diff options
author | Callum Prentice <callum@lindenlab.com> | 2021-06-11 11:03:39 -0700 |
---|---|---|
committer | Callum Prentice <callum@lindenlab.com> | 2021-06-11 11:03:39 -0700 |
commit | 56b02aee2eff313c45adbbf6f2d93493cb6cced2 (patch) | |
tree | d4249be0dc9225ae5a0c6012a54dd02d42b50123 /indra | |
parent | 1b0e3d68183fb63ac5c160bc9aa7956746f33faf (diff) |
Fix for SL-15389 -- Pull in the patch to add the Akamai cert fix specified in SL-15370
Diffstat (limited to 'indra')
-rw-r--r-- | indra/newview/llsechandler_basic.cpp | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 737ef30ada..19db020a31 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -915,11 +915,19 @@ void _validateCert(int validation_policy, } if (validation_policy & VALIDATION_POLICY_SSL_KU) { + // This stanza of code was changed 2021-06-09 as per details in SL-15370. + // Brief summary: a renewed certificate from Akamai only contains the + // 'Digital Signature' field and not the 'Key Encipherment' one. This code + // used to look for both and throw an exception at startup (ignored) and + // (for example) when buying L$ in the Viewer (fails with a UI message + // and an entry in the Viewer log). This modified code removes the second + // check for the 'Key Encipherment' field. If Akamai can provide a + // replacement certificate that has both fields, then this modified code + // will not be required. if (current_cert_info.has(CERT_KEY_USAGE) && current_cert_info[CERT_KEY_USAGE].isArray() && - (!(_LLSDArrayIncludesValue(current_cert_info[CERT_KEY_USAGE], - LLSD((std::string)CERT_KU_DIGITAL_SIGNATURE))) || !(_LLSDArrayIncludesValue(current_cert_info[CERT_KEY_USAGE], - LLSD((std::string)CERT_KU_KEY_ENCIPHERMENT))))) + LLSD((std::string)CERT_KU_DIGITAL_SIGNATURE))) + ) { LLTHROW(LLCertKeyUsageValidationException(current_cert_info)); } |