summaryrefslogtreecommitdiff
path: root/indra/newview/llsechandler_basic.cpp
AgeCommit message (Collapse)Author
2021-06-11Fix for SL-15389 -- Pull in the patch to add the Akamai cert fix specified ↵Callum Prentice
in SL-15370
2020-09-09SL-13921 Only one of extended key usages is neededAndrey Kleshchev
LN (EKU_TLS) is more likely to be present thus should be checked first
2020-09-05Merge branch 'marchcat/SL-13910' into DRTVWR-503-maintAndrey Lihatskiy
2020-09-04SL-13910 Added the TLS Web Server Authentication certificate checkAndrey Lihatskiy
2020-08-21SL-13835 SSL verification should not crash on invalid certificateAndrey Kleshchev
2020-03-05SL-12421 Don't fail silently, show an errorAndrey Kleshchev
2020-01-08SL-12486 Size check fixandreykproductengine
2020-01-07SL-12486 Better data deletionandreykproductengine
2019-08-09SL-9699 Login selectionandreykproductengine
2018-03-02MAINT-8297 path fix #2andreykproductengine
2018-02-21MAINT-8297 Removing old ca bundleAndrey Kleshchev
2018-02-15MAINT-8297 Fixed "Missing CA File" message when running under debugger on ↵andreykproductengine
windows
2018-01-12remove warnings for bad certificates (too scary), add infoOz Linden
for the rejected count
2017-04-14Change certificate store infrastructure to key off of the Subject KeyOz Linden
Id rather than sha1 hash, since that is rarely used in modern certs. The previous form was storing trusted certs using an empty sha1 hash value as the key, which meant most certificates matched... not good. Modify the LLCertException to pass certificate information back as LLSD rather than an LLPointer<LLCertificate>, because when the exception is being thown from the certificate constructor that results in one of a couple of other exceptions (even refcounting won't save you when the problem is that the thing you're pointing to never finished coming into being properly). Update the certificates in the llsechandler_basic_test to modern conventions, and extend the classes to allow for an optional validation date so that the test can use a fixed date. Also make all the certificates include the plain text form for ease of reference.
2016-10-18merge changes for 4.1.1-releaseOz Linden
2016-08-18MAINT-5011: Catch unhandled exceptions in LLCoros coroutines.Nat Goodspeed
Wrap coroutine call in try/catch in top-level coroutine wrapper function LLCoros::toplevel(). Distinguish exception classes derived from LLContinueError (log and continue) from all others (crash with LL_ERRS). Enhance CRASH_ON_UNHANDLED_EXCEPTIONS() and LOG_UNHANDLED_EXCEPTIONS() macros to accept a context string to supplement the log message. This lets us replace many places that called boost::current_exception_diagnostic_information() with LOG_UNHANDLED_EXCEPTIONS() instead, since the explicit calls were mostly to log supplemental information. Provide supplemental information (coroutine name, function parameters) for some of the previous LOG_UNHANDLED_EXCEPTIONS() calls. This information duplicates LL_DEBUGS() information at the top of these functions, but in a typical log file we wouldn't see the LL_DEBUGS() message. Eliminate a few catch (std::exception e) clauses: the information we get from boost::current_exception_diagnostic_information() in a catch (...) clause makes it unnecessary to distinguish. In a few cases, add a final 'throw;' to a catch (...) clause: having logged the local context info, propagate the exception to be caught by higher-level try/catch. In a couple places, couldn't resist reconciling indentation within a particular function: tabs where the rest of the function uses tabs, spaces where the rest of the function uses spaces. In LLLogin::Impl::loginCoro(), eliminate some confusing comments about an array of rewritten URIs that date back to a long-deleted implementation.
2016-08-17MAINT-5011: Try to enrich catch (...) logging throughout viewer.Nat Goodspeed
Turns out we have a surprising number of catch (...) clauses in the viewer code base. If all we currently do is LL_ERRS() << "unknown exception" << LL_ENDL; then call CRASH_ON_UNHANDLED_EXCEPTION() instead. If what we do is LL_WARNS() << "unknown exception" << LL_ENDL; then call LOG_UNHANDLED_EXCEPTION() instead. Since many places need LOG_UNHANDLED_EXCEPTION() and nobody catches LLContinueError yet, eliminate LLContinueError& parameter from LOG_UNHANDLED_EXCEPTION(). This permits us to use the same log message as CRASH_ON_UNHANDLED_EXCEPTION(), just with a different severity level. Where a catch (...) clause actually provides contextual information, or makes an error string, add boost::current_exception_diagnostic_information() to try to figure out actual exception class and message.
