From 645393c5e976a9a6164453bf7df588ec745f04c5 Mon Sep 17 00:00:00 2001
From: Andrey Lihatskiy <alihatskiy@productengine.com>
Date: Fri, 4 Sep 2020 17:34:57 +0300
Subject: SL-13910 Added the TLS Web Server Authentication certificate check

---
 indra/newview/llsecapi.h             | 1 +
 indra/newview/llsechandler_basic.cpp | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'indra')

diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index 69b6b32923..c2fdbeb8e9 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -75,6 +75,7 @@
 
 #define CERT_EXTENDED_KEY_USAGE "extendedKeyUsage"
 #define CERT_EKU_SERVER_AUTH SN_server_auth
+#define CERT_EKU_TLS_SERVER_AUTH LN_server_auth
 
 #define CERT_SUBJECT_KEY_IDENTFIER "subjectKeyIdentifier"
 #define CERT_AUTHORITY_KEY_IDENTIFIER "authorityKeyIdentifier"
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 55e49100c3..109a2133b8 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -925,8 +925,11 @@ void _validateCert(int validation_policy,
 		}
 		// only validate EKU if the cert has it
 		if(current_cert_info.has(CERT_EXTENDED_KEY_USAGE) && current_cert_info[CERT_EXTENDED_KEY_USAGE].isArray() &&	   
-		   (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
-									LLSD((std::string)CERT_EKU_SERVER_AUTH))))
+		   (  (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
+                                         LLSD((std::string)CERT_EKU_SERVER_AUTH)))
+           || (!_LLSDArrayIncludesValue(current_cert_info[CERT_EXTENDED_KEY_USAGE], 
+                                        LLSD((std::string)CERT_EKU_TLS_SERVER_AUTH)))
+            ))
 		{
 			LLTHROW(LLCertKeyUsageValidationException(current_cert_info));
 		}
-- 
cgit v1.2.3