summaryrefslogtreecommitdiff
path: root/indra
diff options
context:
space:
mode:
authorCallum Prentice <callum@lindenlab.com>2021-06-11 11:03:39 -0700
committerCallum Prentice <callum@lindenlab.com>2021-06-11 11:03:39 -0700
commit56b02aee2eff313c45adbbf6f2d93493cb6cced2 (patch)
treed4249be0dc9225ae5a0c6012a54dd02d42b50123 /indra
parent1b0e3d68183fb63ac5c160bc9aa7956746f33faf (diff)
Fix for SL-15389 -- Pull in the patch to add the Akamai cert fix specified in SL-15370
Diffstat (limited to 'indra')
-rw-r--r--indra/newview/llsechandler_basic.cpp14
1 files changed, 11 insertions, 3 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 737ef30ada..19db020a31 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -915,11 +915,19 @@ void _validateCert(int validation_policy,
}
if (validation_policy & VALIDATION_POLICY_SSL_KU)
{
+ // This stanza of code was changed 2021-06-09 as per details in SL-15370.
+ // Brief summary: a renewed certificate from Akamai only contains the
+ // 'Digital Signature' field and not the 'Key Encipherment' one. This code
+ // used to look for both and throw an exception at startup (ignored) and
+ // (for example) when buying L$ in the Viewer (fails with a UI message
+ // and an entry in the Viewer log). This modified code removes the second
+ // check for the 'Key Encipherment' field. If Akamai can provide a
+ // replacement certificate that has both fields, then this modified code
+ // will not be required.
if (current_cert_info.has(CERT_KEY_USAGE) && current_cert_info[CERT_KEY_USAGE].isArray() &&
- (!(_LLSDArrayIncludesValue(current_cert_info[CERT_KEY_USAGE],
- LLSD((std::string)CERT_KU_DIGITAL_SIGNATURE))) ||
!(_LLSDArrayIncludesValue(current_cert_info[CERT_KEY_USAGE],
- LLSD((std::string)CERT_KU_KEY_ENCIPHERMENT)))))
+ LLSD((std::string)CERT_KU_DIGITAL_SIGNATURE)))
+ )
{
LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
}