Manually resolving conflicts after merge with DRTVWR-520

This reverts commit 0a745b47880fb16b1db8cd3327377a383dbfe6a8.

12 files changed, 75 insertions, 285 deletions

diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt
index e77c062989..d9df04b6b6 100644
--- a/indra/newview/CMakeLists.txt
+++ b/indra/newview/CMakeLists.txt
@@ -1835,10 +1835,6 @@ if (WINDOWS)
       ${CMAKE_CURRENT_SOURCE_DIR}/licenses-win32.txt
       ${CMAKE_CURRENT_SOURCE_DIR}/featuretable.txt
       ${CMAKE_CURRENT_SOURCE_DIR}/featuretable_xp.txt
-      ${ARCH_PREBUILT_DIRS_RELEASE}/libeay32.dll
-      ${ARCH_PREBUILT_DIRS_RELEASE}/ssleay32.dll
-      ${ARCH_PREBUILT_DIRS_DEBUG}/libeay32.dll
-      ${ARCH_PREBUILT_DIRS_DEBUG}/ssleay32.dll
       ${viewer_APPSETTINGS_FILES}
       SLPlugin
       media_plugin_cef
@@ -1855,11 +1851,15 @@ if (WINDOWS)
         list(APPEND COPY_INPUT_DEPENDENCIES
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk_x64.dll
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp_x64.dll
+           ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1-x64.dll
+           ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1-x64.dll
             )
     else (ADDRESS_SIZE EQUAL 64)
         list(APPEND COPY_INPUT_DEPENDENCIES
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk.dll
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp.dll
+            ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1.dll
+            ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1.dll
             )
     endif (ADDRESS_SIZE EQUAL 64)
 
