From df7e5dd1dc491e6f2a8bcff44d75f8e2113b8b6f Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Wed, 20 Jan 2010 15:48:13 -0500 Subject: DEV-35248: Allow NoVerifySSLCert to uniformly disable verification Introduce static LLCurl SSL verification flag, default 'true', accessed by LLCurl::setSSLVerify() and getSSLVerify(). Make LLCurl::Easy::prepRequest() check LLCurl::getSSLVerify() instead of unconditionally setting CURLOPT_SSL_VERIFYPEER 'true'. Also set CURLOPT_SSL_VERIFYHOST to match. Make LLXMLRPCTransaction::Impl::init() examine LLCurl::getSSLVerify(), instead of directly examining gSavedSettings.getBOOL("NoVerifySSLCert"). Make LLURLRequest::checkRootCertificate() set CURLOPT_SSL_VERIFYHOST as well as CURLOPT_SSL_VERIFYPEER. Make request() in llhttpclient.cpp (used by LLHTTPClient::getByteRange(), head(), get(), getHeaderOnly(), put(), post(), postRaw(), postFile(), del(), move()) pass LLCurl::getSSLVerify() to checkRootCertificate(), rather than constant 'true'. Make LLAppViewer::mainLoop() call LLCurl::setSSLVerify(! gSavedSettings.getBOOL("NoVerifySSLCert")) at the same time it calls LLCurl::setCAFile(), a comparable bit of static setup. --- indra/llmessage/llurlrequest.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'indra/llmessage/llurlrequest.cpp') diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index 81b7761ed5..4e7ceff984 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -163,6 +163,7 @@ void LLURLRequest::setBodyLimit(U32 size) void LLURLRequest::checkRootCertificate(bool check) { mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE)); + mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, (check? 2 : 0)); mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, ""); } -- cgit v1.2.3