2016-08-17MAINT-5011: Use LLTHROW() instead of plain BOOST_THROW_EXCEPTION().Nat Goodspeed
A level of preprocessor indirection lets us later change the implementation if desired.
2016-07-21SL-429: Use a new certificate authority bundle based on data from MozillaOz Linden
2016-07-19MAINT-5011: Introduce LLException base class for viewer exceptions.Nat Goodspeed
This also introduces LLContinueError for exceptions which should interrupt some part of viewer processing (e.g. the current coroutine) but should attempt to let the viewer session proceed. Derive all existing viewer exception classes from LLException rather than from std::runtime_error or std::logic_error. Use BOOST_THROW_EXCEPTION() rather than plain 'throw' to enrich the thrown exception with source file, line number and containing function.
2015-11-10remove execute permission from many files that should not have itOz Linden
2015-04-10restore the ll[io]fstream because we need them as wrappers on Windows for ↵Oz Linden
wide char paths; on other platforms they are now just typedefs to the std classes
2015-04-07replace llifstream and llofstream with std::ifstream and std::ofstream ↵Oz Linden
respectively
2015-04-07convert llifstream and llofstream to std::ifstream and std::ofstream ↵Oz Linden
respectively
2015-04-02add catch for possible exception in llsechandler_basic destructor (crash on ↵Oz Linden
exit)
2013-11-06merge with releaseRichard Linden
2013-09-03OPEN-187: Properly cleanup all allocated OpenSSL structures.Nicky
2013-08-09second phase summer cleaningRichard Linden
replace llinfos, lldebugs, etc with new LL_INFOS(), LL_DEBUGS(), etc.
2013-04-19merge changes for DRTVWR-294Oz Linden
2013-03-29Update Mac and Windows breakpad builds to latestGraham Madarasz
2012-10-11Updating linux build to gcc4.6Don Kjer
2012-01-20EXP-1825 FIX crash in LLSecAPIBasicHandler::_writeProtectedData()callum
2011-08-23Respect --no-verify-ssl-cert option.Aaron Stone
2011-08-09STORM-1546 FIXED Fixed a crash caused by a race condition in LLRefCount.Vadim ProductEngine
Reason: secapiSSLCertVerifyCallback() seems to be called simultaneously by multiple threads, which causes a race condition in LLRefCount::ref/unref() methods. The reference counter in LLSecAPIBasicHandler::mStore goes to zero, and the object gets destroyed. Fix: Derive LLCertificateStore from LLThreadSafeRefCount instead of LLRefCount, which should fix the race condition. Note: The LLThreadSafeRefCount constructor is private, so we have to wrap instances of the class with LLPointer.
2010-08-13Change license from GPL to LGPL (version 2.1)Oz Linden
2010-05-28automated mergeRoxie Linden
2010-05-28CID-442Tofu Linden
Checker: FORWARD_NULL Function: LLBasicCertificateVector::insert(LLCertificateVector::iterator, LLPointer<LLCertificate>) File: /indra/newview/llsechandler_basic.cpp
2010-05-27automated mergeRoxie Linden
2010-05-26Add new mechanism for getting a unique machine id.karina
2010-05-24Few more touchups for the cert performance codeRoxie Linden
2010-05-24Fixup some certificate related unit testsRoxie Linden
2010-05-24DEV-50173 - investigate certificate code performanceRoxie Linden
DEV-50166 - LLBasicCertificateChain::validate calls in log Added caching of certificates that have been validated. The sha1 hash for the certificate is stored and is associated with the from and to times. When the certificate is validated, the code determines whether the certificate has successfully been validated before by looking for it in the cache, and then checks the date of the cert. If that is successful, the validation calls with success. Otherwise, it proceeds to do a full validation of the certificate.
2010-05-18Allow update of the default CAs on installRoxie Linden
2010-04-26Fix issue parsing wildcard cns in certificatesRoxie Linden
CR: Karina
2010-04-07Re-insert backed out SLE checkin so we can fix itRoxie Linden
2010-04-07Backed out changeset 63b699f90efdTofu Linden
2010-03-02Fix windows build break, segfault on exit and bad library link locationRoxie Linden
2009-12-08DEV-42996 GIAB: configuring via CLI tools corrupts viewer certsRoxie Linden
Added authority key identifier/subject key identifier checking. Whenever a new cert was created, a new private key was also created. Typically you get a new key identifier with that private key which is written to the child cert. The child cert can then find the appropriate parent cert for validation via subject key identifier.
2010-03-01Automated merge with a few fixups for code review commentsRoxie Linden
2009-10-16Fix build.Karen Lahey