diff options
| author | Andrey Lihatskiy <alihatskiy@productengine.com> | 2020-09-04 17:34:57 +0300 |
|---|---|---|
| committer | Andrey Lihatskiy <alihatskiy@productengine.com> | 2020-09-04 21:29:06 +0300 |
| commit | 645393c5e976a9a6164453bf7df588ec745f04c5 (patch) | |
| tree | 5ddc1612aa17eb4f9cbb202cb967b97cc7919671 /indra | |
| parent | e8b31d03b4f6f0ffb981b4ea150743daf7b4a958 (diff) | |
SL-13910 Added the TLS Web Server Authentication certificate check
Diffstat (limited to 'indra')
| -rw-r--r-- | indra/newview/llsecapi.h | 1 | ||||
| -rw-r--r-- | indra/newview/llsechandler_basic.cpp | 7 |
2 files changed, 6 insertions, 2 deletions
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 69b6b32923..c2fdbeb8e9 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -75,6 +75,7 @@ #define CERT_EXTENDED_KEY_USAGE "extendedKeyUsage" #define CERT_EKU_SERVER_AUTH SN_server_auth +#define CERT_EKU_TLS_SERVER_AUTH LN_server_auth #define CERT_SUBJECT_KEY_IDENTFIER "subjectKeyIdentifier" #define CERT_AUTHORITY_KEY_IDENTIFIER "authorityKeyIdentifier" diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 55e49100c3..109a2133b8 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -925,8 +925,11 @@ void _validateCert(int validation_policy, } // only validate EKU if the cert has it if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() && - (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], - LLSD((std::string)CERT_EKU_SERVER_AUTH)))) + ( (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], + LLSD((std::string)CERT_EKU_SERVER_AUTH))) + || (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], + LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH))) + )) { LLTHROW(LLCertKeyUsageValidationException(current_cert_info)); } |