From cae4e785be149467095897e7b0e18ba7d4d60b50 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Tue, 18 May 2010 22:18:54 -0700 Subject: Allow update of the default CAs on install --- indra/newview/llsechandler_basic.cpp | 45 ++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 22 deletions(-) (limited to 'indra') diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index df55ccf142..edf5ce9b60 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -585,6 +585,11 @@ LLBasicCertificateStore::LLBasicCertificateStore(const std::string& filename) void LLBasicCertificateStore::load_from_file(const std::string& filename) { // scan the PEM file extracting each certificate + if (!LLFile::isfile(filename)) + { + return; + } + BIO* file_bio = BIO_new(BIO_s_file()); if(file_bio) { @@ -1148,30 +1153,26 @@ void LLSecAPIBasicHandler::init() "bin_conf.dat"); std::string store_file = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS, "CA.pem"); - // copy the CA file to a user writable location so we can manipulate it. - // for this provider, by using a user writable file, there is a risk that - // an attacking program can modify the file, but OS dependent providers - // will reduce that risk. - // by using a user file, modifications will be limited to one user if - // we read-only the main file - if (!LLFile::isfile(store_file)) - { - - std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem"); - llifstream ca_file(ca_file_path.c_str(), llifstream::binary | llifstream::in); - llofstream copied_store_file(store_file.c_str(), llofstream::binary | llofstream::out); - - while(!ca_file.fail()) - { - char buffer[BUFFER_READ_SIZE]; - ca_file.read(buffer, sizeof(buffer)); - copied_store_file.write(buffer, ca_file.gcount()); - } - ca_file.close(); - copied_store_file.close(); - } + + LL_INFOS("SECAPI") << "Loading certificate store from " << store_file << LL_ENDL; mStore = new LLBasicCertificateStore(store_file); + + // grab the application CA.pem file that contains the well-known certs shipped + // with the product + std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem"); + llinfos << "app path " << ca_file_path << llendl; + LLBasicCertificateStore app_ca_store = LLBasicCertificateStore(ca_file_path); + + // push the applicate CA files into the store, therefore adding any new CA certs that + // updated + for(LLCertificateVector::iterator i = app_ca_store.begin(); + i != app_ca_store.end(); + i++) + { + mStore->add(*i); + } + } _readProtectedData(); // initialize mProtectedDataMap // may throw LLProtectedDataException if saved datamap is not decryptable -- cgit v1.2.3