From 0d324bb24db49f6f28d7e7f14fd69e7676de8fe6 Mon Sep 17 00:00:00 2001 From: Andrey Kleshchev Date: Wed, 20 Jan 2021 20:19:28 +0200 Subject: SL-12422 Clear cert cache to enshure there is no carry-over between failed logins --- indra/newview/llsecapi.h | 4 +++- indra/newview/llsechandler_basic.h | 5 ++++- indra/newview/llstartup.cpp | 5 +++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 14059f828a..3a7b06c55a 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -264,7 +264,9 @@ public: virtual void validate(int validation_policy, LLPointer cert_chain, const LLSD& validation_params) =0; - + + // Clear cache if any + virtual void clearSertCache()=0; }; diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index 0bc7f5230f..3bfac3f056 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -177,7 +177,10 @@ public: virtual void validate(int validation_policy, LLPointer ca_chain, const LLSD& validation_params); - + + // Clears cache of certs validated agains store + virtual void clearSertCache() { mTrustedCertCache.clear(); } + protected: std::vector > mCerts; diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index 17777c3ceb..194702e43e 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -2824,6 +2824,11 @@ void reset_login() // Hide any other stuff LLFloaterReg::hideVisibleInstances(); LLStartUp::setStartupState( STATE_BROWSER_INIT ); + + // Clear any verified certs and verify them again on next login + // to ensure cert matches server instead of just getting reused + LLPointer store = gSecAPIHandler->getCertificateStore(""); + store->clearSertCache(); } //--------------------------------------------------------------------------- -- cgit v1.2.3