diff options
| author | UbitUmarov | 2018-09-08 04:46:02 +0100 |
|---|---|---|
| committer | UbitUmarov | 2018-09-08 04:46:02 +0100 |
| commit | 0d93d5ce69e658476d3f810d525df22348799d59 (patch) | |
| tree | 7dcdbe5fb30735896f344d6b3b2add2b80a165fa | |
| parent | a few changes to ScriptSleep() functions (diff) | |
| download | opensim-SC-0d93d5ce69e658476d3f810d525df22348799d59.zip opensim-SC-0d93d5ce69e658476d3f810d525df22348799d59.tar.gz opensim-SC-0d93d5ce69e658476d3f810d525df22348799d59.tar.bz2 opensim-SC-0d93d5ce69e658476d3f810d525df22348799d59.tar.xz | |
fix script secure llhttlrequest
| -rw-r--r-- | OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs | 84 |
1 files changed, 43 insertions, 41 deletions
diff --git a/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs b/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs index e7f0aec..3d3a768 100644 --- a/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs +++ b/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs | |||
| @@ -110,49 +110,8 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest | |||
| 110 | 110 | ||
| 111 | public HttpRequestModule() | 111 | public HttpRequestModule() |
| 112 | { | 112 | { |
| 113 | // ServicePointManager.ServerCertificateValidationCallback +=ValidateServerCertificate; | ||
| 114 | } | 113 | } |
| 115 | 114 | ||
| 116 | public static bool ValidateServerCertificate( | ||
| 117 | object sender, | ||
| 118 | X509Certificate certificate, | ||
| 119 | X509Chain chain, | ||
| 120 | SslPolicyErrors sslPolicyErrors) | ||
| 121 | { | ||
| 122 | // If this is a web request we need to check the headers first | ||
| 123 | // We may want to ignore SSL | ||
| 124 | if (sender is HttpWebRequest) | ||
| 125 | { | ||
| 126 | HttpWebRequest Request = (HttpWebRequest)sender; | ||
| 127 | ServicePoint sp = Request.ServicePoint; | ||
| 128 | |||
| 129 | // We don't case about encryption, get out of here | ||
| 130 | if (Request.Headers.Get("NoVerifyCert") != null) | ||
| 131 | { | ||
| 132 | return true; | ||
| 133 | } | ||
| 134 | |||
| 135 | // If there was an upstream cert verification error, bail | ||
| 136 | if ((((int)sslPolicyErrors) & ~4) != 0) | ||
| 137 | return false; | ||
| 138 | |||
| 139 | // Check for policy and execute it if defined | ||
| 140 | #pragma warning disable 0618 | ||
| 141 | if (ServicePointManager.CertificatePolicy != null) | ||
| 142 | { | ||
| 143 | return ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, Request, 0); | ||
| 144 | } | ||
| 145 | #pragma warning restore 0618 | ||
| 146 | |||
| 147 | return true; | ||
| 148 | } | ||
| 149 | |||
| 150 | // If it's not HTTP, trust .NET to check it | ||
| 151 | if ((((int)sslPolicyErrors) & ~4) != 0) | ||
| 152 | return false; | ||
| 153 | |||
| 154 | return true; | ||
| 155 | } | ||
| 156 | #region IHttpRequestModule Members | 115 | #region IHttpRequestModule Members |
| 157 | 116 | ||
| 158 | public UUID MakeHttpRequest(string url, string parameters, string body) | 117 | public UUID MakeHttpRequest(string url, string parameters, string body) |
| @@ -522,6 +481,47 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest | |||
| 522 | return null; | 481 | return null; |
| 523 | } | 482 | } |
| 524 | 483 | ||
| 484 | public static bool ValidateServerCertificate( | ||
| 485 | object sender, | ||
| 486 | X509Certificate certificate, | ||
| 487 | X509Chain chain, | ||
| 488 | SslPolicyErrors sslPolicyErrors) | ||
| 489 | { | ||
| 490 | // If this is a web request we need to check the headers first | ||
| 491 | // We may want to ignore SSL | ||
| 492 | if (sender is HttpWebRequest) | ||
| 493 | { | ||
| 494 | HttpWebRequest Request = (HttpWebRequest)sender; | ||
| 495 | ServicePoint sp = Request.ServicePoint; | ||
| 496 | |||
| 497 | // We don't case about encryption, get out of here | ||
| 498 | if (Request.Headers.Get("NoVerifyCert") != null) | ||
| 499 | { | ||
| 500 | return true; | ||
| 501 | } | ||
| 502 | |||
| 503 | // If there was an upstream cert verification error, bail | ||
| 504 | if ((((int)sslPolicyErrors) & ~4) != 0) | ||
| 505 | return false; | ||
| 506 | |||
| 507 | // Check for policy and execute it if defined | ||
| 508 | #pragma warning disable 0618 | ||
| 509 | if (ServicePointManager.CertificatePolicy != null) | ||
| 510 | { | ||
| 511 | return ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, Request, 0); | ||
| 512 | } | ||
| 513 | #pragma warning restore 0618 | ||
| 514 | |||
| 515 | return true; | ||
| 516 | } | ||
| 517 | |||
| 518 | // If it's not HTTP, trust .NET to check it | ||
| 519 | if ((((int)sslPolicyErrors) & ~4) != 0) | ||
| 520 | return false; | ||
| 521 | |||
| 522 | return true; | ||
| 523 | } | ||
| 524 | |||
| 525 | /* | 525 | /* |
| 526 | * TODO: More work on the response codes. Right now | 526 | * TODO: More work on the response codes. Right now |
| 527 | * returning 200 for success or 499 for exception | 527 | * returning 200 for success or 499 for exception |
| @@ -538,6 +538,8 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest | |||
| 538 | try | 538 | try |
| 539 | { | 539 | { |
| 540 | Request = (HttpWebRequest)WebRequest.Create(Url); | 540 | Request = (HttpWebRequest)WebRequest.Create(Url); |
| 541 | Request.ServerCertificateValidationCallback = ValidateServerCertificate; | ||
| 542 | |||
| 541 | Request.AllowAutoRedirect = false; | 543 | Request.AllowAutoRedirect = false; |
| 542 | Request.KeepAlive = false; | 544 | Request.KeepAlive = false; |
| 543 | 545 | ||