diff options
author | Andrey Kleshchev <andreykproductengine@lindenlab.com> | 2020-09-09 22:09:39 +0300 |
---|---|---|
committer | Andrey Kleshchev <andreykproductengine@lindenlab.com> | 2020-09-09 22:09:39 +0300 |
commit | 81553d1b8cacde537ceff10c8f24806a7f94ad36 (patch) | |
tree | 7453a0d00bac6b04a9df1f031e3662fa223d23e7 /indra | |
parent | 4eefce9767784742cd394ddf948d345cfbced8c8 (diff) |
SL-13919 SSL verification should take mVerifyPeer flag into account
Diffstat (limited to 'indra')
-rw-r--r-- | indra/llcorehttp/_httpoprequest.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/indra/llcorehttp/_httpoprequest.cpp b/indra/llcorehttp/_httpoprequest.cpp index 6978b8d08b..408adbde2b 100644 --- a/indra/llcorehttp/_httpoprequest.cpp +++ b/indra/llcorehttp/_httpoprequest.cpp @@ -1007,11 +1007,20 @@ CURLcode HttpOpRequest::curlSslCtxCallback(CURL *curl, void *sslctx, void *userd { HttpOpRequest::ptr_t op(HttpOpRequest::fromHandle<HttpOpRequest>(userdata)); - if (op->mCallbackSSLVerify) - { - SSL_CTX * ctx = (SSL_CTX *)sslctx; - // verification for ssl certs - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + if (op->mCallbackSSLVerify) + { + SSL_CTX * ctx = (SSL_CTX *)sslctx; + if (op->mReqOptions && op->mReqOptions->getSSLVerifyPeer()) + { + // verification for ssl certs + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + } + else + { + // disable any default verification for server certs
+ // Ex: setting urls (assume non-SL) for parcel media in LLFloaterURLEntry
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); + } // set the verification callback. SSL_CTX_set_cert_verify_callback(ctx, sslCertVerifyCallback, userdata); // the calls are void |