From fe71dd340ab396b93bde45df438041af5d85fd47 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Mon, 1 Feb 2010 15:10:19 -0800 Subject: Merge giab-viewer-trunk 2497, general merge of more secapi stuff as well as certificate handling stuff. Grid manager as well --- indra/llmessage/llares.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llares.cpp b/indra/llmessage/llares.cpp index 104629c157..db7ac2f154 100644 --- a/indra/llmessage/llares.cpp +++ b/indra/llmessage/llares.cpp @@ -171,6 +171,7 @@ void LLAres::rewriteURI(const std::string &uri, UriRewriteResponder *resp) resp->mUri = LLURI(uri); search("_" + resp->mUri.scheme() + "._tcp." + resp->mUri.hostName(), RES_SRV, resp); + llinfos << "Rewritten " << uri << llendl; } LLQueryResponder::LLQueryResponder() -- cgit v1.2.3 From 9e89819d55a3b6ee7fc56f3efb36f273e4e05c83 Mon Sep 17 00:00:00 2001 From: Roxanne Skelly Date: Wed, 8 Jul 2009 00:45:17 +0000 Subject: DEV-34822 - merge with 1.23 certificate notification code -r 118191 ignore-dead-branch --- indra/llmessage/llcurl.cpp | 9 +++++++++ indra/llmessage/llcurl.h | 1 + 2 files changed, 10 insertions(+) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index dc02367a62..91e11b8c0d 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -895,6 +895,15 @@ void LLCurlEasyRequest::setReadCallback(curl_read_callback callback, void* userd } } +void LLCurlEasyRequest::setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata) +{ + if (mEasy) + { + mEasy->setopt(CURLOPT_SSL_CTX_FUNCTION, (void*)callback); + mEasy->setopt(CURLOPT_SSL_CTX_DATA, userdata); + } +} + void LLCurlEasyRequest::slist_append(const char* str) { if (mEasy) diff --git a/indra/llmessage/llcurl.h b/indra/llmessage/llcurl.h index 1bc1767966..b6a637ae5b 100644 --- a/indra/llmessage/llcurl.h +++ b/indra/llmessage/llcurl.h @@ -229,6 +229,7 @@ public: void setHeaderCallback(curl_header_callback callback, void* userdata); void setWriteCallback(curl_write_callback callback, void* userdata); void setReadCallback(curl_read_callback callback, void* userdata); + void setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata); void slist_append(const char* str); void sendRequest(const std::string& url); void requestComplete(); -- cgit v1.2.3 From e65b6d96957fd92fdc8c5a42b1ad4b1a153552b3 Mon Sep 17 00:00:00 2001 From: Roxanne Skelly Date: Thu, 9 Jul 2009 21:45:04 +0000 Subject: DEV-34822 svn merge -c120157 svn+ssh://svn.lindenlab.com/svn/linden/branches/giab-viewer/giab-viewer-2 --- indra/llmessage/llhttpclient.cpp | 16 +++++++--- indra/llmessage/llhttpclient.h | 11 +++++-- indra/llmessage/llurlrequest.cpp | 52 +++++++++++++++++++++++++----- indra/llmessage/llurlrequest.h | 68 ++++++---------------------------------- 4 files changed, 75 insertions(+), 72 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp index 12ecbb36eb..345b76d1a1 100644 --- a/indra/llmessage/llhttpclient.cpp +++ b/indra/llmessage/llhttpclient.cpp @@ -31,7 +31,7 @@ */ #include "linden_common.h" - +#include #include "llhttpclient.h" #include "llassetstorage.h" @@ -46,7 +46,10 @@ #include "message.h" #include + const F32 HTTP_REQUEST_EXPIRY_SECS = 60.0f; +LLURLRequest::SSLCertVerifyCallback LLHTTPClient::mCertVerifyCallback = NULL; + //////////////////////////////////////////////////////////////////////////// // Responder class moved to LLCurl @@ -206,13 +209,19 @@ namespace LLPumpIO* theClientPump = NULL; } +void LLHTTPClient::setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback) +{ + LLHTTPClient::mCertVerifyCallback = callback; +} + static void request( const std::string& url, LLURLRequest::ERequestAction method, Injector* body_injector, LLCurl::ResponderPtr responder, const F32 timeout = HTTP_REQUEST_EXPIRY_SECS, - const LLSD& headers = LLSD()) + const LLSD& headers = LLSD() + ) { if (!LLHTTPClient::hasPump()) { @@ -222,7 +231,7 @@ static void request( LLPumpIO::chain_t chain; LLURLRequest* req = new LLURLRequest(method, url); - req->checkRootCertificate(true); + req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req); lldebugs << LLURLRequest::actionAsVerb(method) << " " << url << " " @@ -417,7 +426,6 @@ static LLSD blocking_request( std::string body_str; // other request method checks root cert first, we skip? - //req->checkRootCertificate(true); // * Set curl handle options curl_easy_setopt(curlp, CURLOPT_NOSIGNAL, 1); // don't use SIGALRM for timeouts diff --git a/indra/llmessage/llhttpclient.h b/indra/llmessage/llhttpclient.h index 3d0646e5fe..8afbc9e0fc 100644 --- a/indra/llmessage/llhttpclient.h +++ b/indra/llmessage/llhttpclient.h @@ -40,7 +40,8 @@ #include #include - +#include +#include "llurlrequest.h" #include "llassettype.h" #include "llcurl.h" #include "lliopipe.h" @@ -61,6 +62,7 @@ public: typedef LLCurl::Responder Responder; typedef LLCurl::ResponderPtr ResponderPtr; + /** @name non-blocking API */ //@{ static void head( @@ -155,7 +157,12 @@ public: static void setPump(LLPumpIO& pump); ///< must be called before any of the above calls are made static bool hasPump(); - ///< for testing + + static void setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback); + static LLURLRequest::SSLCertVerifyCallback getCertVerifyCallback() { return mCertVerifyCallback; } + +protected: + static LLURLRequest::SSLCertVerifyCallback mCertVerifyCallback; }; #endif // LL_LLHTTPCLIENT_H diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index 81b7761ed5..752be49663 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -36,7 +36,8 @@ #include "llurlrequest.h" #include - +#include +#include #include "llcurl.h" #include "llioutil.h" #include "llmemtype.h" @@ -56,6 +57,8 @@ const std::string CONTEXT_TRANSFERED_BYTES("transfered_bytes"); static size_t headerCallback(void* data, size_t size, size_t nmemb, void* user); + + /** * class LLURLRequestDetail */ @@ -72,6 +75,8 @@ public: U32 mBodyLimit; S32 mByteAccumulator; bool mIsBodyLimitSet; + LLURLRequest::SSLCertVerifyCallback mSSLVerifyCallback; + void * mSSLVerifyParam; }; LLURLRequestDetail::LLURLRequestDetail() : @@ -80,7 +85,8 @@ LLURLRequestDetail::LLURLRequestDetail() : mLastRead(NULL), mBodyLimit(0), mByteAccumulator(0), - mIsBodyLimitSet(false) + mIsBodyLimitSet(false), + mSSLVerifyCallback(NULL) { LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); mCurlRequest = new LLCurlEasyRequest(); @@ -94,6 +100,37 @@ LLURLRequestDetail::~LLURLRequestDetail() mLastRead = NULL; } +void LLURLRequest::setSSLVerifyCallback(SSLCertVerifyCallback callback, void *param) +{ + mDetail->mSSLVerifyCallback = callback; + mDetail->mSSLVerifyParam = param; + mDetail->mCurlRequest->setSSLCtxCallback(LLURLRequest::_sslCtxCallback, (void *)this); + mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, true); + mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, 2); +} + + +// _sslCtxFunction +// Callback function called when an SSL Context is created via CURL +// used to configure the context for custom cert validation + +CURLcode LLURLRequest::_sslCtxCallback(CURL * curl, void *sslctx, void *param) +{ + LLURLRequest *req = (LLURLRequest *)param; + if(req == NULL || req->mDetail->mSSLVerifyCallback == NULL) + { + SSL_CTX_set_cert_verify_callback((SSL_CTX *)sslctx, NULL, NULL); + return CURLE_OK; + } + SSL_CTX * ctx = (SSL_CTX *) sslctx; + // disable any default verification for server certs + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); + // set the verification callback. + SSL_CTX_set_cert_verify_callback(ctx, req->mDetail->mSSLVerifyCallback, (void *)req); + // the calls are void + return CURLE_OK; + +} /** * class LLURLRequest @@ -148,6 +185,11 @@ void LLURLRequest::setURL(const