summaryrefslogtreecommitdiff
path: root/indra/llmessage/llcurl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'indra/llmessage/llcurl.cpp')
-rw-r--r--indra/llmessage/llcurl.cpp29
1 files changed, 18 insertions, 11 deletions
diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp
index 91e11b8c0d..024e17a777 100644
--- a/indra/llmessage/llcurl.cpp
+++ b/indra/llmessage/llcurl.cpp
@@ -89,6 +89,10 @@ S32 gCurlMultiCount = 0;
std::vector<LLMutex*> LLCurl::sSSLMutex;
std::string LLCurl::sCAPath;
std::string LLCurl::sCAFile;
+// Verify SSL certificates by default (matches libcurl default). The ability
+// to alter this flag is only to allow us to suppress verification if it's
+// broken for some reason.
+bool LLCurl::sSSLVerify = true;
//static
void LLCurl::setCAPath(const std::string& path)
@@ -103,6 +107,18 @@ void LLCurl::setCAFile(const std::string& file)
}
//static
+void LLCurl::setSSLVerify(bool verify)
+{
+ sSSLVerify = verify;
+}
+
+//static
+bool LLCurl::getSSLVerify()
+{
+ return sSSLVerify;
+}
+
+//static
std::string LLCurl::getVersionString()
{
return std::string(curl_version());
@@ -465,7 +481,8 @@ void LLCurl::Easy::prepRequest(const std::string& url,
setErrorBuffer();
setCA();
- setopt(CURLOPT_SSL_VERIFYPEER, true);
+ setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify());
+ setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify()? 2 : 0);
setopt(CURLOPT_TIMEOUT, CURL_REQUEST_TIMEOUT);
setoptString(CURLOPT_URL, url);
@@ -895,15 +912,6 @@ void LLCurlEasyRequest::setReadCallback(curl_read_callback callback, void* userd
}
}
-void LLCurlEasyRequest::setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata)
-{
- if (mEasy)
- {
- mEasy->setopt(CURLOPT_SSL_CTX_FUNCTION, (void*)callback);
- mEasy->setopt(CURLOPT_SSL_CTX_DATA, userdata);
- }
-}
-
void LLCurlEasyRequest::slist_append(const char* str)
{
if (mEasy)
@@ -1053,4 +1061,3 @@ void LLCurl::cleanupClass()
#endif
curl_global_cleanup();
}
-