From 96a4e16a4b4503204d6cb1275bb7c05bc7c63b16 Mon Sep 17 00:00:00 2001 From: Siana Gearz Date: Tue, 7 Aug 2012 16:48:22 +0200 Subject: [PATCH] Don't feed empty, non-working callback to CURL --- indra/llmessage/llhttpclient.cpp | 9 +------ indra/llmessage/llhttpclient.h | 6 ----- indra/llmessage/llurlrequest.cpp | 38 ++++++------------------------ indra/llmessage/llurlrequest.h | 4 +--- indra/newview/hipporestrequest.cpp | 2 +- 5 files changed, 10 insertions(+), 49 deletions(-) diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp index 75ccc3818..b1a744cef 100644 --- a/indra/llmessage/llhttpclient.cpp +++ b/indra/llmessage/llhttpclient.cpp @@ -42,8 +42,6 @@ const F32 HTTP_REQUEST_EXPIRY_SECS = 60.0f; -LLURLRequest::SSLCertVerifyCallback LLHTTPClient::mCertVerifyCallback = NULL; - //////////////////////////////////////////////////////////////////////////// // Responder class moved to LLCurl @@ -206,11 +204,6 @@ namespace LLPumpIO* theClientPump = NULL; } -void LLHTTPClient::setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback) -{ - LLHTTPClient::mCertVerifyCallback = callback; -} - static void request( const std::string& url, LLURLRequest::ERequestAction method, @@ -234,7 +227,7 @@ static void request( return ; } - req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req); + req->checkRootCertificate(true); lldebugs << LLURLRequest::actionAsVerb(method) << " " << url << " " diff --git a/indra/llmessage/llhttpclient.h b/indra/llmessage/llhttpclient.h index dda7d550f..bb5e27534 100644 --- a/indra/llmessage/llhttpclient.h +++ b/indra/llmessage/llhttpclient.h @@ -153,12 +153,6 @@ public: ///< for testing static LLPumpIO &getPump(); ///< Hippo special - - static void setCertVerifyCallback(LLURLRequest::SSLCertVerifyCallback callback); - static LLURLRequest::SSLCertVerifyCallback getCertVerifyCallback() { return mCertVerifyCallback; } - -protected: - static LLURLRequest::SSLCertVerifyCallback mCertVerifyCallback; }; #endif // LL_LLHTTPCLIENT_H diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index f5e08f393..60c663cc3 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -100,37 +100,6 @@ LLURLRequestDetail::~LLURLRequestDetail() mLastRead = NULL; } -void LLURLRequest::setSSLVerifyCallback(SSLCertVerifyCallback callback, void *param) -{ - mDetail->mSSLVerifyCallback = callback; - mDetail->mCurlRequest->setSSLCtxCallback(LLURLRequest::_sslCtxCallback, (void *)this); - mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, true); - mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, 2); -} - - -// _sslCtxFunction -// Callback function called when an SSL Context is created via CURL -// used to configure the context for custom cert validation - -CURLcode LLURLRequest::_sslCtxCallback(CURL * curl, void *sslctx, void *param) -{ - LLURLRequest *req = (LLURLRequest *)param; - if(req == NULL || req->mDetail->mSSLVerifyCallback == NULL) - { - SSL_CTX_set_cert_verify_callback((SSL_CTX *)sslctx, NULL, NULL); - return CURLE_OK; - } - SSL_CTX * ctx = (SSL_CTX *) sslctx; - // disable any default verification for server certs - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); - // set the verification callback. - SSL_CTX_set_cert_verify_callback(ctx, req->mDetail->mSSLVerifyCallback, (void *)req); - // the calls are void - return CURLE_OK; - -} - /** * class LLURLRequest */ @@ -196,6 +165,13 @@ void LLURLRequest::addHeader(const char* header) mDetail->mCurlRequest->slist_append(header); } +void LLURLRequest::checkRootCertificate(bool check) +{ + mDetail->mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, (check? TRUE : FALSE)); + mDetail->mCurlRequest->setoptString(CURLOPT_ENCODING, ""); +} + + void LLURLRequest::setBodyLimit(U32 size) { mDetail->mBodyLimit = size; diff --git a/indra/llmessage/llurlrequest.h b/indra/llmessage/llurlrequest.h index 1ba51a5ac..218dd6248 100644 --- a/indra/llmessage/llurlrequest.h +++ b/indra/llmessage/llurlrequest.h @@ -143,7 +143,7 @@ public: * Set whether request will check that remote server * certificates are signed by a known root CA when using HTTPS. */ - void setSSLVerifyCallback(SSLCertVerifyCallback callback, void * param); + void checkRootCertificate(bool check); /** @@ -226,8 +226,6 @@ protected: S32 mRequestTransferedBytes; S32 mResponseTransferedBytes; - static CURLcode _sslCtxCallback(CURL * curl, void *sslctx, void *param); - private: /** * @brief Initialize the object. Called during construction. diff --git a/indra/newview/hipporestrequest.cpp b/indra/newview/hipporestrequest.cpp index 7b64b35d8..8953dec87 100644 --- a/indra/newview/hipporestrequest.cpp +++ b/indra/newview/hipporestrequest.cpp @@ -256,7 +256,7 @@ static void request(const std::string &url, LLPumpIO::chain_t chain; LLURLRequest *req = new LLURLRequest(method, url); - req->setSSLVerifyCallback(LLHTTPClient::getCertVerifyCallback(), (void *)req); + req->checkRootCertificate(true); /* // Insert custom headers if the caller sent any