diff --git a/doc/contributions.txt b/doc/contributions.txt index a1cc3d542a..937ba916af 100755 --- a/doc/contributions.txt +++ b/doc/contributions.txt @@ -232,6 +232,10 @@ Ansariel Hiller SL-14940 SL-14941 SL-3136 + SL-15200 + SL-15226 + SL-15227 + SL-15398 Aralara Rajal Arare Chantilly CHUIBUG-191 diff --git a/indra/llfilesystem/lldiskcache.cpp b/indra/llfilesystem/lldiskcache.cpp index cf891e7913..079969e8db 100644 --- a/indra/llfilesystem/lldiskcache.cpp +++ b/indra/llfilesystem/lldiskcache.cpp @@ -66,9 +66,9 @@ LLDiskCache::LLDiskCache(const std::string cache_dir, // WARNING: purge() is called by LLPurgeDiskCacheThread. As such it must // NOT touch any LLDiskCache data without introducing and locking a mutex! -// Interaction through the filesystem itself should be safe. Let’s say thread +// Interaction through the filesystem itself should be safe. Let’s say thread // A is accessing the cache file for reading/writing and thread B is trimming -// the cache. Let’s also assume using llifstream to open a file and +// the cache. Let’s also assume using llifstream to open a file and // boost::filesystem::remove are not atomic (which will be pretty much the // case). diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 8ac375dd2f..671e78db54 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -923,11 +923,19 @@ void _validateCert(int validation_policy, } if (validation_policy & VALIDATION_POLICY_SSL_KU) { + // This stanza of code was changed 2021-06-09 as per details in SL-15370. + // Brief summary: a renewed certificate from Akamai only contains the + // 'Digital Signature' field and not the 'Key Encipherment' one. This code + // used to look for both and throw an exception at startup (ignored) and + // (for example) when buying L$ in the Viewer (fails with a UI message + // and an entry in the Viewer log). This modified code removes the second + // check for the 'Key Encipherment' field. If Akamai can provide a + // replacement certificate that has both fields, then this modified code + // will not be required. if (current_cert_info.has(CERT_KEY_USAGE) && current_cert_info[CERT_KEY_USAGE].isArray() && - (!(_LLSDArrayIncludesValue(current_cert_info[CERT_KEY_USAGE], - LLSD((std::string)CERT_KU_DIGITAL_SIGNATURE))) || !(_LLSDArrayIncludesValue(current_cert_info[CERT_KEY_USAGE], - LLSD((std::string)CERT_KU_KEY_ENCIPHERMENT))))) + LLSD((std::string)CERT_KU_DIGITAL_SIGNATURE))) + ) { LLTHROW(LLCertKeyUsageValidationException(current_cert_info)); }