diff --git a/indra/newview/generate_breakpad_symbols.py b/indra/newview/generate_breakpad_symbols.py
deleted file mode 100755
index d351c406bc..0000000000
--- a/indra/newview/generate_breakpad_symbols.py
+++ /dev/null
@@ -1,166 +0,0 @@
-#!/usr/bin/env python
-"""\
-@file generate_breakpad_symbols.py
-@author Brad Kittenbrink <brad@lindenlab.com>
-@brief Simple tool for generating google_breakpad symbol information
-       for the crash reporter.
-
-$LicenseInfo:firstyear=2010&license=viewerlgpl$
-Second Life Viewer Source Code
-Copyright (C) 2010-2011, Linden Research, Inc.
-
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation;
-version 2.1 of the License only.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-Linden Research, Inc., 945 Battery Street, San Francisco, CA  94111  USA
-$/LicenseInfo$
-"""
-
-
-import collections
-import fnmatch
-import itertools
-import os
-import re
-import sys
-import shlex
-import subprocess
-import tarfile
-import StringIO
-import pprint
-
-DEBUG=False
-
-def usage():
-    print >>sys.stderr, "usage: %s search_dirs viewer_exes libs_suffix dump_syms_tool viewer_symbol_file" % sys.argv[0]
-
-class MissingModuleError(Exception):
-    def __init__(self, modules):
-        Exception.__init__(self, "Failed to find required modules: %r" % modules)
-        self.modules = modules
-
-def main(configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file):
-    print "generate_breakpad_symbols run with args: %s" % str((configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file))
-
-    if not re.match("release", configuration, re.IGNORECASE):
-        print "skipping breakpad symbol generation for non-release build."
-        return 0
-
-    # split up list of viewer_exes
-    # "'Second Life' SLPlugin" becomes ['Second Life', 'SLPlugin']
-    viewer_exes = shlex.split(viewer_exes)
-
-    found_required = dict([(module, False) for module in viewer_exes])
-
-    def matches(f):
-        if f in viewer_exes:
-            found_required[f] = True
-            return True
-        return fnmatch.fnmatch(f, libs_suffix)
-
-    search_dirs = search_dirs.split(";")
-
-    def list_files():
-        for search_dir in search_dirs:
-            for (dirname, subdirs, filenames) in os.walk(search_dir):
-                if DEBUG:
-                    print "scanning '%s' for modules..." % dirname
-                for f in itertools.ifilter(matches, filenames):
-                    yield os.path.join(dirname, f)
-
-    def dump_module(m):
-        print "dumping module '%s' with '%s'..." % (m, dump_syms_tool)
-        dsym_full_path = m
-        child = subprocess.Popen([dump_syms_tool, dsym_full_path] , stdout=subprocess.PIPE)
-        out, err = child.communicate()
-        return (m,child.returncode, out, err)
-
-    
-    modules = {}
-        
-    for m in list_files():
-        if DEBUG:
-            print "examining module '%s' ... " % m,
-        filename=os.path.basename(m)
-        if -1 != m.find("DWARF"):
-            # Just use this module; it has the symbols we want.
-            modules[filename] = m
-            if DEBUG:
-                print "found dSYM entry"
-        elif filename not in modules:
-            # Only use this if we don't already have a (possibly better) entry.
-            modules[filename] = m
-            if DEBUG:
-                print "found new entry"
-        elif DEBUG:
-            print "ignoring entry"
-
-
-    print "Found these following modules:"
-    pprint.pprint( modules )
-
-    out = tarfile.open(viewer_symbol_file, 'w:bz2')
-    for (filename,status,symbols,err) in itertools.imap(dump_module, modules.values()):
-        if status == 0:
-            module_line = symbols[:symbols.index('\n')]
-            module_line = module_line.split()
-            hash_id = module_line[3]
-            module = ' '.join(module_line[4:])
-            if sys.platform in ['win32', 'cygwin']:
-                mod_name = module[:module.rindex('.pdb')]
-            else:
-                mod_name = module
-            symbolfile = StringIO.StringIO(symbols)
-            info = tarfile.TarInfo("%(module)s/%(hash_id)s/%(mod_name)s.sym" % dict(module=module, hash_id=hash_id, mod_name=mod_name))
-            info.size = symbolfile.len
-            out.addfile(info, symbolfile)
-        else:
-            print >>sys.stderr, "warning: failed to dump symbols for '%s': %s" % (filename, err)
-
-    out.close()
-
-    missing_modules = [m for (m,_) in
-        itertools.ifilter(lambda (k,v): not v, found_required.iteritems())
-    ]
-    if missing_modules:
-        print >> sys.stderr, "failed to generate %s" % viewer_symbol_file
-        os.remove(viewer_symbol_file)
-        raise MissingModuleError(missing_modules)
-
-    symbols = tarfile.open(viewer_symbol_file, 'r:bz2')
-    tarfile_members = symbols.getnames()
-    symbols.close()
-
-    for required_module in viewer_exes:
-        def match_module_basename(m):
-            return os.path.splitext(required_module)[0].lower() \
-                   == os.path.splitext(os.path.basename(m))[0].lower()
-        # there must be at least one .sym file in tarfile_members that matches
-        # each required module (ignoring file extensions)
-        if not any(itertools.imap(match_module_basename, tarfile_members)):
-            print >> sys.stderr, "failed to find required %s in generated %s" \
-                    % (required_module, viewer_symbol_file)
-            os.remove(viewer_symbol_file)
-            raise MissingModuleError([required_module])
-
-    print "successfully generated %s including required modules '%s'" % (viewer_symbol_file, viewer_exes)
-
-    return 0
-
-if __name__ == "__main__":
-    if len(sys.argv) != 7:
-        usage()
-        sys.exit(1)
-    sys.exit(main(*sys.argv[1:]))
-
diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp
index ebe1e3f826..74cb4491a0 100644
--- a/indra/newview/llappviewer.cpp
+++ b/indra/newview/llappviewer.cpp
@@ -739,7 +739,7 @@ LLAppViewer::LLAppViewer()
 	std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, "");
 #   endif // ! LL_BUGSPLAT
 	mDumpPath = logdir;
-	setMiniDumpDir(logdir);
+
 	setDebugFileNames(logdir);
 }
 
diff --git a/indra/newview/llappviewer.h b/indra/newview/llappviewer.h
index 0afb70958c..95f6efa29a 100644
--- a/indra/newview/llappviewer.h
+++ b/indra/newview/llappviewer.h
@@ -109,7 +109,6 @@ public:
 
 	virtual bool restoreErrorTrap() = 0; // Require platform specific override to reset error handling mechanism.
 	                                     // return false if the error trap needed restoration.
-	virtual void initCrashReporting(bool reportFreeze = false) = 0; // What to do with crash report?
 	static void handleViewerCrash(); // Hey! The viewer crashed. Do this, soon.
     void checkForCrash();
     
