diff --git a/indra/aistatemachine/aicurl.cpp b/indra/aistatemachine/aicurl.cpp
index 40d417007..128110080 100644
--- a/indra/aistatemachine/aicurl.cpp
+++ b/indra/aistatemachine/aicurl.cpp
@@ -59,6 +59,12 @@
#include "aihttptimeoutpolicy.h"
#include "aicurleasyrequeststatemachine.h"
+//==================================================================================
+// Debug Settings
+//
+
+bool gNoVerifySSLCert;
+
//==================================================================================
// Local variables.
//
@@ -828,9 +834,6 @@ void CurlEasyRequest::setPost_raw(U32 size, char const* data)
DoutCurl("POST size is " << size << " bytes.");
}
- // Accept everything (send an Accept-Encoding header containing all encodings we support (zlib and gzip)).
- setoptString(CURLOPT_ENCODING, ""); // CURLOPT_ACCEPT_ENCODING
-
// The server never replies with 100-continue, so suppress the "Expect: 100-continue" header that libcurl adds by default.
addHeader("Expect:");
if (size > 0)
@@ -1367,10 +1370,6 @@ void CurlResponderBuffer::prepRequest(AICurlEasyRequest_wat& curl_easy_request_w
curl_easy_request_w->setopt(CURLOPT_MAXREDIRS, HTTP_REDIRECTS_DEFAULT);
}
- curl_easy_request_w->setopt(CURLOPT_SSL_VERIFYPEER, 1);
- // Don't verify host name so urls with scrubbed host names will work (improves DNS performance).
- curl_easy_request_w->setopt(CURLOPT_SSL_VERIFYHOST, 0);
-
// Keep responder alive.
mResponder = responder;
// Send header events to responder if needed.
diff --git a/indra/aistatemachine/aicurl.h b/indra/aistatemachine/aicurl.h
index 595127532..e1a999c9c 100644
--- a/indra/aistatemachine/aicurl.h
+++ b/indra/aistatemachine/aicurl.h
@@ -54,6 +54,8 @@
#include "aithreadsafe.h"
#include "aihttpheaders.h"
+extern bool gNoVerifySSLCert;
+
class LLSD;
class LLBufferArray;
class LLChannelDescriptors;
@@ -147,7 +149,7 @@ struct TransferInfo {
void initCurl(void (*)(void) = NULL);
// Called once at start of application (from LLAppViewer::initThreads), starts AICurlThread.
-void startCurlThread(U32 CurlConcurrentConnections);
+void startCurlThread(U32 CurlConcurrentConnections, bool NoVerifySSLCert);
// Called once at end of application (from newview/llappviewer.cpp by main thread),
// with purpose to stop curl threads, free curl resources and deinitialize curl.
diff --git a/indra/aistatemachine/aicurlthread.cpp b/indra/aistatemachine/aicurlthread.cpp
index 22925613c..a70f8e820 100644
--- a/indra/aistatemachine/aicurlthread.cpp
+++ b/indra/aistatemachine/aicurlthread.cpp
@@ -2482,12 +2482,13 @@ void AICurlEasyRequest::removeRequest(void)
namespace AICurlInterface {
-void startCurlThread(U32 CurlConcurrentConnections)
+void startCurlThread(U32 CurlConcurrentConnections, bool NoVerifySSLCert)
{
using namespace AICurlPrivate::curlthread;
llassert(is_main_thread());
curl_concurrent_connections = CurlConcurrentConnections; // Debug Setting.
+ gNoVerifySSLCert = NoVerifySSLCert; // Debug Setting.
AICurlThread::sInstance = new AICurlThread;
AICurlThread::sInstance->start();
}
diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp
index 5ec98b5e3..e7becc520 100644
--- a/indra/llmessage/llhttpclient.cpp
+++ b/indra/llmessage/llhttpclient.cpp
@@ -149,7 +149,9 @@ static void request(
LLURLRequest::ERequestAction method,
Injector* body_injector,
LLCurl::ResponderPtr responder,
- AIHTTPHeaders& headers)
+ AIHTTPHeaders& headers,
+ bool is_auth = false,
+ bool no_compression = false)
{
if (responder)
{
@@ -160,7 +162,7 @@ static void request(
LLURLRequest* req;
try
{
- req = new LLURLRequest(method, url, body_injector, responder, headers);
+ req = new LLURLRequest(method, url, body_injector, responder, headers, is_auth, no_compression);
}
catch(AICurlNoEasyHandle& error)
{
diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp
index 1ea9c02ad..17c393b02 100644
--- a/indra/llmessage/llurlrequest.cpp
+++ b/indra/llmessage/llurlrequest.cpp
@@ -113,8 +113,10 @@ std::string LLURLRequest::actionAsVerb(LLURLRequest::ERequestAction action)
}
// This might throw AICurlNoEasyHandle.
