From 0bb3f144c0a6712a269246975635962b3b5f48d0 Mon Sep 17 00:00:00 2001 From: Tofu Linden Date: Wed, 7 Apr 2010 10:37:07 +0100 Subject: Backed out changeset 63b699f90efd --- indra/llmessage/llcurl.cpp | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'indra/llmessage/llcurl.cpp') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 91e11b8c0d..024e17a777 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -89,6 +89,10 @@ S32 gCurlMultiCount = 0; std::vector LLCurl::sSSLMutex; std::string LLCurl::sCAPath; std::string LLCurl::sCAFile; +// Verify SSL certificates by default (matches libcurl default). The ability +// to alter this flag is only to allow us to suppress verification if it's +// broken for some reason. +bool LLCurl::sSSLVerify = true; //static void LLCurl::setCAPath(const std::string& path) @@ -102,6 +106,18 @@ void LLCurl::setCAFile(const std::string& file) sCAFile = file; } +//static +void LLCurl::setSSLVerify(bool verify) +{ + sSSLVerify = verify; +} + +//static +bool LLCurl::getSSLVerify() +{ + return sSSLVerify; +} + //static std::string LLCurl::getVersionString() { @@ -465,7 +481,8 @@ void LLCurl::Easy::prepRequest(const std::string& url, setErrorBuffer(); setCA(); - setopt(CURLOPT_SSL_VERIFYPEER, true); + setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify()); + setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify()? 2 : 0); setopt(CURLOPT_TIMEOUT, CURL_REQUEST_TIMEOUT); setoptString(CURLOPT_URL, url); @@ -895,15 +912,6 @@ void LLCurlEasyRequest::setReadCallback(curl_read_callback callback, void* userd } } -void LLCurlEasyRequest::setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata) -{ - if (mEasy) - { - mEasy->setopt(CURLOPT_SSL_CTX_FUNCTION, (void*)callback); - mEasy->setopt(CURLOPT_SSL_CTX_DATA, userdata); - } -} - void LLCurlEasyRequest::slist_append(const char* str) { if (mEasy) @@ -1053,4 +1061,3 @@ void LLCurl::cleanupClass() #endif curl_global_cleanup(); } - -- cgit v1.2.3