diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp index c8e706f44..d611a6b5f 100644 --- a/indra/llmessage/llhttpclient.cpp +++ b/indra/llmessage/llhttpclient.cpp @@ -41,8 +41,6 @@ const F32 HTTP_REQUEST_EXPIRY_SECS = 60.0f; -LLURLRequest::SSLCertVerifyCallback LLHTTPClient::mCertVerifyCallback = NULL; - //////////////////////////////////////////////////////////////////////////// // Responder class moved to LLCurl @@ -205,11 +203,6 @@ namespace LLPumpIO* theClientPump = NULL; } -void LLHTTPClient::setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback) -{ - LLHTTPClient::mCertVerifyCallback = callback; -} - static void request( const std::string& url, LLURLRequest::ERequestAction method, @@ -244,7 +237,7 @@ static void request( return ; } - req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req); + req->checkRootCertificate(true); lldebugs << LLURLRequest::actionAsVerb(method) << " " << url << " " diff --git a/indra/llmessage/llhttpclient.h b/indra/llmessage/llhttpclient.h index 39a6498d8..d371290db 100644 --- a/indra/llmessage/llhttpclient.h +++ b/indra/llmessage/llhttpclient.h @@ -155,12 +155,6 @@ public: ///< for testing static LLPumpIO &getPump(); ///< Hippo special - - static void setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback); - static LLURLRequest::SSLCertVerifyCallback getCertVerifyCallback() { return mCertVerifyCallback; } - -protected: - static LLURLRequest::SSLCertVerifyCallback mCertVerifyCallback; }; #endif // LL_LLHTTPCLIENT_H diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index c59c5bb3a..ba0d24ce3 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -91,39 +91,6 @@ LLURLRequestDetail::~LLURLRequestDetail() mLastRead = NULL; } -void LLURLRequest::setSSLVerifyCallback(SSLCertVerifyCallback callback, void *param) -{ - LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); - mDetail->mSSLVerifyCallback = callback; - AICurlEasyRequest_wat curlEasyRequest_w(*mDetail->mCurlEasyRequest); - curlEasyRequest_w->setSSLCtxCallback(LLURLRequest::_sslCtxCallback, (void *)this); - curlEasyRequest_w->setopt(CURLOPT_SSL_VERIFYPEER, true); - curlEasyRequest_w->setopt(CURLOPT_SSL_VERIFYHOST, 2); -} - - -// _sslCtxFunction -// Callback function called when an SSL Context is created via CURL -// used to configure the context for custom cert validation - -CURLcode LLURLRequest::_sslCtxCallback(CURL * curl, void *sslctx, void *param) -{ - LLURLRequest *req = (LLURLRequest *)param; - if(req == NULL || req->mDetail->mSSLVerifyCallback == NULL) - { - SSL_CTX_set_cert_verify_callback((SSL_CTX *)sslctx, NULL, NULL); - return CURLE_OK; - } - SSL_CTX * ctx = (SSL_CTX *) sslctx; - // disable any default verification for server certs - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); - // set the verification callback. - SSL_CTX_set_cert_verify_callback(ctx, req->mDetail->mSSLVerifyCallback, (void *)req); - // the calls are void - return CURLE_OK; - -} - /** * class LLURLRequest */ @@ -195,6 +162,13 @@ void LLURLRequest::addHeader(const char* header) curlEasyRequest_w->addHeader(header); } +void LLURLRequest::checkRootCertificate(bool check) +{ + mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE)); + mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, ""); +} + + void LLURLRequest::setBodyLimit(U32 size) { mDetail->mBodyLimit = size; diff --git a/indra/llmessage/llurlrequest.h b/indra/llmessage/llurlrequest.h index aee8a1a84..10ad50f28 100644 --- a/indra/llmessage/llurlrequest.h +++ b/indra/llmessage/llurlrequest.h @@ -142,7 +142,7 @@ public: * Set whether request will check that remote server * certificates are signed by a known root CA when using HTTPS. */ - void setSSLVerifyCallback(SSLCertVerifyCallback callback, void * param); + void checkRootCertificate(bool check); /** @@ -227,8 +227,6 @@ protected: S32 mRequestTransferedBytes; S32 mResponseTransferedBytes; - static CURLcode _sslCtxCallback(CURL * curl, void *sslctx, void *param); - // mRemoved is used instead of changing mState directly, because I'm not convinced the latter is atomic. // Set to false before adding curl request and then only tested. // Reset in removed_from_multi_handle (by another thread), this is thread-safe. diff --git a/indra/newview/hipporestrequest.cpp b/indra/newview/hipporestrequest.cpp index 60d7770a1..12e112bcf 100644 --- a/indra/newview/hipporestrequest.cpp +++ b/indra/newview/hipporestrequest.cpp @@ -268,7 +268,7 @@ static void request(const std::string &url, llwarns << "Failed to create LLURLRequest: " << error.what() << llendl; return; } - req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req); + req->checkRootCertificate(true); /* // Insert custom headers if the caller sent any