diff options
Diffstat (limited to 'indra/llcorehttp')
-rw-r--r-- | indra/llcorehttp/_httpoprequest.cpp | 4 | ||||
-rw-r--r-- | indra/llcorehttp/httpoptions.cpp | 11 | ||||
-rw-r--r-- | indra/llcorehttp/httpoptions.h | 11 |
3 files changed, 22 insertions, 4 deletions
diff --git a/indra/llcorehttp/_httpoprequest.cpp b/indra/llcorehttp/_httpoprequest.cpp index 408adbde2b..7bea8e9f9c 100644 --- a/indra/llcorehttp/_httpoprequest.cpp +++ b/indra/llcorehttp/_httpoprequest.cpp @@ -1017,8 +1017,8 @@ CURLcode HttpOpRequest::curlSslCtxCallback(CURL *curl, void *sslctx, void *userd } else { - // disable any default verification for server certs
- // Ex: setting urls (assume non-SL) for parcel media in LLFloaterURLEntry
+ // disable any default verification for server certs + // Ex: setting urls (assume non-SL) for parcel media in LLFloaterURLEntry SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); } // set the verification callback. diff --git a/indra/llcorehttp/httpoptions.cpp b/indra/llcorehttp/httpoptions.cpp index df5aa52fa9..c6365e5091 100644 --- a/indra/llcorehttp/httpoptions.cpp +++ b/indra/llcorehttp/httpoptions.cpp @@ -32,6 +32,7 @@ namespace LLCore { + bool HttpOptions::sDefaultVerifyPeer = false; HttpOptions::HttpOptions() : mWantHeaders(false), @@ -43,7 +44,7 @@ HttpOptions::HttpOptions() : mMaxRetryBackoff(HTTP_RETRY_BACKOFF_MAX_DEFAULT), mUseRetryAfter(HTTP_USE_RETRY_AFTER_DEFAULT), mFollowRedirects(true), - mVerifyPeer(false), + mVerifyPeer(sDefaultVerifyPeer), mVerifyHost(false), mDNSCacheTimeout(-1L), mNoBody(false) @@ -122,7 +123,15 @@ void HttpOptions::setHeadersOnly(bool nobody) { mNoBody = nobody; if (mNoBody) + { setWantHeaders(true); + setSSLVerifyPeer(false); + } +} + +void HttpOptions::setDefaultSSLVerifyPeer(bool verify) +{ + sDefaultVerifyPeer = verify; } } // end namespace LLCore diff --git a/indra/llcorehttp/httpoptions.h b/indra/llcorehttp/httpoptions.h index 8a6de61b04..41f71896b0 100644 --- a/indra/llcorehttp/httpoptions.h +++ b/indra/llcorehttp/httpoptions.h @@ -143,7 +143,7 @@ public: /// Instructs the LLCore::HTTPRequest to verify that the exchanged security /// certificate is authentic. - /// Default: false + /// Default: sDefaultVerifyPeer void setSSLVerifyPeer(bool verify); bool getSSLVerifyPeer() const { @@ -177,6 +177,13 @@ public: { return mNoBody; } + + /// Sets default behavior for verifying that the name in the + /// security certificate matches the name of the host contacted. + /// Defaults false if not set, but should be set according to + /// viewer's initialization options and command argunments, see + /// NoVerifySSLCert + static void setDefaultSSLVerifyPeer(bool verify); protected: bool mWantHeaders; @@ -192,6 +199,8 @@ protected: bool mVerifyHost; int mDNSCacheTimeout; bool mNoBody; + + static bool sDefaultVerifyPeer; }; // end class HttpOptions |