summaryrefslogtreecommitdiff
path: root/indra
diff options
context:
space:
mode:
authorAndrey Kleshchev <andreykproductengine@lindenlab.com>2021-01-20 20:19:28 +0200
committerAndrey Kleshchev <andreykproductengine@lindenlab.com>2021-01-25 21:13:47 +0200
commit0d324bb24db49f6f28d7e7f14fd69e7676de8fe6 (patch)
tree613a01566303343b0621183937c697bb1e738326 /indra
parent83127d22992e055b40298724d0cac0de108b6116 (diff)
SL-12422 Clear cert cache to enshure there is no carry-over between failed logins
Diffstat (limited to 'indra')
-rw-r--r--indra/newview/llsecapi.h4
-rw-r--r--indra/newview/llsechandler_basic.h5
-rw-r--r--indra/newview/llstartup.cpp5
3 files changed, 12 insertions, 2 deletions
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index 14059f828a..3a7b06c55a 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -264,7 +264,9 @@ public:
virtual void validate(int validation_policy,
LLPointer<LLCertificateChain> cert_chain,
const LLSD& validation_params) =0;
-
+
+ // Clear cache if any
+ virtual void clearSertCache()=0;
};
diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h
index 0bc7f5230f..3bfac3f056 100644
--- a/indra/newview/llsechandler_basic.h
+++ b/indra/newview/llsechandler_basic.h
@@ -177,7 +177,10 @@ public:
virtual void validate(int validation_policy,
LLPointer<LLCertificateChain> ca_chain,
const LLSD& validation_params);
-
+
+ // Clears cache of certs validated agains store
+ virtual void clearSertCache() { mTrustedCertCache.clear(); }
+
protected:
std::vector<LLPointer<LLCertificate> > mCerts;
diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp
index 17777c3ceb..194702e43e 100644
--- a/indra/newview/llstartup.cpp
+++ b/indra/newview/llstartup.cpp
@@ -2824,6 +2824,11 @@ void reset_login()
// Hide any other stuff
LLFloaterReg::hideVisibleInstances();
LLStartUp::setStartupState( STATE_BROWSER_INIT );
+
+ // Clear any verified certs and verify them again on next login
+ // to ensure cert matches server instead of just getting reused
+ LLPointer<LLCertificateStore> store = gSecAPIHandler->getCertificateStore("");
+ store->clearSertCache();
}
//---------------------------------------------------------------------------