diff --git a/indra/newview/llappviewermacosx.h b/indra/newview/llappviewermacosx.h
index d5a80864be..b0e325a955 100644
--- a/indra/newview/llappviewermacosx.h
+++ b/indra/newview/llappviewermacosx.h
@@ -44,7 +44,6 @@ public:
 
 protected:
 	virtual bool restoreErrorTrap();
-	virtual void initCrashReporting(bool reportFreeze);
 
 	std::string generateSerialNumber();
 	virtual bool initParseCommandLine(LLCommandLineParser& clp);
diff --git a/indra/newview/llappviewerwin32.cpp b/indra/newview/llappviewerwin32.cpp
index 9daea515e5..25d18fa11f 100644
--- a/indra/newview/llappviewerwin32.cpp
+++ b/indra/newview/llappviewerwin32.cpp
@@ -599,9 +599,6 @@ bool LLAppViewerWin32::init()
 #if ! defined(LL_BUGSPLAT)
 #pragma message("Building without BugSplat")
 
-	LLAppViewer* pApp = LLAppViewer::instance();
-	pApp->initCrashReporting();
-
 #else // LL_BUGSPLAT
 #pragma message("Building with BugSplat")
 
@@ -846,57 +843,6 @@ bool LLAppViewerWin32::restoreErrorTrap()
 	return true; // we don't check for handler collisions on windows, so just say they're ok
 }
 
-void LLAppViewerWin32::initCrashReporting(bool reportFreeze)
-{
-	if (isSecondInstance()) return; //BUG-5707 do not start another crash reporter for second instance.
-
-	const char* logger_name = "win_crash_logger.exe";
-	std::string exe_path = gDirUtilp->getExecutableDir();
-	exe_path += gDirUtilp->getDirDelimiter();
-	exe_path += logger_name;
-
-    std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, "");
-    std::string appname = gDirUtilp->getExecutableFilename();
-
-	S32 slen = logdir.length() -1;
-	S32 end = slen;
-	while (logdir.at(end) == '/' || logdir.at(end) == '\\') end--;
-	
-	if (slen !=end)
-	{
-		logdir = logdir.substr(0,end+1);
-	}
-	//std::string arg_str = "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid());
-	//_spawnl(_P_NOWAIT, exe_path.c_str(), arg_str.c_str(), NULL);
-	std::string arg_str =  "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid()); 
-
-	STARTUPINFO startInfo={sizeof(startInfo)};
-	PROCESS_INFORMATION processInfo;
-
-	std::wstring exe_wstr;
-	exe_wstr = utf8str_to_utf16str(exe_path);
-
-	std::wstring arg_wstr;
-	arg_wstr = utf8str_to_utf16str(arg_str);
-
-	LL_INFOS("CrashReport") << "Creating crash reporter process " << exe_path << " with params: " << arg_str << LL_ENDL;
-    if(CreateProcess(exe_wstr.c_str(),     
-                     &arg_wstr[0],                 // Application arguments
-                     0,
-                     0,
-                     FALSE,
-                     CREATE_DEFAULT_ERROR_MODE,
-                     0,
-                     0,                              // Working directory
-                     &startInfo,
-                     &processInfo) == FALSE)
-      // Could not start application -> call 'GetLastError()'
-	{
-        LL_WARNS("CrashReport") << "CreateProcess failed " << GetLastError() << LL_ENDL;
-        return;
-    }
-}
-
 //virtual
 bool LLAppViewerWin32::sendURLToOtherInstance(const std::string& url)
 {
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index 47091aa3b2..410737b27f 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -452,7 +452,7 @@ public:
 	virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0;
 	
 	// instantiate a chain from an X509_STORE_CTX
-	virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0;
+	virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0;
 	
 	// instantiate a cert store given it's id.  if a persisted version
 	// exists, it'll be loaded.  If not, one will be created (but not
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 19db020a31..b4853d270a 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert,
 LLBasicCertificate::LLBasicCertificate(X509* pCert,
                                        const LLSD* validation_params) 
 {
-	if (!pCert || !pCert->cert_info)
+	if (!pCert)
 	{
 		LLTHROW(LLInvalidCertificate(LLSD::emptyMap()));
 	}	
@@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name)
 		char buffer[32];
 		X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index);
 		
