From df7e5dd1dc491e6f2a8bcff44d75f8e2113b8b6f Mon Sep 17 00:00:00 2001
From: Nat Goodspeed <nat@lindenlab.com>
Date: Wed, 20 Jan 2010 15:48:13 -0500
Subject: DEV-35248: Allow NoVerifySSLCert to uniformly disable verification
 Introduce static LLCurl SSL verification flag, default 'true', accessed by
 LLCurl::setSSLVerify() and getSSLVerify(). Make LLCurl::Easy::prepRequest()
 check LLCurl::getSSLVerify() instead of unconditionally setting
 CURLOPT_SSL_VERIFYPEER 'true'. Also set CURLOPT_SSL_VERIFYHOST to match. Make
 LLXMLRPCTransaction::Impl::init() examine LLCurl::getSSLVerify(), instead of
 directly examining gSavedSettings.getBOOL("NoVerifySSLCert"). Make
 LLURLRequest::checkRootCertificate() set CURLOPT_SSL_VERIFYHOST as well as
 CURLOPT_SSL_VERIFYPEER. Make request() in llhttpclient.cpp (used by
 LLHTTPClient::getByteRange(), head(), get(), getHeaderOnly(), put(), post(),
 postRaw(), postFile(), del(), move()) pass LLCurl::getSSLVerify() to
 checkRootCertificate(), rather than constant 'true'. Make
 LLAppViewer::mainLoop() call     LLCurl::setSSLVerify(!
 gSavedSettings.getBOOL("NoVerifySSLCert")) at the same time it calls
 LLCurl::setCAFile(), a comparable bit of static setup.

---
 indra/llmessage/llhttpclient.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'indra/llmessage/llhttpclient.cpp')

diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp
index 12ecbb36eb..dd56e18caf 100644
--- a/indra/llmessage/llhttpclient.cpp
+++ b/indra/llmessage/llhttpclient.cpp
@@ -222,7 +222,7 @@ static void request(
 	LLPumpIO::chain_t chain;
 
 	LLURLRequest* req = new LLURLRequest(method, url);
-	req->checkRootCertificate(true);
+	req->checkRootCertificate(LLCurl::getSSLVerify());
 
 	
 	lldebugs << LLURLRequest::actionAsVerb(method) << " " << url << " "
-- 
cgit v1.2.3