diff options
| author | Nat Goodspeed <nat@lindenlab.com> | 2010-01-20 15:48:13 -0500 |
|---|---|---|
| committer | Nat Goodspeed <nat@lindenlab.com> | 2010-01-20 15:48:13 -0500 |
| commit | df7e5dd1dc491e6f2a8bcff44d75f8e2113b8b6f (patch) | |
| tree | 526b2bf6e9516f6652c5cf8736296be6549f7746 /indra/newview | |
| parent | ea875ca0eb3e3f9c5f7398ad721f5e2dd1427cf1 (diff) | |
DEV-35248: Allow NoVerifySSLCert to uniformly disable verification
Introduce static LLCurl SSL verification flag, default 'true', accessed by
LLCurl::setSSLVerify() and getSSLVerify().
Make LLCurl::Easy::prepRequest() check LLCurl::getSSLVerify() instead of
unconditionally setting CURLOPT_SSL_VERIFYPEER 'true'. Also set
CURLOPT_SSL_VERIFYHOST to match.
Make LLXMLRPCTransaction::Impl::init() examine LLCurl::getSSLVerify(), instead
of directly examining gSavedSettings.getBOOL("NoVerifySSLCert").
Make LLURLRequest::checkRootCertificate() set CURLOPT_SSL_VERIFYHOST as well
as CURLOPT_SSL_VERIFYPEER.
Make request() in llhttpclient.cpp (used by LLHTTPClient::getByteRange(),
head(), get(), getHeaderOnly(), put(), post(), postRaw(), postFile(), del(),
move()) pass LLCurl::getSSLVerify() to checkRootCertificate(), rather than
constant 'true'.
Make LLAppViewer::mainLoop() call
LLCurl::setSSLVerify(! gSavedSettings.getBOOL("NoVerifySSLCert"))
at the same time it calls LLCurl::setCAFile(), a comparable bit of static
setup.
Diffstat (limited to 'indra/newview')
| -rw-r--r-- | indra/newview/llappviewer.cpp | 4 | ||||
| -rw-r--r-- | indra/newview/llxmlrpctransaction.cpp | 5 |
2 files changed, 4 insertions, 5 deletions
diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp index 638a8f759d..0e248ff88b 100644 --- a/indra/newview/llappviewer.cpp +++ b/indra/newview/llappviewer.cpp @@ -926,7 +926,6 @@ bool LLAppViewer::mainLoop() { LLMemType mt1(LLMemType::MTYPE_MAIN); mMainloopTimeout = new LLWatchdogTimeout(); - // *FIX:Mani - Make this a setting, once new settings exist in this branch. //------------------------------------------- // Run main loop until time to quit @@ -936,12 +935,13 @@ bool LLAppViewer::mainLoop() gServicePump = new LLPumpIO(gAPRPoolp); LLHTTPClient::setPump(*gServicePump); LLCurl::setCAFile(gDirUtilp->getCAFile()); + LLCurl::setSSLVerify(! gSavedSettings.getBOOL("NoVerifySSLCert")); // Note: this is where gLocalSpeakerMgr and gActiveSpeakerMgr used to be instantiated. LLVoiceChannel::initClass(); LLVoiceClient::init(gServicePump); - + LLTimer frameTimer,idleTimer; LLTimer debugTime; LLViewerJoystick* joystick(LLViewerJoystick::getInstance()); diff --git a/indra/newview/llxmlrpctransaction.cpp b/indra/newview/llxmlrpctransaction.cpp index 70859e8ea5..c19be37e75 100644 --- a/indra/newview/llxmlrpctransaction.cpp +++ b/indra/newview/llxmlrpctransaction.cpp @@ -252,9 +252,8 @@ void LLXMLRPCTransaction::Impl::init(XMLRPC_REQUEST request, bool useGzip) // mCurlRequest->setopt(CURLOPT_VERBOSE, 1); // usefull for debugging mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1); mCurlRequest->setWriteCallback(&curlDownloadCallback, (void*)this); - BOOL vefifySSLCert = !gSavedSettings.getBOOL("NoVerifySSLCert"); - mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, vefifySSLCert); - mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, vefifySSLCert ? 2 : 0); + mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify()); + mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify() ? 2 : 0); // Be a little impatient about establishing connections. mCurlRequest->setopt(CURLOPT_CONNECTTIMEOUT, 40L); |