From 75755a675120002fd7cbc3dc324bd8b50a9dba23 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Tue, 18 May 2010 15:56:42 -0700 Subject: Add missing debug grids --- indra/newview/llviewernetwork.cpp | 26 +++++++++++++++++++++++++- indra/newview/tests/llviewernetwork_test.cpp | 8 ++++---- 2 files changed, 29 insertions(+), 5 deletions(-) (limited to 'indra') diff --git a/indra/newview/llviewernetwork.cpp b/indra/newview/llviewernetwork.cpp index a160572f7a..7812867667 100644 --- a/indra/newview/llviewernetwork.cpp +++ b/indra/newview/llviewernetwork.cpp @@ -108,6 +108,26 @@ void LLGridManager::initialize(const std::string& grid_file) "https://login.aruna.lindenlab.com/cgi-bin/login.cgi", "http://aruna-secondlife.webdev.lindenlab.com/helpers/", DEFAULT_LOGIN_PAGE); + addSystemGrid("Bharati", + "util.bharati.lindenlab.com", + "https://login.bharati.lindenlab.com/cgi-bin/login.cgi", + "http://bharati-secondlife.webdev.lindenlab.com/helpers/", + DEFAULT_LOGIN_PAGE); + addSystemGrid("Chandra", + "util.chandra.lindenlab.com", + "https://login.chandra.lindenlab.com/cgi-bin/login.cgi", + "http://chandra-secondlife.webdev.lindenlab.com/helpers/", + DEFAULT_LOGIN_PAGE); + addSystemGrid("Damballah", + "util.damballah.lindenlab.com", + "https://login.damballah.lindenlab.com/cgi-bin/login.cgi", + "http://damballah-secondlife.webdev.lindenlab.com/helpers/", + DEFAULT_LOGIN_PAGE); + addSystemGrid("Danu", + "util.danu.lindenlab.com", + "https://login.danu.lindenlab.com/cgi-bin/login.cgi", + "http://danu-secondlife.webdev.lindenlab.com/helpers/", + DEFAULT_LOGIN_PAGE); addSystemGrid("Durga", "util.durga.lindenlab.com", "https://login.durga.lindenlab.com/cgi-bin/login.cgi", @@ -133,6 +153,11 @@ void LLGridManager::initialize(const std::string& grid_file) "https://login.nandi.lindenlab.com/cgi-bin/login.cgi", "http://nandi-secondlife.webdev.lindenlab.com/helpers/", DEFAULT_LOGIN_PAGE); + addSystemGrid("Parvati", + "util.parvati.lindenlab.com", + "https://login.parvati.lindenlab.com/cgi-bin/login.cgi", + "http://parvati-secondlife.webdev.lindenlab.com/helpers/", + DEFAULT_LOGIN_PAGE); addSystemGrid("Radha", "util.radha.lindenlab.com", "https://login.radha.lindenlab.com/cgi-bin/login.cgi", @@ -158,7 +183,6 @@ void LLGridManager::initialize(const std::string& grid_file) "https://login.soma.lindenlab.com/cgi-bin/login.cgi", "http://soma-secondlife.webdev.lindenlab.com/helpers/", DEFAULT_LOGIN_PAGE); - addSystemGrid("Uma", "util.uma.lindenlab.com", "https://login.uma.lindenlab.com/cgi-bin/login.cgi", diff --git a/indra/newview/tests/llviewernetwork_test.cpp b/indra/newview/tests/llviewernetwork_test.cpp index 025b570be2..d819b44564 100644 --- a/indra/newview/tests/llviewernetwork_test.cpp +++ b/indra/newview/tests/llviewernetwork_test.cpp @@ -143,7 +143,7 @@ namespace tut manager->initialize("grid_test.xml"); // validate that some of the defaults are available. std::map known_grids = manager->getKnownGrids(); - ensure_equals("Known grids is a string-string map of size 18", known_grids.size(), 18); + ensure_equals("Known grids is a string-string map of size 23", known_grids.size(), 23); ensure_equals("Agni has the right name and label", known_grids[std::string("util.agni.lindenlab.com")], std::string("Agni")); ensure_equals("None exists", known_grids[""], "None"); @@ -184,7 +184,7 @@ namespace tut LLGridManager::getInstance()->initialize("grid_test.xml"); std::map known_grids = LLGridManager::getInstance()->getKnownGrids(); ensure_equals("adding a grid via a grid file increases known grid size", - known_grids.size(), 19); + known_grids.size(), 24); ensure_equals("Agni is still there after we've added a grid via a grid file", known_grids["util.agni.lindenlab.com"], std::string("Agni")); @@ -250,7 +250,7 @@ namespace tut // with single login uri specified. std::map known_grids = LLGridManager::getInstance()->getKnownGrids(); ensure_equals("adding a command line grid increases known grid size", - known_grids.size(), 19); + known_grids.size(), 