std::string& url) mDetail->mURL = url; } +std::string LLURLRequest::getURL() const +{ + return mDetail->mURL; +} + void LLURLRequest::addHeader(const char* header) { LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); @@ -160,12 +202,6 @@ void LLURLRequest::setBodyLimit(U32 size) mDetail->mIsBodyLimitSet = true; } -void LLURLRequest::checkRootCertificate(bool check) -{ - mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE)); - mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, ""); -} - void LLURLRequest::setCallback(LLURLRequestComplete* callback) { LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); diff --git a/indra/llmessage/llurlrequest.h b/indra/llmessage/llurlrequest.h index cb3c466440..69fd22e592 100644 --- a/indra/llmessage/llurlrequest.h +++ b/indra/llmessage/llurlrequest.h @@ -44,6 +44,8 @@ #include "lliopipe.h" #include "llchainio.h" #include "llerror.h" +#include +#include "llcurl.h" extern const std::string CONTEXT_REQUEST; @@ -72,6 +74,8 @@ class LLURLRequest : public LLIOPipe { LOG_CLASS(LLURLRequest); public: + + typedef int (* SSLCertVerifyCallback)(X509_STORE_CTX *ctx, void *param); /** * @brief This enumeration is for specifying the type of request. */ @@ -125,7 +129,7 @@ public: * */ void setURL(const std::string& url); - + std::string getURL() const; /** * @brief Add a header to the http post. * @@ -143,8 +147,9 @@ public: * Set whether request will check that remote server * certificates are signed by a known root CA when using HTTPS. */ - void checkRootCertificate(bool check); + void setSSLVerifyCallback(SSLCertVerifyCallback callback, void * param); + /** * @brief Return at most size bytes of body. * @@ -189,6 +194,7 @@ public: * @brief Give this pipe a chance to handle a generated error */ virtual EStatus handleError(EStatus status, LLPumpIO* pump); + protected: /** @@ -217,6 +223,8 @@ protected: S32 mRequestTransferedBytes; S32 mResponseTransferedBytes; + static CURLcode _sslCtxCallback(CURL * curl, void *sslctx, void *param); + private: /** * @brief Initialize the object. Called during construction. @@ -364,62 +372,6 @@ protected: }; -/** - * @class LLURLRequestClientFactory - * @brief Template class to build url request based client chains - * - * This class eases construction of a basic sd rpc client. Here is an - * example of it's use: - * - * class LLUsefulService : public LLService { ... }
- * LLService::registerCreator(
- * "useful",
- * LLService::creator_t(new LLURLRequestClientFactory))
- * - * - * This class should work, but I never got around to using/testing it. - * - */ -#if 0 -template -class LLURLRequestClientFactory : public LLChainIOFactory -{ -public: - LLURLRequestClientFactory(LLURLRequest::ERequestAction action) {} - LLURLRequestClientFactory( - LLURLRequest::ERequestAction action, - const std::string& fixed_url) : - mAction(action), - mURL(fixed_url) - { - } - virtual bool build(LLPumpIO::chain_t& chain, LLSD context) const - { - lldebugs << "LLURLRequestClientFactory::build" << llendl; - LLIOPipe::ptr_t service(new Client); - chain.push_back(service); - LLURLRequest* http(new LLURLRequest(mAction)); - LLIOPipe::ptr_t http_pipe(http); - // *FIX: how do we know the content type? - //http->addHeader("Content-Type: text/llsd"); - if(mURL.empty()) - { - chain.push_back(LLIOPipe::ptr_t(new LLContextURLExtractor(http))); - } - else - { - http->setURL(mURL); - } - chain.push_back(http_pipe); - chain.push_back(service); - return true; - } - -protected: - LLURLRequest::ERequestAction mAction; - std::string mURL; -}; -#endif /** * External constants -- cgit v1.2.3 From b1b5a11bb0f581e66a2922841920d5fb40755bac Mon Sep 17 00:00:00 2001 From: Loren Shih Date: Mon, 29 Mar 2010 15:33:48 -0400 Subject: EXT-3075 : Remove swear words from comments across viewer This bugs me in a minor way. Did a search-and-cleanup on various swear words. --- indra/llmessage/lltransfersourceasset.