-LLURLRequest::LLURLRequest(LLURLRequest::ERequestAction action, std::string const& url, Injector* body, AICurlInterface::ResponderPtr responder, AIHTTPHeaders& headers) :
- AICurlEasyRequestStateMachine(true), mAction(action), mURL(url), mBody(body), mResponder(responder), mHeaders(headers)
+LLURLRequest::LLURLRequest(LLURLRequest::ERequestAction action, std::string const& url, Injector* body,
+ AICurlInterface::ResponderPtr responder, AIHTTPHeaders& headers, bool is_auth, bool no_compression) :
+ AICurlEasyRequestStateMachine(true), mAction(action), mURL(url), mIsAuth(is_auth), mNoCompression(no_compression),
+ mBody(body), mResponder(responder), mHeaders(headers)
{
}
@@ -507,7 +509,7 @@ bool LLURLRequest::configure(AICurlEasyRequest_wat const& curlEasyRequest_w)
curlEasyRequest_w->setopt(CURLOPT_FOLLOWLOCATION, 1);
// Set Accept-Encoding to allow response compression
- curlEasyRequest_w->setoptString(CURLOPT_ENCODING, "");
+ curlEasyRequest_w->setoptString(CURLOPT_ENCODING, mNoCompression ? "identity" : "");
rv = true;
break;
@@ -525,6 +527,9 @@ bool LLURLRequest::configure(AICurlEasyRequest_wat const& curlEasyRequest_w)
{
// Set the handle for an http post
curlEasyRequest_w->setPost(mBodySize);
+
+ // Set Accept-Encoding to allow response compression
+ curlEasyRequest_w->setoptString(CURLOPT_ENCODING, mNoCompression ? "identity" : "");
rv = true;
break;
}
@@ -546,6 +551,10 @@ bool LLURLRequest::configure(AICurlEasyRequest_wat const& curlEasyRequest_w)
}
if(rv)
{
+ curlEasyRequest_w->setopt(CURLOPT_SSL_VERIFYPEER, gNoVerifySSLCert ? 0L : 1L);
+ // Don't verify host name if this is not an authentication request,
+ // so urls with scrubbed host names will work (improves DNS performance).
+ curlEasyRequest_w->setopt(CURLOPT_SSL_VERIFYHOST, (gNoVerifySSLCert || !mIsAuth) ? 0L : 2L);
curlEasyRequest_w->finalizeRequest(mURL, mResponder->getHTTPTimeoutPolicy(), this);
}
}
diff --git a/indra/llmessage/llurlrequest.h b/indra/llmessage/llurlrequest.h
index 1c078b907..5ae4d64aa 100644
--- a/indra/llmessage/llurlrequest.h
+++ b/indra/llmessage/llurlrequest.h
@@ -75,7 +75,7 @@ class LLURLRequest : public AICurlEasyRequestStateMachine {
* @param action One of the ERequestAction enumerations.
* @param url The url of the request. It should already be encoded.
*/
- LLURLRequest(ERequestAction action, std::string const& url, Injector* body, AICurlInterface::ResponderPtr responder, AIHTTPHeaders& headers);
+ LLURLRequest(ERequestAction action, std::string const& url, Injector* body, AICurlInterface::ResponderPtr responder, AIHTTPHeaders& headers, bool is_auth, bool no_compression);
/**
* @brief Turn on cookie handling for this request with CURLOPT_COOKIEFILE.
@@ -109,6 +109,8 @@ class LLURLRequest : public AICurlEasyRequestStateMachine {
private:
ERequestAction mAction;
std::string mURL;
+ bool mIsAuth; // Set for authentication messages (login, buy land, buy currency).
+ bool mNoCompression; // Set to disable using gzip.
Injector* mBody; // Non-zero iff the action is HTTP_POST and HTTP_PUT.
U32 mBodySize;
AICurlInterface::ResponderPtr mResponder;
diff --git a/indra/newview/app_settings/settings.xml b/indra/newview/app_settings/settings.xml
index 2b7064536..ef6ad1679 100644
--- a/indra/newview/app_settings/settings.xml
+++ b/indra/newview/app_settings/settings.xml
@@ -9059,7 +9059,7 @@
NoVerifySSLCert