-		std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), 
-											 M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
+		std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), 
+											 ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
 
 		ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry);		
 		OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0);
@@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const
 // LLBasicCertificateChain
 // This class represents a chain of certs, each cert being signed by the next cert
 // in the chain.  Certs must be properly signed by the parent
-LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store)
+LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store)
 {
 
 	// we're passed in a context, which contains a cert, and a blob of untrusted
 	// certificates which compose the chain.
-	if((store == NULL) || (store->cert == NULL))
+	if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL)
 	{
 		LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL;
 		return;
 	}
 	// grab the child cert
-	LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert);
+	LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store));
 
 	add(current);
-	if(store->untrusted != NULL)
+	if(X509_STORE_CTX_get0_untrusted(store) != NULL)
 	{
 		// if there are other certs in the chain, we build up a vector
 		// of untrusted certs so we can search for the parents of each
 		// consecutive cert.
 		LLBasicCertificateVector untrusted_certs;
-		for(int i = 0; i < sk_X509_num(store->untrusted); i++)
+		for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++)
 		{
-			LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i));
+			LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i));
 			untrusted_certs.add(cert);
 
 		}		
@@ -1348,9 +1348,10 @@ void LLSecAPIBasicHandler::_readProtectedData()
 		
 
 		// read in the rest of the file.
-		EVP_CIPHER_CTX ctx;
-		EVP_CIPHER_CTX_init(&ctx);
-		EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL);
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+        // todo: ctx error handling
+
+		EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL);
 		// allocate memory:
 		std::string decrypted_data;	
 		
@@ -1358,14 +1359,14 @@ void LLSecAPIBasicHandler::_readProtectedData()
 			// read data as a block:
 			protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE);
 			
-			EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length, 
+			EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length, 
 							  buffer, protected_data_stream.gcount());
 			decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount());
 		}
 		
 		// RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is
 		// no block padding.
-		EVP_CIPHER_CTX_cleanup(&ctx);
+        EVP_CIPHER_CTX_free(ctx);
 		std::istringstream parse_stream(decrypted_data);
 		if (parser->parse(parse_stream, mProtectedDataMap, 
 						  LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE)
@@ -1401,12 +1402,14 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 	
 	llofstream protected_data_stream(tmp_filename.c_str(), 
                                      std::ios_base::binary);
+    EVP_CIPHER_CTX *ctx = NULL;
 	try
 	{
 		
-		EVP_CIPHER_CTX ctx;
-		EVP_CIPHER_CTX_init(&ctx);
-		EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL);
+		ctx = EVP_CIPHER_CTX_new();
+        // todo: ctx error handling
+
+		EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL);
 		unsigned char unique_id[MAC_ADDRESS_BYTES];
         LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
 		LLXORCipher cipher(unique_id, sizeof(unique_id));
@@ -1421,13 +1424,13 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 				break;
 			}
 			int encrypted_length;
-			EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length, 
+			EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length, 
 						  buffer, formatted_data_istream.gcount());
 			protected_data_stream.write((const char *)encrypted_buffer, encrypted_length);
 		}
 		
 		// no EVP_EncrypteFinal, as this is a stream cipher
-		EVP_CIPHER_CTX_cleanup(&ctx);
+        EVP_CIPHER_CTX_free(ctx);
 
 		protected_data_stream.close();
 	}
@@ -1439,6 +1442,11 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 		// it may be, however.
 		LLFile::remove(tmp_filename);
 
+        if (ctx)
+        {
+            EVP_CIPHER_CTX_free(ctx);
+        }
+
 		// EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData()
 		// Decided throwing an exception here was overkill until we figure out why this happens
 		//LLTHROW(LLProtectedDataException("Error writing Protected Data Store"));
@@ -1491,7 +1499,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert
 }
 		