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/lltransfersourceasset.cpp b/indra/llmessage/lltransfersourceasset.cpp index 8f36d516d7..abfb432020 100644 --- a/indra/llmessage/lltransfersourceasset.cpp +++ b/indra/llmessage/lltransfersourceasset.cpp @@ -131,7 +131,7 @@ LLTSCode LLTransferSourceAsset::dataCallback(const S32 packet_id, *data_handle = tmpp; if (!vf.read(tmpp, max_bytes)) /* Flawfinder: Ignore */ { - // Crap, read failure, need to deal with it. + // Read failure, need to deal with it. delete[] tmpp; *data_handle = NULL; returned_bytes = 0; -- cgit v1.2.3 From d4fef262bc346331cdc8010ada1b5f5d9c8dd647 Mon Sep 17 00:00:00 2001 From: Loren Shih Date: Wed, 31 Mar 2010 12:05:51 -0400 Subject: EXT-5581 : Centralize is_asset_fetch/knowlable into asset dictionary Took out some ugly case statements and stuck those functions into the asset dictionary instead. This makes the code a lot more centralized/extensible since if we ever add assets, it'll be clear that their fetch/knowable fields need to be added (versus that logic being in some obscure case statement). --- indra/llmessage/lltransfersourceasset.cpp | 49 +------------------------------ indra/llmessage/lltransfersourceasset.h | 20 ------------- 2 files changed, 1 insertion(+), 68 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/lltransfersourceasset.cpp b/indra/llmessage/lltransfersourceasset.cpp index abfb432020..43f7c07e94 100644 --- a/indra/llmessage/lltransfersourceasset.cpp +++ b/indra/llmessage/lltransfersourceasset.cpp @@ -60,7 +60,7 @@ void LLTransferSourceAsset::initTransfer() // to the simulator. This is subset of assets we allow to be // simply pulled straight from the asset system. LLUUID* tidp; - if(is_asset_fetch_by_id_allowed(mParams.getAssetType())) + if(LLAssetType::lookupIsAssetFetchByIDAllowed(mParams.getAssetType())) { tidp = new LLUUID(getID()); gAssetStorage->getAssetData( @@ -257,50 +257,3 @@ BOOL LLTransferSourceParamsAsset::unpackParams(LLDataPacker &dp) return TRUE; } - -/** - * Helper functions - */ -bool is_asset_fetch_by_id_allowed(LLAssetType::EType type) -{ - // *FIX: Make this list smaller. - bool rv = false; - switch(type) - { - case LLAssetType::AT_SOUND: - case LLAssetType::AT_LANDMARK: - case LLAssetType::AT_CLOTHING: - case LLAssetType::AT_BODYPART: - case LLAssetType::AT_ANIMATION: - case LLAssetType::AT_GESTURE: - rv = true; - break; - default: - break; - } - return rv; -} - -bool is_asset_id_knowable(LLAssetType::EType type) -{ - // *FIX: Make this list smaller. - bool rv = false; - switch(type) - { - case LLAssetType::AT_TEXTURE: - case LLAssetType::AT_SOUND: - case LLAssetType::AT_LANDMARK: - case LLAssetType::AT_CLOTHING: - case LLAssetType::AT_NOTECARD: - case LLAssetType::AT_BODYPART: - case LLAssetType::AT_ANIMATION: - case LLAssetType::AT_GESTURE: - case LLAssetType::AT_LINK: - case LLAssetType::AT_LINK_FOLDER: - rv = true; - break; - default: - break; - } - return rv; -} diff --git a/indra/llmessage/lltransfersourceasset.h b/indra/llmessage/lltransfersourceasset.h index 70b09b6aaf..8616595654 100644 --- a/indra/llmessage/lltransfersourceasset.h +++ b/indra/llmessage/lltransfersourceasset.h @@ -84,24 +84,4 @@ protected: S32 mCurPos; }; -/** - * @brief Quick check to see if the asset allows direct download. - * - * This might not be the right place for this function call, but it - * originally started life inside the LLTransferSourceAsset code. - * @param type The type of asset. - * @return Returns true if the asset can be fetched by id. - */ -bool is_asset_fetch_by_id_allowed(LLAssetType::EType type); - -/** - * @brief Quick check to see if all asset data can be known by the viewer. - * - * This might not be the right place for this