From 4eefce9767784742cd394ddf948d345cfbced8c8 Mon Sep 17 00:00:00 2001
From: Andrey Kleshchev <andreykproductengine@lindenlab.com>
Date: Wed, 9 Sep 2020 18:05:11 +0300
Subject: SL-13921 Only one of extended key usages is needed

LN (EKU_TLS) is more likely to be present thus should be checked first
---
 indra/newview/llsechandler_basic.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 656a2cf8cf..737ef30ada 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -924,12 +924,13 @@ void _validateCert(int validation_policy,
 			LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
 		}
 		// only validate EKU if the cert has it
-		if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() &&	   
-		   (  (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
+        if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE)
+           && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray()
+           && (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE],
+                                         LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH)))
+           && (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
                                          LLSD((std::string)CERT_EKU_SERVER_AUTH)))
-           || (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
-                                        LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH)))
-            ))
+           )
 		{
 			LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
 		}
-- 
cgit v1.2.3