summaryrefslogtreecommitdiff
path: root/indra/llmessage
diff options
context:
space:
mode:
Diffstat (limited to 'indra/llmessage')
-rw-r--r--indra/llmessage/llcurl.cpp28
-rw-r--r--indra/llmessage/llcurl.h12
-rw-r--r--indra/llmessage/llhttpclient.cpp16
-rw-r--r--indra/llmessage/llhttpclient.h11
-rw-r--r--indra/llmessage/llurlrequest.cpp51
-rw-r--r--indra/llmessage/llurlrequest.h68
6 files changed, 101 insertions, 85 deletions
diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp
index 7c6660e28b..5caf620059 100644
--- a/indra/llmessage/llcurl.cpp
+++ b/indra/llmessage/llcurl.cpp
@@ -90,6 +90,10 @@ S32 gCurlMultiCount = 0;
std::vector<LLMutex*> LLCurl::sSSLMutex;
std::string LLCurl::sCAPath;
std::string LLCurl::sCAFile;
+// Verify SSL certificates by default (matches libcurl default). The ability
+// to alter this flag is only to allow us to suppress verification if it's
+// broken for some reason.
+bool LLCurl::sSSLVerify = true;
//static
void LLCurl::setCAPath(const std::string& path)
@@ -104,6 +108,18 @@ void LLCurl::setCAFile(const std::string& file)
}
//static
+void LLCurl::setSSLVerify(bool verify)
+{
+ sSSLVerify = verify;
+}
+
+//static
+bool LLCurl::getSSLVerify()
+{
+ return sSSLVerify;
+}
+
+//static
std::string LLCurl::getVersionString()
{
return std::string(curl_version());
@@ -528,7 +544,7 @@ void LLCurl::Easy::prepRequest(const std::string& url,
setErrorBuffer();
setCA();
- setopt(CURLOPT_SSL_VERIFYPEER, true);
+ setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify());
//setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify()? 2 : 0);
//don't verify host name so urls with scrubbed host names will work (improves DNS performance)
@@ -999,15 +1015,6 @@ void LLCurlEasyRequest::setReadCallback(curl_read_callback callback, void* userd
}
}
-void LLCurlEasyRequest::setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata)
-{
- if (mEasy)
- {
- mEasy->setopt(CURLOPT_SSL_CTX_FUNCTION, (void*)callback);
- mEasy->setopt(CURLOPT_SSL_CTX_DATA, userdata);
- }
-}
-
void LLCurlEasyRequest::slist_append(const char* str)
{
if (mEasy)
@@ -1175,4 +1182,3 @@ void LLCurl::cleanupClass()
}
}
-
diff --git a/indra/llmessage/llcurl.h b/indra/llmessage/llcurl.h
index 882d036705..6ec0a5d8a7 100644
--- a/indra/llmessage/llcurl.h
+++ b/indra/llmessage/llcurl.h
@@ -158,6 +158,16 @@ public:
static const std::string& getCAPath() { return sCAPath; }
/**
+ * @ brief Set flag controlling whether to verify HTTPS certs.
+ */
+ static void setSSLVerify(bool verify);
+
+ /**
+ * @ brief Get flag controlling whether to verify HTTPS certs.
+ */
+ static bool getSSLVerify();
+
+ /**
* @ brief Initialize LLCurl class
*/
static void initClass();
@@ -182,6 +192,7 @@ public:
private:
static std::string sCAPath;
static std::string sCAFile;
+ static bool sSSLVerify;
};
namespace boost
@@ -232,7 +243,6 @@ public:
void setHeaderCallback(curl_header_callback callback, void* userdata);
void setWriteCallback(curl_write_callback callback, void* userdata);
void setReadCallback(curl_read_callback callback, void* userdata);
- void setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata);
void slist_append(const char* str);
void sendRequest(const std::string& url);
void requestComplete();
diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp
index cdcc5b42c3..46952fa434 100644
--- a/indra/llmessage/llhttpclient.cpp
+++ b/indra/llmessage/llhttpclient.cpp
@@ -31,7 +31,7 @@
*/
#include "linden_common.h"
-#include <openssl/x509_vfy.h>
+
#include "llhttpclient.h"
#include "llassetstorage.h"
@@ -46,10 +46,7 @@
#include "message.h"
#include <curl/curl.h>
-
const F32 HTTP_REQUEST_EXPIRY_SECS = 60.0f;
-LLURLRequest::SSLCertVerifyCallback LLHTTPClient::mCertVerifyCallback = NULL;
-
////////////////////////////////////////////////////////////////////////////
// Responder class moved to LLCurl
@@ -210,19 +207,13 @@ namespace
LLPumpIO* theClientPump = NULL;
}
-void LLHTTPClient::setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback)
-{
- LLHTTPClient::mCertVerifyCallback = callback;
-}
-
static void request(
const std::string& url,
LLURLRequest::ERequestAction method,
Injector* body_injector,
LLCurl::ResponderPtr responder,
const F32 timeout = HTTP_REQUEST_EXPIRY_SECS,
- const LLSD& headers = LLSD()
- )
+ const LLSD& headers = LLSD())
{
if (!LLHTTPClient::hasPump())
{
@@ -232,7 +223,7 @@ static void request(
LLPumpIO::chain_t chain;
LLURLRequest* req = new LLURLRequest(method, url);
- req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req);
+ req->checkRootCertificate(LLCurl::getSSLVerify());
lldebugs << LLURLRequest::actionAsVerb(method) << " " << url << " "
@@ -427,6 +418,7 @@ static LLSD blocking_request(
std::string body_str;
// other request method checks root cert first, we skip?
