diff options
| author | Andrey Kleshchev <andreykproductengine@lindenlab.com> | 2020-09-09 18:05:11 +0300 |
|---|---|---|
| committer | Andrey Kleshchev <andreykproductengine@lindenlab.com> | 2020-09-09 18:07:21 +0300 |
| commit | 4eefce9767784742cd394ddf948d345cfbced8c8 (patch) | |
| tree | 08806da75b6c5679ddcb12930e0a82cb1494c904 /indra/newview | |
| parent | d50131c0ac43cb5cfc247bd388a10100bc3dfec0 (diff) | |
SL-13921 Only one of extended key usages is needed
LN (EKU_TLS) is more likely to be present thus should be checked first
Diffstat (limited to 'indra/newview')
| -rw-r--r-- | indra/newview/llsechandler_basic.cpp | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 656a2cf8cf..737ef30ada 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -924,12 +924,13 @@ void _validateCert(int validation_policy, LLTHROW(LLCertKeyUsageValidationException(current_cert_info)); } // only validate EKU if the cert has it - if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() && - ( (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], + if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) + && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() + && (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], + LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH))) + && (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], LLSD((std::string)CERT_EKU_SERVER_AUTH))) - || (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], - LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH))) - )) + ) { LLTHROW(LLCertKeyUsageValidationException(current_cert_info)); } |