summaryrefslogtreecommitdiff
path: root/indra
diff options
context:
space:
mode:
authorAndrey Kleshchev <andreykproductengine@lindenlab.com>2020-09-09 22:09:39 +0300
committerAndrey Kleshchev <andreykproductengine@lindenlab.com>2020-09-09 22:09:39 +0300
commit81553d1b8cacde537ceff10c8f24806a7f94ad36 (patch)
tree7453a0d00bac6b04a9df1f031e3662fa223d23e7 /indra
parent4eefce9767784742cd394ddf948d345cfbced8c8 (diff)
SL-13919 SSL verification should take mVerifyPeer flag into account
Diffstat (limited to 'indra')
-rw-r--r--indra/llcorehttp/_httpoprequest.cpp19
1 files changed, 14 insertions, 5 deletions
diff --git a/indra/llcorehttp/_httpoprequest.cpp b/indra/llcorehttp/_httpoprequest.cpp
index 6978b8d08b..408adbde2b 100644
--- a/indra/llcorehttp/_httpoprequest.cpp
+++ b/indra/llcorehttp/_httpoprequest.cpp
@@ -1007,11 +1007,20 @@ CURLcode HttpOpRequest::curlSslCtxCallback(CURL *curl, void *sslctx, void *userd
{
HttpOpRequest::ptr_t op(HttpOpRequest::fromHandle<HttpOpRequest>(userdata));
- if (op->mCallbackSSLVerify)
- {
- SSL_CTX * ctx = (SSL_CTX *)sslctx;
- // verification for ssl certs
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+ if (op->mCallbackSSLVerify)
+ {
+ SSL_CTX * ctx = (SSL_CTX *)sslctx;
+ if (op->mReqOptions && op->mReqOptions->getSSLVerifyPeer())
+ {
+ // verification for ssl certs
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+ }
+ else
+ {
+ // disable any default verification for server certs
+ // Ex: setting urls (assume non-SL) for parcel media in LLFloaterURLEntry
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+ }
// set the verification callback.
SSL_CTX_set_cert_verify_callback(ctx, sslCertVerifyCallback, userdata);
// the calls are void