Merge branch 'marchcat/SL-13910' into DRTVWR-503-maint

4 files changed, 22 insertions, 7 deletions

diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp
index 10e510b842..26a2df8270 100644
--- a/indra/newview/llsecapi.cpp
+++ b/indra/newview/llsecapi.cpp
@@ -154,3 +154,10 @@ void LLCredential::authenticatorType(std::string &idType)
 		
 	}
 }
+
+LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
+  : LLException(msg),
+    mCertData(cert_data)
+{
+    LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
+}
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index ae87cac53c..14059f828a 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -75,6 +75,7 @@
 
 #define CERT_EXTENDED_KEY_USAGE "extendedKeyUsage"
 #define CERT_EKU_SERVER_AUTH SN_server_auth
+#define CERT_EKU_TLS_SERVER_AUTH LN_server_auth
 
 #define CERT_SUBJECT_KEY_IDENTFIER "subjectKeyIdentifier"
 #define CERT_AUTHORITY_KEY_IDENTIFIER "authorityKeyIdentifier"
@@ -334,11 +335,7 @@ std::ostream& operator <<(std::ostream& s, const LLCredential& cred);
 class LLCertException: public LLException
 {
 public:
-	LLCertException(const LLSD& cert_data, const std::string& msg): LLException(msg),
-        mCertData(cert_data)
-	{
-		LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
-	}
+    LLCertException(const LLSD& cert_data, const std::string& msg);
 	virtual ~LLCertException() throw() {}
 	LLSD getCertData() const { return mCertData; }
 protected:
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 8a922aee4f..656a2cf8cf 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -925,8 +925,11 @@ void _validateCert(int validation_policy,
 		}
 		// only validate EKU if the cert has it
 		if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() &&	   
-		   (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
-									LLSD((std::string)CERT_EKU_SERVER_AUTH))))
+		   (  (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
+                                         LLSD((std::string)CERT_EKU_SERVER_AUTH)))
+           || (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
+                                        LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH)))
+            ))
 		{
 			LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
 		}
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index 63967fae37..e5d226a2a4 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -124,6 +124,14 @@ S32 LLMachineID::getUniqueID(unsigned char *unique_id, size_t len)
 S32 LLMachineID::init() { return 1; }
 	
 
+LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
+    : LLException(msg),
+    mCertData(cert_data)
+{
+    LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
+}
+
+
 // -------------------------------------------------------------------------------------------
 // TUT
 // -------------------------------------------------------------------------------------------