function call, but it - * originally started life inside the LLTransferSourceAsset code. - * @param type The type of asset. - * @return Returns true if the asset id can be transmitted to the viewer. - */ -bool is_asset_id_knowable(LLAssetType::EType type); - #endif // LL_LLTRANSFERSOURCEASSET_H -- cgit v1.2.3 From 2208e6da2ca9b9e94f5aa903d98a0167baf15577 Mon Sep 17 00:00:00 2001 From: "Brad Payne (Vir Linden)" Date: Wed, 31 Mar 2010 16:09:34 -0400 Subject: asset request logging for DEV-47362 investigation. --- indra/llmessage/llassetstorage.cpp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llassetstorage.cpp b/indra/llmessage/llassetstorage.cpp index 0ab1081200..02523467e8 100644 --- a/indra/llmessage/llassetstorage.cpp +++ b/indra/llmessage/llassetstorage.cpp @@ -408,6 +408,8 @@ void LLAssetStorage::getAssetData(const LLUUID uuid, LLAssetType::EType type, vo { lldebugs << "LLAssetStorage::getAssetData() - " << uuid << "," << LLAssetType::lookup(type) << llendl; + llinfos << "ASSET_TRACE requesting " << uuid << " type " << LLAssetType::lookup(type) << llendl; + if (mShutDown) { return; // don't get the asset or do any callbacks, we are shutting down @@ -471,6 +473,8 @@ void LLAssetStorage::getAssetData(const LLUUID uuid, LLAssetType::EType type, vo // we've already got the file // theoretically, partial files w/o a pending request shouldn't happen // unless there's a weird error + llinfos << "ASSET_TRACE asset " << uuid << " found in VFS" << llendl; + if (callback) { callback(mVFS, uuid, type, user_data, LL_ERR_NOERR, LL_EXSTAT_VFS_CACHED); @@ -528,6 +532,8 @@ void LLAssetStorage::downloadCompleteCallback( LLAssetType::EType file_type, void* user_data, LLExtStat ext_status) { + llinfos << "ASSET_TRACE asset " << file_id << " downloadCompleteCallback" << llendl; + lldebugs << "LLAssetStorage::downloadCompleteCallback() for " << file_id << "," << LLAssetType::lookup(file_type) << llendl; LLAssetRequest* req = (LLAssetRequest*)user_data; -- cgit v1.2.3 From 2eba9819df8c473137b0f45d5873794362b14562 Mon Sep 17 00:00:00 2001 From: Loren Shih Date: Mon, 5 Apr 2010 15:02:36 -0400 Subject: EXT-6703 : LLInventory.h cleanup and create new LLInventoryDefines Took out enums and flags from LLInventory into LLInventoryDefines Did a bunch of header file reformatting for LLInventory.h Change made to simulator files as well. --- indra/llmessage/message_prehash.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/message_prehash.cpp b/indra/llmessage/message_prehash.cpp index 9e3986f257..a118e21ffb 100644 --- a/indra/llmessage/message_prehash.cpp +++ b/indra/llmessage/message_prehash.cpp @@ -1147,7 +1147,7 @@ char* _PREHASH_ForceObjectSelect = LLMessageStringTable::getInstance()->getStrin char* _PREHASH_Price = LLMessageStringTable::getInstance()->getString("Price"); char* _PREHASH_SunDirection = LLMessageStringTable::getInstance()->getString("SunDirection"); char* _PREHASH_FromName = LLMessageStringTable::getInstance()->getString("FromName"); -char* _PREHASH_ChangeInventoryItemFlags = LLMessageStringTable::getInstance()->getString("ChangeInventoryItemFlags"); +char* _PREHASH_ChangeInventoryItemFlags = LLMessageStringTable::getInstance()->getString("ChangLLInventoryItemFlags"); char* _PREHASH_Force = LLMessageStringTable::getInstance()->getString("Force"); char* _PREHASH_TransactionBlock = LLMessageStringTable::getInstance()->getString("TransactionBlock"); char* _PREHASH_PowersMask = LLMessageStringTable::getInstance()->getString("PowersMask"); -- cgit v1.2.3 From 0bb3f144c0a6712a269246975635962b3b5f48d0 Mon Sep 17 00:00:00 2001 From: Tofu Linden Date: Wed, 7 Apr 2010 10:37:07 +0100 Subject: Backed out changeset 63b699f90efd --- indra/llmessage/llcurl.cpp | 29 ++++++++++------- indra/llmessage/llcurl.h | 12 ++++++- indra/llmessage/llhttpclient.cpp | 16 +++------- indra/llmessage/llhttpclient.h | 11 ++----- indra/llmessage/llurlrequest.cpp | 51 ++++++------------------------ indra/llmessage/llurlrequest.h | 68 ++++++++++++++++++++++++++++++++++------ 6 files changed, 102 insertions(+), 85 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 91e11b8c0d..024e17a777 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -89,6 +89,10 @@ S32 gCurlMultiCount = 0; std::vector LLCurl::sSSLMutex; std::string LLCurl::sCAPath; std::string LLCurl::sCAFile; +// Verify SSL certificates by default (matches libcurl default). The ability +// to alter this flag is only to allow us to suppress verification if it's +// broken for some reason. +bool LLCurl::sSSLVerify = true; //static void LLCurl::setCAPath(const std::string& path) @@ -102,6 +106,18 @@ void LLCurl::setCAFile(const std::string& file) sCAFile = file; } +//static +void LLCurl::setSSLVerify(bool verify) +{ + sSSLVerify = verify; +} + +//static +bool LLCurl::getSSLVerify() +{ + return sSSLVerify; +} + //static std::string LLCurl::getVersionString() { @@ -465,7 +481,8 @@ void LLCurl::Easy::prepRequest(const std::string& url, setErrorBuffer(); setCA(); - setopt(CURLOPT_SSL_VERIFYPEER, true); + setopt(CURLOPT_SSL_VERIFYPEER, LLCurl::getSSLVerify()); + setopt(CURLOPT_SSL_VERIFYHOST, LLCurl::getSSLVerify()? 2 : 0); setopt(CURLOPT_TIMEOUT, CURL_REQUEST_TIMEOUT); setoptString(CURLOPT_URL, url); @@ -895,15 +912,6 @@ void LLCurlEasyRequest::setReadCallback(curl_read_callback callback, void* userd } } -void LLCurlEasyRequest::setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata) -{ - if (mEasy) - { - mEasy->setopt(CURLOPT_SSL_CTX_FUNCTION, (void*)callback); - mEasy->setopt(CURLOPT_SSL_CTX_DATA, userdata); - } -} - void LLCurlEasyRequest::slist_append(const char* str) { if (mEasy) @@ -1053,4 +1061,3 @@ void LLCurl::cleanupClass() #endif curl_global_cleanup(); } - diff --git a/indra/llmessage/llcurl.h b/indra/llmessage/llcurl.h index b6a637ae5b..caf02cccd9 100644 --- a/indra/llmessage/llcurl.h +++ b/indra/llmessage/llcurl.h @@ -157,6 +157,16 @@ public: */ static const std::string& getCAPath() { return sCAPath; } + /** + * @ brief Set flag controlling whether to verify HTTPS certs. + */ + static void setSSLVerify(bool verify); + + /** + * @ brief Get flag controlling whether to verify HTTPS certs. + */ + static bool getSSLVerify(); + /** * @ brief Initialize LLCurl class */ @@ -182,6 +192,7 @@ public: private: static std::string sCAPath; static std::string sCAFile; + static bool sSSLVerify; }; namespace boost @@ -229,7 +240,6 @@ public: void setHeaderCallback(curl_header_callback callback, void* userdata); void setWriteCallback(curl_write_callback callback, void* userdata); void setReadCallback(curl_read_callback callback, void* userdata); - void setSSLCtxCallback(curl_ssl_ctx_callback callback, void* userdata); void slist_append(const char* str); void sendRequest(const std::string& url); void requestComplete(); diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp index 345b76d1a1..dd56e18caf 100644 --- a/indra/llmessage/llhttpclient.cpp +++ b/indra/llmessage/llhttpclient.cpp @@ -31,7 +31,7 @@ */ #include "linden_common.h" -#include + #include "llhttpclient.h" #include "llassetstorage.h" @@ -46,10 +46,7 @@ #include "message.h" #include - const F32 HTTP_REQUEST_EXPIRY_SECS = 60.0f; -LLURLRequest::SSLCertVerifyCallback LLHTTPClient::mCertVerifyCallback = NULL; - //////////////////////////////////////////////////////////////////////////// // Responder class moved to LLCurl @@ -209,19 +206,13 @@ namespace LLPumpIO* theClientPump = NULL; } -void LLHTTPClient::setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback) -{ - LLHTTPClient::mCertVerifyCallback = callback; -} - static void request( const std::string& url, LLURLRequest::ERequestAction