24); ensure_equals("Command line grid is added to the list of grids", known_grids["my.login.uri"], std::string("my.login.uri")); LLSD grid = LLGridManager::getInstance()->getGridInfo("my.login.uri"); @@ -279,7 +279,7 @@ namespace tut LLGridManager::getInstance()->initialize("grid_test.xml"); known_grids = LLGridManager::getInstance()->getKnownGrids(); ensure_equals("adding a command line grid with custom name increases known grid size", - known_grids.size(), 19); + known_grids.size(), 24); ensure_equals("Custom Command line grid is added to the list of grids", known_grids["mycustomgridchoice"], std::string("mycustomgridchoice")); grid = LLGridManager::getInstance()->getGridInfo("mycustomgridchoice"); -- cgit v1.2.3 From cae4e785be149467095897e7b0e18ba7d4d60b50 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Tue, 18 May 2010 22:18:54 -0700 Subject: Allow update of the default CAs on install --- indra/newview/llsechandler_basic.cpp | 45 ++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 22 deletions(-) (limited to 'indra') diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index df55ccf142..edf5ce9b60 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -585,6 +585,11 @@ LLBasicCertificateStore::LLBasicCertificateStore(const std::string& filename) void LLBasicCertificateStore::load_from_file(const std::string& filename) { // scan the PEM file extracting each certificate + if (!LLFile::isfile(filename)) + { + return; + } + BIO* file_bio = BIO_new(BIO_s_file()); if(file_bio) { @@ -1148,30 +1153,26 @@ void LLSecAPIBasicHandler::init() "bin_conf.dat"); std::string store_file = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "CA.pem"); - // copy the CA file to a user writable location so we can manipulate it. - // for this provider, by using a user writable file, there is a risk that - // an attacking program can modify the file, but OS dependent providers - // will reduce that risk. - // by using a user file, modifications will be limited to one user if - // we read-only the main file - if (!LLFile::isfile(store_file)) - { - - std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem"); - llifstream ca_file(ca_file_path.c_str(), llifstream::binary | llifstream::in); - llofstream copied_store_file(store_file.c_str(), llofstream::binary | llofstream::out); - - while(!ca_file.fail()) - { - char buffer[BUFFER_READ_SIZE]; - ca_file.read(buffer, sizeof(buffer)); - copied_store_file.write(buffer, ca_file.gcount()); - } - ca_file.close(); - copied_store_file.close(); - } + + LL_INFOS("SECAPI") << "Loading certificate store from " << store_file << LL_ENDL; mStore = new LLBasicCertificateStore(store_file); + + // grab the application CA.pem file that contains the well-known certs shipped + // with the product + std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem"); + llinfos << "app path " << ca_file_path << llendl; + LLBasicCertificateStore app_ca_store = LLBasicCertificateStore(ca_file_path); + + // push the applicate CA files into the store, therefore adding any new CA certs that + // updated + for(LLCertificateVector::iterator i = app_ca_store.begin(); + i != app_ca_store.end(); + i++) + { + mStore->add(*i); + } + } _readProtectedData(); // initialize mProtectedDataMap // may throw LLProtectedDataException if saved datamap is not decryptable -- cgit v1.2.3 From f46eb52e90c987f57ba9fd651a99c7075d54c9dc Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Wed, 19 May 2010 00:29:49 -0700 Subject: Add digicert high assurence CA --- indra/newview/app_settings/CA.pem | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'indra') diff --git a/indra/newview/app_settings/CA.pem b/indra/newview/app_settings/CA.pem index 779b14434d..e68e2b6ce6 100644 --- a/indra/newview/app_settings/CA.pem +++ b/indra/newview/app_settings/CA.pem @@ -1846,3 +1846,26 @@ gxO37yK5JUII7t4zNaTJnuFPbUxcNa/WQOMTBzp5xXdnqkTxJk4oHvO7x3+SEElZ KeKB2mkBRCUG3dznWSFWrUT9hrui -----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- -- cgit v1.2.3