 // instantiate a chain from an X509_STORE_CTX
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain)
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain)
 {
 	LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain);
 	return result;
diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h
index 0bc7f5230f..82670f9083 100644
--- a/indra/newview/llsechandler_basic.h
+++ b/indra/newview/llsechandler_basic.h
@@ -197,7 +197,7 @@ class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public
 {
 	
 public:
-	LLBasicCertificateChain(const X509_STORE_CTX * store);
+	LLBasicCertificateChain(X509_STORE_CTX * store);
 	
 	virtual ~LLBasicCertificateChain() {}
 	
@@ -241,7 +241,7 @@ public:
 	virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert);
 	
 	// instantiate a chain from an X509_STORE_CTX
-	virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain);
+	virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain);
 	
 	// instantiate a cert store given it's id.  if a persisted version
 	// exists, it'll be loaded.  If not, one will be created (but not
diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp
index caa3016d2e..37fbbb449b 100644
--- a/indra/newview/tests/llsecapi_test.cpp
+++ b/indra/newview/tests/llsecapi_test.cpp
@@ -57,7 +57,7 @@ void LLSecAPIBasicHandler::init() {}
 LLSecAPIBasicHandler::~LLSecAPIBasicHandler() {}
 LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(const std::string& pem_cert) { return NULL; }
 LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert) { return NULL; }
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { return NULL; }
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { return NULL; }
 LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const std::string& store_id) { return NULL; }
 void LLSecAPIBasicHandler::setProtectedData(const std::string& data_type, const std::string& data_id, const LLSD& data) {}
 void LLSecAPIBasicHandler::addToProtectedMap(const std::string& data_type, const std::string& data_id, const std::string& map_elem, const LLSD& data) {}
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index e5d226a2a4..4c8d6c51b0 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -1217,8 +1217,8 @@ namespace tut
 
 		// Single cert in the chain.
 		X509_STORE_CTX *test_store = X509_STORE_CTX_new();
-		test_store->cert = mX509ChildCert;		
-		test_store->untrusted = NULL;
+        X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+        X509_STORE_CTX_set0_untrusted(test_store, NULL);
 		test_chain = new LLBasicCertificateChain(test_store);
 		X509_STORE_CTX_free(test_store);
 		ensure_equals("two elements in store", test_chain->size(), 1);		
@@ -1229,9 +1229,9 @@ namespace tut
 		// cert + CA
 		
 		test_store = X509_STORE_CTX_new();
-		test_store->cert = mX509ChildCert;
-		test_store->untrusted = sk_X509_new_null();
-		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
+        X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+        X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+		sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
 		test_chain = new LLBasicCertificateChain(test_store);
 		X509_STORE_CTX_free(test_store);
 		ensure_equals("two elements in store", test_chain->size(), 2);	
@@ -1245,9 +1245,9 @@ namespace tut
 		// cert + nonrelated
 		
 		test_store = X509_STORE_CTX_new();
-		test_store->cert = mX509ChildCert;
-		test_store->untrusted = sk_X509_new_null();
-		sk_X509_push(test_store->untrusted, mX509TestCert);
+        X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+        X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+		sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
 		test_chain = new LLBasicCertificateChain(test_store);
 		X509_STORE_CTX_free(test_store);
 		ensure_equals("two elements in store", test_chain->size(), 1);	
@@ -1257,10 +1257,10 @@ namespace tut
 		
 		// cert + CA + nonrelated
 		test_store = X509_STORE_CTX_new();
-		test_store->cert = mX509ChildCert;
-		test_store->untrusted = sk_X509_new_null();
-		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
-		sk_X509_push(test_store->untrusted, mX509TestCert);
+        X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+        X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+		sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+		sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
 		test_chain = new LLBasicCertificateChain(test_store);
 		X509_STORE_CTX_free(test_store);
 		ensure_equals("two elements in store", test_chain->size(), 2);	
@@ -1273,10 +1273,10 @@ namespace tut
 
 		// cert + intermediate + CA 
 		test_store = X509_STORE_CTX_new();
-		test_store->cert = mX509ChildCert;
-		test_store->untrusted = sk_X509_new_null();
-		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
-		sk_X509_push(test_store->untrusted, mX509RootCert);
+        X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+        X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+		sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+		sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert);
 		test_chain = new LLBasicCertificateChain(test_store);
 		X509_STORE_CTX_free(test_store);
 		ensure_equals("three elements in store", test_chain->size(), 3);	
diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py
index 8b4184d13c..001cdb29f3 100755
--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@@ -553,9 +553,13 @@ class WindowsManifest(ViewerManifest):
                 self.path("vivoxsdk.dll")
                 self.path("ortp.dll")
             