+ //req->checkRootCertificate(true);
// * Set curl handle options
curl_easy_setopt(curlp, CURLOPT_NOSIGNAL, 1); // don't use SIGALRM for timeouts
diff --git a/indra/llmessage/llhttpclient.h b/indra/llmessage/llhttpclient.h
index 8afbc9e0fc..3d0646e5fe 100644
--- a/indra/llmessage/llhttpclient.h
+++ b/indra/llmessage/llhttpclient.h
@@ -40,8 +40,7 @@
#include <string>
#include <boost/intrusive_ptr.hpp>
-#include <openssl/x509_vfy.h>
-#include "llurlrequest.h"
+
#include "llassettype.h"
#include "llcurl.h"
#include "lliopipe.h"
@@ -62,7 +61,6 @@ public:
typedef LLCurl::Responder Responder;
typedef LLCurl::ResponderPtr ResponderPtr;
-
/** @name non-blocking API */
//@{
static void head(
@@ -157,12 +155,7 @@ public:
static void setPump(LLPumpIO& pump);
///< must be called before any of the above calls are made
static bool hasPump();
-
- static void setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback);
- static LLURLRequest::SSLCertVerifyCallback getCertVerifyCallback() { return mCertVerifyCallback; }
-
-protected:
- static LLURLRequest::SSLCertVerifyCallback mCertVerifyCallback;
+ ///< for testing
};
#endif // LL_LLHTTPCLIENT_H
diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp
index 1e76d10828..4e7ceff984 100644
--- a/indra/llmessage/llurlrequest.cpp
+++ b/indra/llmessage/llurlrequest.cpp
@@ -36,8 +36,7 @@
#include "llurlrequest.h"
#include <algorithm>
-#include <openssl/x509_vfy.h>
-#include <openssl/ssl.h>
+
#include "llcurl.h"
#include "llioutil.h"
#include "llmemtype.h"
@@ -57,8 +56,6 @@ const std::string CONTEXT_TRANSFERED_BYTES("transfered_bytes");
static size_t headerCallback(void* data, size_t size, size_t nmemb, void* user);
-
-
/**
* class LLURLRequestDetail
*/
@@ -75,7 +72,6 @@ public:
U32 mBodyLimit;
S32 mByteAccumulator;
bool mIsBodyLimitSet;
- LLURLRequest::SSLCertVerifyCallback mSSLVerifyCallback;
};
LLURLRequestDetail::LLURLRequestDetail() :
@@ -84,8 +80,7 @@ LLURLRequestDetail::LLURLRequestDetail() :
mLastRead(NULL),
mBodyLimit(0),
mByteAccumulator(0),
- mIsBodyLimitSet(false),
- mSSLVerifyCallback(NULL)
+ mIsBodyLimitSet(false)
{
LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST);
mCurlRequest = new LLCurlEasyRequest();
@@ -99,36 +94,6 @@ LLURLRequestDetail::~LLURLRequestDetail()
mLastRead = NULL;
}
-void LLURLRequest::setSSLVerifyCallback(SSLCertVerifyCallback callback, void *param)
-{
- mDetail->mSSLVerifyCallback = callback;
- mDetail->mCurlRequest->setSSLCtxCallback(LLURLRequest::_sslCtxCallback, (void *)this);
- mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, true);
- mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, 2);
-}
-
-
-// _sslCtxFunction
-// Callback function called when an SSL Context is created via CURL
-// used to configure the context for custom cert validation
-
-CURLcode LLURLRequest::_sslCtxCallback(CURL * curl, void *sslctx, void *param)
-{
- LLURLRequest *req = (LLURLRequest *)param;
- if(req == NULL || req->mDetail->mSSLVerifyCallback == NULL)
- {
- SSL_CTX_set_cert_verify_callback((SSL_CTX *)sslctx, NULL, NULL);
- return CURLE_OK;
- }
- SSL_CTX * ctx = (SSL_CTX *) sslctx;
- // disable any default verification for server certs
- SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
- // set the verification callback.
