SL-13927 Turn SSL verification On for all SL services in viewer

author: Andrey Kleshchev <andreykproductengine@lindenlab.com> 2020-09-11 16:31:15 +0300
committer: Andrey Kleshchev <andreykproductengine@lindenlab.com> 2020-09-11 16:32:19 +0300
commit: 8c8eac256bdb51fdf9e6e297280b2017d26c3588 (patch)
tree: a679d8fb8fc171ab3f4c09500238112acad8f836 /indra/newview
parent: 45758daa8a1f388f5881f5025063e13b10ff7721 (diff)
5 files changed, 29 insertions, 0 deletions
diff --git a/indra/newview/llappcorehttp.cpp b/indra/newview/llappcorehttp.cpp
index afa4414968..4777662839 100644
--- a/indra/newview/llappcorehttp.cpp
+++ b/indra/newview/llappcorehttp.cpp
@@ -116,6 +116,7 @@ static const struct
 };
 
 static void setting_changed();
+static void ssl_verification_changed();
 
 
 LLAppCoreHttp::HttpClass::HttpClass()
@@ -195,6 +196,23 @@ void LLAppCoreHttp::init()
 		LL_WARNS("Init") << "Failed to set SSL Verification.  Reason:  " << status.toString() << LL_ENDL;
 	}
 
+    // Set up Default SSL Verification option.
+    const std::string no_verify_ssl("NoVerifySSLCert");
+    if (gSavedSettings.controlExists(no_verify_ssl))
+    {
+        LLPointer<LLControlVariable> cntrl_ptr = gSavedSettings.getControl(no_verify_ssl);
+        if (cntrl_ptr.isNull())
+        {
+            LL_WARNS("Init") << "Unable to set signal on global setting '" << no_verify_ssl
+                << "'" << LL_ENDL;
+        }
+        else
+        {
+            mSSLNoVerifySignal = cntrl_ptr->getCommitSignal()->connect(boost::bind(&ssl_verification_changed));
+            LLCore::HttpOptions::setDefaultSSLVerifyPeer(!cntrl_ptr->getValue().asBoolean());
+        }
+    }
+
 	// Tracing levels for library & libcurl (note that 2 & 3 are beyond spammy):
 	// 0 - None
 	// 1 - Basic start, stop simple transitions
@@ -296,6 +314,11 @@ void setting_changed()
 	LLAppViewer::instance()->getAppCoreHttp().refreshSettings(false);
 }
 
+void ssl_verification_changed()
+{
+    LLCore::HttpOptions::setDefaultSSLVerifyPeer(!gSavedSettings.getBOOL("NoVerifySSLCert"));
+}
+
 namespace
 {
     // The NoOpDeletor is used when wrapping LLAppCoreHttp in a smart pointer below for
@@ -355,6 +378,7 @@ void LLAppCoreHttp::cleanup()
 	{
 		mHttpClasses[i].mSettingsSignal.disconnect();
 	}
+    mSSLNoVerifySignal.disconnect();
 	mPipelinedSignal.disconnect();
 	
 	delete mRequest;
diff --git a/indra/newview/llappcorehttp.h b/indra/newview/llappcorehttp.h
index 95c138d598..751c498ab0 100644
--- a/indra/newview/llappcorehttp.h
+++ b/indra/newview/llappcorehttp.h
@@ -256,6 +256,7 @@ private:
 	HttpClass					mHttpClasses[AP_COUNT];
 	bool						mPipelined;				// Global setting
 	boost::signals2::connection	mPipelinedSignal;		// Signal for 'HttpPipelining' setting
+	boost::signals2::connection	mSSLNoVerifySignal;		// Signal for 'NoVerifySSLCert' setting
 
 	static LLCore::HttpStatus	sslVerify(const std::string &uri, const LLCore::HttpHandler::ptr_t &handler, void *appdata);
 };
diff --git a/indra/newview/llfloaterabout.cpp b/indra/newview/llfloaterabout.cpp
index 171858e472..1fbd198019 100644
--- a/indra/newview/llfloaterabout.cpp
+++ b/indra/newview/llfloaterabout.cpp
@@ -236,6 +236,7 @@ void LLFloaterAbout::fetchServerReleaseNotesCoro(const std::string& cap_url)
 
     httpOpts->setWantHeaders(true);
     httpOpts->setFollowRedirects(false);
+    httpOpts->setSSLVerifyPeer(false); // We want this data even if SSL verification fails
 
     LLSD result = httpAdapter->getAndSuspend(httpRequest, cap_url, httpOpts);
 
diff --git a/indra/newview/llfloatergridstatus.cpp b/indra/newview/llfloatergridstatus.cpp
index faa7e9f3db..9745e17bbb 100644
--- a/indra/newview/llfloatergridstatus.cpp
+++ b/indra/newview/llfloatergridstatus.cpp
@@ -95,6 +95,7 @@ void LLFloaterGridStatus::getGridStatusRSSCoro()
     LLCore::HttpOptions::ptr_t httpOpts(new LLCore::HttpOptions);
     LLCore::HttpHeaders::ptr_t httpHeaders(new LLCore::HttpHeaders);
 
+    httpOpts->setSSLVerifyPeer(false); // We want this data even if SSL fails
     httpHeaders->append(HTTP_OUT_HEADER_CONTENT_TYPE, HTTP_CONTENT_TEXT_XML);
     std::string url = gSavedSettings.getString("GridStatusRSS");
 
diff --git a/indra/newview/lltranslate.cpp b/indra/newview/lltranslate.cpp
index fa3b44f702..553a3cd086 100644
--- a/indra/newview/lltranslate.cpp
+++ b/indra/newview/lltranslate.cpp
@@ -144,6 +144,7 @@ void LLTranslationAPIHandler::verifyKeyCoro(LLTranslate::EService service, std::
     httpHeaders->append(HTTP_OUT_HEADER_USER_AGENT, user_agent);
 
     httpOpts->setFollowRedirects(true);
+    httpOpts->setSSLVerifyPeer(false);
 
     std::string url = this->getKeyVerificationURL(key);
     if (url.empty())
@@ -185,6 +186,7 @@ void LLTranslationAPIHandler::translateMessageCoro(LanguagePair_t fromTo, std::s
 
     httpHeaders->append(HTTP_OUT_HEADER_ACCEPT, HTTP_CONTENT_TEXT_PLAIN);
     httpHeaders->append(HTTP_OUT_HEADER_USER_AGENT, user_agent);
+    httpOpts->setSSLVerifyPeer(false);
 
     std::string url = this->getTranslateURL(fromTo.first, fromTo.second, msg);
     if (url.empty())
author	Andrey Kleshchev <andreykproductengine@lindenlab.com>	2020-09-11 16:31:15 +0300
committer	Andrey Kleshchev <andreykproductengine@lindenlab.com>	2020-09-11 16:32:19 +0300
commit	8c8eac256bdb51fdf9e6e297280b2017d26c3588 (patch)
tree	a679d8fb8fc171ab3f4c09500238112acad8f836 /indra/newview
parent	45758daa8a1f388f5881f5025063e13b10ff7721 (diff)