SL-12421 Viewer's certificate validation does not reject connections

2 files changed, 7 insertions, 7 deletions

diff --git a/indra/llcorehttp/_httpoprequest.cpp b/indra/llcorehttp/_httpoprequest.cpp
index 0f76ff23ea..6978b8d08b 100644
--- a/indra/llcorehttp/_httpoprequest.cpp
+++ b/indra/llcorehttp/_httpoprequest.cpp
@@ -1010,8 +1010,8 @@ CURLcode HttpOpRequest::curlSslCtxCallback(CURL *curl, void *sslctx, void *userd
 	if (op->mCallbackSSLVerify)
 	{
 		SSL_CTX * ctx = (SSL_CTX *)sslctx;
-		// disable any default verification for server certs
-		SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+		// verification for ssl certs
+		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
 		// set the verification callback.
 		SSL_CTX_set_cert_verify_callback(ctx, sslCertVerifyCallback, userdata);
 		// the calls are void
diff --git a/indra/newview/llxmlrpctransaction.cpp b/indra/newview/llxmlrpctransaction.cpp
index 8e2539606b..32c8ce66a0 100644
--- a/indra/newview/llxmlrpctransaction.cpp
+++ b/indra/newview/llxmlrpctransaction.cpp
@@ -240,16 +240,16 @@ void LLXMLRPCTransaction::Handler::onCompleted(LLCore::HttpHandle handle,
 
 	if (!status)
 	{
+        mImpl->setHttpStatus(status);
+        LLSD errordata = status.getErrorData();
+        mImpl->mErrorCertData = errordata;
+
 		if ((status.toULong() != CURLE_SSL_PEER_CERTIFICATE) &&
 			(status.toULong() != CURLE_SSL_CACERT))
 		{
 			// if we have a curl error that's not already been handled
-			// (a non cert error), then generate the error message as
+			// (a non cert error), then generate the warning message as
 			// appropriate
-			mImpl->setHttpStatus(status);
-			LLSD errordata = status.getErrorData();
-            mImpl->mErrorCertData = errordata;
-
 			LL_WARNS() << "LLXMLRPCTransaction error "
 				<< status.toHex() << ": " << status.toString() << LL_ENDL;
 			LL_WARNS() << "LLXMLRPCTransaction request URI: "