxFunction(CURL * curl, void *sslctx, void *param) -{ - SSL_CTX * ctx = (SSL_CTX *) sslctx; - // disable any default verification for server certs - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); - // set the verification callback. - SSL_CTX_set_cert_verify_callback(ctx, _sslCertVerifyCallback, param); - // the calls are void - return CURLE_OK; - -} void LLXMLRPCTransaction::Impl::init(XMLRPC_REQUEST request, bool useGzip) { @@ -309,7 +237,6 @@ void LLXMLRPCTransaction::Impl::init(XMLRPC_REQUEST request, bool useGzip) { mCurlRequest = new LLCurlEasyRequest(); } - mErrorCert = NULL; if (gSavedSettings.getBOOL("BrowserProxyEnabled")) { @@ -326,12 +253,11 @@ void LLXMLRPCTransaction::Impl::init(XMLRPC_REQUEST request, bool useGzip) mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1); mCurlRequest->setWriteCallback(&curlDownloadCallback, (void*)this); BOOL verifySSLCert = !gSavedSettings.getBOOL("NoVerifySSLCert"); - mCertStore = gSavedSettings.getString("CertStore"); + mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify() ? 2 : 0); mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, verifySSLCert); mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, verifySSLCert ? 2 : 0); // Be a little impatient about establishing connections. mCurlRequest->setopt(CURLOPT_CONNECTTIMEOUT, 40L); - mCurlRequest->setSSLCtxCallback(_sslCtxFunction, (void *)this); /* Setting the DNS cache timeout to -1 disables it completely. This might help with bug #503 */ @@ -417,19 +343,11 @@ bool LLXMLRPCTransaction::Impl::process() { if (result != CURLE_OK) { - if ((result != CURLE_SSL_PEER_CERTIFICATE) && - (result != CURLE_SSL_CACERT)) - { - // if we have a curl error that's not already been handled - // (a non cert error), then generate the error message as - // appropriate - setCurlStatus(result); - - llwarns << "LLXMLRPCTransaction CURL error " - << mCurlCode << ": " << mCurlRequest->getErrorString() << llendl; - llwarns << "LLXMLRPCTransaction request URI: " - << mURI << llendl; - } + setCurlStatus(result); + llwarns << "LLXMLRPCTransaction CURL error " + << mCurlCode << ": " << mCurlRequest->getErrorString() << llendl; + llwarns << "LLXMLRPCTransaction request URI: " + << mURI << llendl; return true; } @@ -507,6 +425,7 @@ void LLXMLRPCTransaction::Impl::setStatus(EStatus status, case StatusComplete: mStatusMessage = "(done)"; break; + default: // Usually this means that there's a problem with the login server, // not with the client. Direct user to status page. @@ -622,11 +541,6 @@ std::string LLXMLRPCTransaction::statusMessage() return impl.mStatusMessage; } -LLPointer<LLCertificate> LLXMLRPCTransaction::getErrorCert() -{ - return impl.mErrorCert; -} - std::string LLXMLRPCTransaction::statusURI() { return impl.mStatusURI; |