SOCIAL-299 FIX Add *.lindenlab.com to trusted certificate authorities in WebKit

Reviewed by CB
2010-11-30 14:07:16 -08:00 · 2010-11-30 14:07:16 -08:00 · 1345cbb0ca
parent 60d4abc9d3
commit 1345cbb0ca
5 changed files with 50 additions and 1 deletions
--- a/indra/llplugin/llpluginclassmedia.cpp
+++ b/indra/llplugin/llpluginclassmedia.cpp
@ -1219,6 +1219,13 @@ void LLPluginClassMedia::ignore_ssl_cert_errors(bool ignore)
 	sendMessage(message);
 }

+void LLPluginClassMedia::setCertificateFilePath(const std::string& path)
+{
+	LLPluginMessage message(LLPLUGIN_MESSAGE_CLASS_MEDIA_BROWSER, "set_certificate_file_path");
+	message.setValue("path", path);
+	sendMessage(message);
+}
+
 void LLPluginClassMedia::crashPlugin()
 {
 	LLPluginMessage message(LLPLUGIN_MESSAGE_CLASS_INTERNAL, "crash");
--- a/indra/llplugin/llpluginclassmedia.h
+++ b/indra/llplugin/llpluginclassmedia.h
@ -203,6 +203,7 @@ public:
 	void proxyWindowOpened(const std::string &target, const std::string &uuid);
 	void proxyWindowClosed(const std::string &uuid);
 	void ignore_ssl_cert_errors(bool ignore);
+	void setCertificateFilePath(const std::string& path);
 	
 	// This is valid after MEDIA_EVENT_NAVIGATE_BEGIN or MEDIA_EVENT_NAVIGATE_COMPLETE
 	std::string	getNavigateURI() const { return mNavigateURI; };
--- a/indra/media_plugins/webkit/media_plugin_webkit.cpp
+++ b/indra/media_plugins/webkit/media_plugin_webkit.cpp
@ -1229,6 +1229,14 @@ void MediaPluginWebKit::receiveMessage(const char *message_string)
 				LLQtWebKit::getInstance()->setIgnoreSSLCertErrors( message_in.getValueBoolean("ignore") );
 #else
 				llwarns << "Ignoring ignore_ssl_cert_errors message (llqtwebkit version is too old)." << llendl;
+#endif
+			}
+			else if(message_name == "set_certificate_file_path")
+			{
+#if LLQTWEBKIT_API_VERSION >= 3
+				LLQtWebKit::getInstance()->setCAFile( message_in.getValue("path") );
+#else
+				llwarns << "Ignoring set_certificate_file_path message (llqtwebkit version is too old)." << llendl;
 #endif
 			}
 			else if(message_name == "init_history")
--- a/indra/newview/app_settings/settings.xml
+++ b/indra/newview/app_settings/settings.xml
@ -685,6 +685,28 @@
      <key>Value</key>
      <integer>0</integer>
    </map>
+    <key>BrowserUseDefaultCAFile</key>
+    <map>
+      <key>Comment</key>
+      <string>Tell the built-in web browser to use the CA.pem file shipped with the client.</string>
+      <key>Persist</key>
+      <integer>1</integer>
+      <key>Type</key>
+      <string>Boolean</string>
+      <key>Value</key>
+      <integer>1</integer>
+    </map>
+    <key>BrowserCAFilePath</key>
+    <map>
+      <key>Comment</key>
+      <string>Tell the built-in web browser the path to an alternative CA.pem file (only used if BrowserUseDefaultCAFile is false).</string>
+      <key>Persist</key>
+      <integer>1</integer>
+      <key>Type</key>
+      <string>String</string>
+      <key>Value</key>
+      <string></string>
+    </map>  
    <key>BlockAvatarAppearanceMessages</key>
        <map>
        <key>Comment</key>
--- a/indra/newview/llviewermedia.cpp
+++ b/indra/newview/llviewermedia.cpp
@ -1805,7 +1805,18 @@ bool LLViewerMediaImpl::initializePlugin(const std::string& media_type)
 		{
 			media_source->ignore_ssl_cert_errors(true);
 		}
-		
+
+		// start by assuming the default CA file will be used
+		std::string ca_path = gDirUtilp->getExpandedFilename( LL_PATH_APP_SETTINGS, "CA.pem" );
+	
+		// default turned off so pick up the user specified path
+		if( ! gSavedSettings.getBOOL("BrowserUseDefaultCAFile"))
+		{
+			ca_path = gSavedSettings.getString("BrowserCAFilePath");
+		}
+		// set the path to the CA.pem file
+		media_source->setCertificateFilePath( ca_path );
+
 		media_source->proxy_setup(gSavedSettings.getBOOL("BrowserProxyEnabled"), gSavedSettings.getString("BrowserProxyAddress"), gSavedSettings.getS32("BrowserProxyPort"));
 		
 		if(mClearCache)