- SSL_CTX_set_cert_verify_callback(ctx, req->mDetail->mSSLVerifyCallback, (void *)req);
- // the calls are void
- return CURLE_OK;
-
-}
/**
* class LLURLRequest
@@ -183,11 +148,6 @@ void LLURLRequest::setURL(const std::string& url)
mDetail->mURL = url;
}
-std::string LLURLRequest::getURL() const
-{
- return mDetail->mURL;
-}
-
void LLURLRequest::addHeader(const char* header)
{
LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST);
@@ -200,6 +160,13 @@ void LLURLRequest::setBodyLimit(U32 size)
mDetail->mIsBodyLimitSet = true;
}
+void LLURLRequest::checkRootCertificate(bool check)
+{
+ mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE));
+ mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, (check? 2 : 0));
+ mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, "");
+}
+
void LLURLRequest::setCallback(LLURLRequestComplete* callback)
{
LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST);
diff --git a/indra/llmessage/llurlrequest.h b/indra/llmessage/llurlrequest.h
index 69fd22e592..cb3c466440 100644
--- a/indra/llmessage/llurlrequest.h
+++ b/indra/llmessage/llurlrequest.h
@@ -44,8 +44,6 @@
#include "lliopipe.h"
#include "llchainio.h"
#include "llerror.h"
-#include <openssl/x509_vfy.h>
-#include "llcurl.h"
extern const std::string CONTEXT_REQUEST;
@@ -74,8 +72,6 @@ class LLURLRequest : public LLIOPipe
{
LOG_CLASS(LLURLRequest);
public:
-
- typedef int (* SSLCertVerifyCallback)(X509_STORE_CTX *ctx, void *param);
/**
* @brief This enumeration is for specifying the type of request.
*/
@@ -129,7 +125,7 @@ public:
*
*/
void setURL(const std::string& url);
- std::string getURL() const;
+
/**
* @brief Add a header to the http post.
*
@@ -147,9 +143,8 @@ public:
* Set whether request will check that remote server
* certificates are signed by a known root CA when using HTTPS.
*/
- void setSSLVerifyCallback(SSLCertVerifyCallback callback, void * param);
+ void checkRootCertificate(bool check);
-
/**
* @brief Return at most size bytes of body.
*
@@ -194,7 +189,6 @@ public:
* @brief Give this pipe a chance to handle a generated error
*/
virtual EStatus handleError(EStatus status, LLPumpIO* pump);
-
protected:
/**
@@ -223,8 +217,6 @@ protected:
S32 mRequestTransferedBytes;
S32 mResponseTransferedBytes;
- static CURLcode _sslCtxCallback(CURL * curl, void *sslctx, void *param);
-
private:
/**
* @brief Initialize the object. Called during construction.
@@ -372,6 +364,62 @@ protected:
};
+/**
+ * @class LLURLRequestClientFactory
+ * @brief Template class to build url request based client chains
+ *
+ * This class eases construction of a basic sd rpc client. Here is an
+ * example of it's use:
+ * <code>
+ * class LLUsefulService : public LLService { ... }<br>
+ * LLService::registerCreator(<br>
+ * "useful",<br>
+ * LLService::creator_t(new LLURLRequestClientFactory<LLUsefulService>))<br>
+ * </code>
+ *
+ * This class should work, but I never got around to using/testing it.
+ *
+ */
+#if 0
+template<class Client>
+class LLURLRequestClientFactory : public LLChainIOFactory
+{
+public:
+ LLURLRequestClientFactory(LLURLRequest::ERequestAction action) {}
+ LLURLRequestClientFactory(
+ LLURLRequest::ERequestAction action,
+ const std::string& fixed_url) :
+ mAction(action),
+ mURL(fixed_url)
+ {
+ }
+ virtual bool build(LLPumpIO::chain_t& chain, LLSD context) const
+ {
+ lldebugs << "LLURLRequestClientFactory::build" << llendl;
+ LLIOPipe::ptr_t service(new Client);
+ chain.push_back(service);
+ LLURLRequest* http(new LLURLRequest(mAction));
+ LLIOPipe::ptr_t http_pipe(http);
+ // *FIX: how do we know the content type?
+ //http->addHeader("Content-Type: text/llsd");
+ if(mURL.empty())
+ {
+ chain.push_back(LLIOPipe::ptr_t(new LLContextURLExtractor(http)));
+ }
+ else
+ {
+ http->setURL(mURL);
+ }
+ chain.push_back(http_pipe);
+ chain.push_back(service);
+ return true;
+ }
+
+protected:
+ LLURLRequest::ERequestAction mAction;
+ std::string mURL;
+};
+#endif
/**
* External constants