-            # Security
-            self.path("ssleay32.dll")
-            self.path("libeay32.dll")
+            # OpenSSL
+            if (self.address_size == 64):
+                self.path("libcrypto-1_1-x64.dll")
+                self.path("libssl-1_1-x64.dll")
+            else:
+                self.path("libcrypto-1_1.dll")
+                self.path("libssl-1_1.dll")
 
             # HTTP/2
             self.path("nghttp2.dll")
@@ -1025,7 +1029,6 @@ class DarwinManifest(ViewerManifest):
                                 "libapr-1.0.dylib",
                                 "libaprutil-1.0.dylib",
                                 "libexpat.1.dylib",
-                                "libexception_handler.dylib",
                                 "libGLOD.dylib",
                                 # libnghttp2.dylib is a symlink to
                                 # libnghttp2.major.dylib, which is a symlink to
@@ -1061,19 +1064,15 @@ class DarwinManifest(ViewerManifest):
 
                 # our apps
                 executable_path = {}
-                embedded_apps = [ (os.path.join("llplugin", "slplugin"), "SLPlugin.app") ]
-                for app_bld_dir, app in embedded_apps:
-                    self.path2basename(os.path.join(os.pardir,
-                                                    app_bld_dir, self.args['configuration']),
-                                       app)
-                    executable_path[app] = \
-                        self.dst_path_of(os.path.join(app, "Contents", "MacOS"))
-
-                    # our apps dependencies on shared libs
-                    # for each app, for each dylib we collected in dylibs,
-                    # create a symlink to the real copy of the dylib.
-                    with self.prefix(dst=os.path.join(app, "Contents", "Resources")):
-                        for libfile in dylibs:
+                self.path2basename(os.path.join(os.pardir, os.path.join("llplugin", "slplugin"), self.args['configuration']), "SLPlugin.app")
+                executable_path["SLPlugin.app"] = \
+                    self.dst_path_of(os.path.join("SLPlugin.app", "Contents", "MacOS"))
+
+                # our apps dependencies on shared libs
+                # for each app, for each dylib we collected in dylibs,
+                # create a symlink to the real copy of the dylib.
+                with self.prefix(dst=os.path.join("SLPlugin.app", "Contents", "Resources")):
+                    for libfile in dylibs:
                             self.relsymlinkf(os.path.join(libfile_parent, libfile))
 
                 # Dullahan helper apps go inside SLPlugin.app
@@ -1294,6 +1293,10 @@ class DarwinManifest(ViewerManifest):
                     signed=False
                     sign_attempts=3
                     sign_retry_wait=15
+                    libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib"
+                    cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib"
+                    slplugin_path = app_in_dmg + "/Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin"
+                    greenlet_path = app_in_dmg + "/Contents/Resources/updater/greenlet/_greenlet.so"
                     while (not signed) and (sign_attempts > 0):
                         try:
                             sign_attempts-=1
@@ -1313,6 +1316,7 @@ class DarwinManifest(ViewerManifest):
                                 print >> sys.stderr, "Maximum codesign attempts exceeded; giving up"
                                 raise
                     self.run_command(['spctl', '-a', '-texec', '-vvvv', app_in_dmg])
+                    self.run_command([self.src_path_of("installers/darwin/apple-notarize.sh"), app_in_dmg])
 
         finally:
             # Unmount the image even if exceptions from any of the above 
@@ -1365,7 +1369,7 @@ class LinuxManifest(ViewerManifest):
         with self.prefix(dst="bin"):
             self.path("secondlife-bin","do-not-directly-run-secondlife-bin")
             self.path("../linux_crash_logger/linux-crash-logger","linux-crash-logger.bin")
-            self.path2basename("../llplugin/slplugin", "SLPlugin") 
+            self.path2basename("../llplugin/slplugin", "SLPlugin")
             #this copies over the python wrapper script, associated utilities and required libraries, see SL-321, SL-322 and SL-323
             with self.prefix(src="../viewer_components/manager", dst=""):
                 self.path("*.py")