method, Injector* body_injector, LLCurl::ResponderPtr responder, const F32 timeout = HTTP_REQUEST_EXPIRY_SECS, - const LLSD& headers = LLSD() - ) + const LLSD& headers = LLSD()) { if (!LLHTTPClient::hasPump()) { @@ -231,7 +222,7 @@ static void request( LLPumpIO::chain_t chain; LLURLRequest* req = new LLURLRequest(method, url); - req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req); + req->checkRootCertificate(LLCurl::getSSLVerify()); lldebugs << LLURLRequest::actionAsVerb(method) << " " << url << " " @@ -426,6 +417,7 @@ static LLSD blocking_request( std::string body_str; // other request method checks root cert first, we skip? + //req->checkRootCertificate(true); // * Set curl handle options curl_easy_setopt(curlp, CURLOPT_NOSIGNAL, 1); // don't use SIGALRM for timeouts diff --git a/indra/llmessage/llhttpclient.h b/indra/llmessage/llhttpclient.h index 8afbc9e0fc..3d0646e5fe 100644 --- a/indra/llmessage/llhttpclient.h +++ b/indra/llmessage/llhttpclient.h @@ -40,8 +40,7 @@ #include #include -#include -#include "llurlrequest.h" + #include "llassettype.h" #include "llcurl.h" #include "lliopipe.h" @@ -62,7 +61,6 @@ public: typedef LLCurl::Responder Responder; typedef LLCurl::ResponderPtr ResponderPtr; - /** @name non-blocking API */ //@{ static void head( @@ -157,12 +155,7 @@ public: static void setPump(LLPumpIO& pump); ///< must be called before any of the above calls are made static bool hasPump(); - - static void setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback); - static LLURLRequest::SSLCertVerifyCallback getCertVerifyCallback() { return mCertVerifyCallback; } - -protected: - static LLURLRequest::SSLCertVerifyCallback mCertVerifyCallback; + ///< for testing }; #endif // LL_LLHTTPCLIENT_H diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index 1e76d10828..4e7ceff984 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -36,8 +36,7 @@ #include "llurlrequest.h" #include -#include -#include + #include "llcurl.h" #include "llioutil.h" #include "llmemtype.h" @@ -57,8 +56,6 @@ const std::string CONTEXT_TRANSFERED_BYTES("transfered_bytes"); static size_t headerCallback(void* data, size_t size, size_t nmemb, void* user); - - /** * class LLURLRequestDetail */ @@ -75,7 +72,6 @@ public: U32 mBodyLimit; S32 mByteAccumulator; bool mIsBodyLimitSet; - LLURLRequest::SSLCertVerifyCallback mSSLVerifyCallback; }; LLURLRequestDetail::LLURLRequestDetail() : @@ -84,8 +80,7 @@ LLURLRequestDetail::LLURLRequestDetail() : mLastRead(NULL), mBodyLimit(0), mByteAccumulator(0), - mIsBodyLimitSet(false), - mSSLVerifyCallback(NULL) + mIsBodyLimitSet(false) { LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); mCurlRequest = new LLCurlEasyRequest(); @@ -99,36 +94,6 @@ LLURLRequestDetail::~LLURLRequestDetail() mLastRead = NULL; } -void LLURLRequest::setSSLVerifyCallback(SSLCertVerifyCallback callback, void *param) -{ - mDetail->mSSLVerifyCallback = callback; - mDetail->mCurlRequest->setSSLCtxCallback(LLURLRequest::_sslCtxCallback, (void *)this); - mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, true); - mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, 2); -} - - -// _sslCtxFunction -// Callback function called when an SSL Context is created via CURL -// used to configure the context for custom cert validation - -CURLcode LLURLRequest::_sslCtxCallback(CURL * curl, void *sslctx, void *param) -{ - LLURLRequest *req = (LLURLRequest *)param; - if(req == NULL || req->mDetail->mSSLVerifyCallback == NULL) - { - SSL_CTX_set_cert_verify_callback((SSL_CTX *)sslctx, NULL, NULL); - return CURLE_OK; - } - SSL_CTX * ctx = (SSL_CTX *) sslctx; - // disable any default verification for server certs - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); - // set the verification callback. - SSL_CTX_set_cert_verify_callback(ctx, req->mDetail->mSSLVerifyCallback, (void *)req); - // the calls are void - return CURLE_OK; - -} /** * class LLURLRequest @@ -183,11 +148,6 @@ void LLURLRequest::setURL(const std::string& url) mDetail->mURL = url; } -std::string LLURLRequest::getURL() const -{ - return mDetail->mURL; -} - void LLURLRequest::addHeader(const char* header) { LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); @@ -200,6 +160,13 @@ void LLURLRequest::setBodyLimit(U32 size) mDetail->mIsBodyLimitSet = true; } +void LLURLRequest::checkRootCertificate(bool check) +{ + mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE)); + mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, (check? 2 : 0)); + mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, ""); +} + void LLURLRequest::setCallback(LLURLRequestComplete* callback) { LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); diff --git a/indra/llmessage/llurlrequest.h b/indra/llmessage/llurlrequest.h index 69fd22e592..cb3c466440 100644 --- a/indra/llmessage/llurlrequest.h +++ b/indra/llmessage/llurlrequest.h @@ -44,8 +44,6 @@ #include "lliopipe.h" #include "llchainio.h" #include "llerror.h" -#include -#include "llcurl.h" extern const std::string CONTEXT_REQUEST; @@ -74,8 +72,6 @@ class LLURLRequest : public LLIOPipe { LOG_CLASS(LLURLRequest); public: - - typedef int (* SSLCertVerifyCallback)(X509_STORE_CTX *ctx, void *param); /** * @brief This enumeration is for specifying the type of request. */ @@ -129,7 +125,7 @@ public: * */ void setURL(const std::string& url); - std::string getURL() const; + /** * @brief Add a header to the http post. * @@ -147,9 +143,8 @@ public: * Set whether request will check that remote server * certificates are signed by a known root CA when using HTTPS. */ - void setSSLVerifyCallback(SSLCertVerifyCallback callback, void * param); + void checkRootCertificate(bool check); - /** * @brief Return at most size bytes of body. * @@ -194,7 +189,6 @@ public: * @brief Give this pipe a chance to handle a generated error */ virtual EStatus handleError(EStatus status, LLPumpIO* pump); - protected: /** @@ -223,8 +217,6 @@ protected: S32 mRequestTransferedBytes; S32 mResponseTransferedBytes; - static CURLcode _sslCtxCallback(CURL * curl, void *sslctx, void *param); - private: /** * @brief Initialize the object. Called during construction. @@ -372,6 +364,62 @@ protected: }; +/** + * @class LLURLRequestClientFactory + * @brief Template class to build url request based client chains + * + * This class eases construction of a basic sd rpc client. Here is an + * example of it's use: + * + * class LLUsefulService : public LLService { ... }
+ * LLService::registerCreator(
+ * "useful",
+ * LLService::creator_t(new LLURLRequestClientFactory))
+ * + * + * This class should work, but I never got around to using/testing it. + * + */ +#if 0 +template +class LLURLRequestClientFactory : public LLChainIOFactory +{ +public: + LLURLRequestClientFactory(LLURLRequest::ERequestAction action) {} + LLURLRequestClientFactory( + LLURLRequest::ERequestAction action, + const std::string& fixed_url) : + mAction(action), + mURL(fixed_url) + { + } + virtual bool build(LLPumpIO::chain_t& chain, LLSD context) const + { + lldebugs << "LLURLRequestClientFactory::build" << llendl; + LLIOPipe::ptr_t service(new Client); + chain.push_back(service); + LLURLRequest* http(new LLURLRequest(mAction)); + LLIOPipe::ptr_t http_pipe(http); + // *FIX: how do we know the content type? + //http->addHeader("Content-Type: text/llsd"); + if(mURL.empty()) + { + chain.push_back(LLIOPipe::ptr_t(new LLContextURLExtractor(http))); + } + else + { + http->setURL(mURL); + } + chain.push_back(http_pipe); + chain.push_back(service); + return true; + } + +protected: + LLURLRequest::ERequestAction mAction; + std::string mURL; +}; +#endif /** * External constants -- cgit v1.2.3