From 049dd374e9becc12b3e36e42d217f79ebf09ad45 Mon Sep 17 00:00:00 2001
From: UbitUmarov
Date: Wed, 7 Dec 2016 12:23:40 +0000
Subject: add SSL certs validation options for robust to allow simple
 certificates, possible only for encriptation without any peer
 autentification. disable validation by default for the small grids case

---
 OpenSim/Server/ServerMain.cs | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'OpenSim/Server/ServerMain.cs')

diff --git a/OpenSim/Server/ServerMain.cs b/OpenSim/Server/ServerMain.cs
index ed5a481..190f60f 100644
--- a/OpenSim/Server/ServerMain.cs
+++ b/OpenSim/Server/ServerMain.cs
@@ -30,6 +30,8 @@ using log4net;
 using System.Reflection;
 using System;
 using System.Net;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using System.Collections.Generic;
 using OpenSim.Framework.Servers;
 using OpenSim.Framework.Servers.HttpServer;
@@ -51,6 +53,26 @@ namespace OpenSim.Server
                 new List<IServiceConnector>();
 
         protected static PluginLoader loader;
+        private static bool m_NoVerifyCertChain = false;
+        private static bool m_NoVerifyCertHostname = false;
+
+        public static bool ValidateServerCertificate(
+            object sender,
+            X509Certificate certificate,
+            X509Chain chain,
+            SslPolicyErrors sslPolicyErrors)
+        {
+            if (m_NoVerifyCertChain)
+                sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
+ 
+            if (m_NoVerifyCertHostname)
+                sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch;
+
+            if (sslPolicyErrors == SslPolicyErrors.None)
+                return true;
+
+            return false;
+        }
 
         public static int Main(string[] args)
         {
@@ -69,6 +91,11 @@ namespace OpenSim.Server
                 throw new Exception("Configuration error");
             }
 
+            m_NoVerifyCertChain = serverConfig.GetBoolean("NoVerifyCertChain", m_NoVerifyCertChain);
+            m_NoVerifyCertHostname = serverConfig.GetBoolean("NoVerifyCertHostname", m_NoVerifyCertHostname);
+
+            ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
+
             string connList = serverConfig.GetString("ServiceConnectors", String.Empty);
             
             registryLocation = serverConfig.GetString("RegistryLocation",".");
-- 
cgit v1.1