From 0d93d5ce69e658476d3f810d525df22348799d59 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Sat, 8 Sep 2018 04:46:02 +0100 Subject: [PATCH] fix script secure llhttlrequest --- .../HttpRequest/ScriptsHttpRequests.cs | 84 ++++++++++--------- 1 file changed, 43 insertions(+), 41 deletions(-) diff --git a/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs b/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs index e7f0aec483..3d3a76861b 100644 --- a/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs +++ b/OpenSim/Region/CoreModules/Scripting/HttpRequest/ScriptsHttpRequests.cs @@ -110,49 +110,8 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest public HttpRequestModule() { -// ServicePointManager.ServerCertificateValidationCallback +=ValidateServerCertificate; } - public static bool ValidateServerCertificate( - object sender, - X509Certificate certificate, - X509Chain chain, - SslPolicyErrors sslPolicyErrors) - { - // If this is a web request we need to check the headers first - // We may want to ignore SSL - if (sender is HttpWebRequest) - { - HttpWebRequest Request = (HttpWebRequest)sender; - ServicePoint sp = Request.ServicePoint; - - // We don't case about encryption, get out of here - if (Request.Headers.Get("NoVerifyCert") != null) - { - return true; - } - - // If there was an upstream cert verification error, bail - if ((((int)sslPolicyErrors) & ~4) != 0) - return false; - - // Check for policy and execute it if defined -#pragma warning disable 0618 - if (ServicePointManager.CertificatePolicy != null) - { - return ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, Request, 0); - } -#pragma warning restore 0618 - - return true; - } - - // If it's not HTTP, trust .NET to check it - if ((((int)sslPolicyErrors) & ~4) != 0) - return false; - - return true; - } #region IHttpRequestModule Members public UUID MakeHttpRequest(string url, string parameters, string body) @@ -522,6 +481,47 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest return null; } + public static bool ValidateServerCertificate( + object sender, + X509Certificate certificate, + X509Chain chain, + SslPolicyErrors sslPolicyErrors) + { + // If this is a web request we need to check the headers first + // We may want to ignore SSL + if (sender is HttpWebRequest) + { + HttpWebRequest Request = (HttpWebRequest)sender; + ServicePoint sp = Request.ServicePoint; + + // We don't case about encryption, get out of here + if (Request.Headers.Get("NoVerifyCert") != null) + { + return true; + } + + // If there was an upstream cert verification error, bail + if ((((int)sslPolicyErrors) & ~4) != 0) + return false; + + // Check for policy and execute it if defined +#pragma warning disable 0618 + if (ServicePointManager.CertificatePolicy != null) + { + return ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, Request, 0); + } +#pragma warning restore 0618 + + return true; + } + + // If it's not HTTP, trust .NET to check it + if ((((int)sslPolicyErrors) & ~4) != 0) + return false; + + return true; + } + /* * TODO: More work on the response codes. Right now * returning 200 for success or 499 for exception @@ -538,6 +538,8 @@ namespace OpenSim.Region.CoreModules.Scripting.HttpRequest try { Request = (HttpWebRequest)WebRequest.Create(Url); + Request.ServerCertificateValidationCallback = ValidateServerCertificate; + Request.AllowAutoRedirect = false; Request.KeepAlive = false;