summaryrefslogtreecommitdiff
path: root/indra/newview
diff options
context:
space:
mode:
authorRoxie Linden <roxie@lindenlab.com>2010-05-19 15:22:46 -0700
committerRoxie Linden <roxie@lindenlab.com>2010-05-19 15:22:46 -0700
commitca9737d6d6efac7ce9aba1f9686a86b7f6863636 (patch)
treebf52d89a58eb03feeeda2e8de219f274c7f0e5a2 /indra/newview
parent61cb3d31137f30f3766dbe3c22d700fbdf517d80 (diff)
The certificate hostname verification was not taking into account changes in
hostname due to a redirect which is handled via curl. I turned off the secapi hostname verification just allowing libcurls hostname verification, as it's better anyway (it handles alt names)
Diffstat (limited to 'indra/newview')
-rw-r--r--indra/newview/llsecapi.cpp5
1 files changed, 4 insertions, 1 deletions
diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp
index 89b799f297..1caeec5b04 100644
--- a/indra/newview/llsecapi.cpp
+++ b/indra/newview/llsecapi.cpp
@@ -121,7 +121,10 @@ int secapiSSLCertVerifyCallback(X509_STORE_CTX *ctx, void *param)
validation_params[CERT_HOSTNAME] = uri.hostName();
try
{
- chain->validate(VALIDATION_POLICY_SSL, store, validation_params);
+ // we rely on libcurl to validate the hostname, as libcurl does more extensive validation
+ // leaving our hostname validation call mechanism for future additions with respect to
+ // OS native (Mac keyring, windows CAPI) validation.
+ chain->validate(VALIDATION_POLICY_SSL & (~VALIDATION_POLICY_HOSTNAME), store, validation_params);
}
catch (LLCertValidationTrustException& cert_exception)
{