Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005432opensim[REGION] Script Functionspublic2011-04-07 10:132011-05-13 04:30
ReporterDragonEagle 
Assigned ToBlueWall 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Versionmaster (dev code) 
Target VersionFixed in Versionmaster (dev code) 
Summary0005432: [PATCH] Implement NO_VERIFY_CERT for llHttpRequest
DescriptionPatch to implement NO_VERIFY_CERT option argument for llHttpRequest. Tested and verified to not break existing functionality.
TagsNo tags attached.
Git Revision or version numbermaster
Run ModeStandalone (1 Region) , Standalone (Multiple Regions) , Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
Physics EngineBasicPhysics
EnvironmentMono / Linux64, .NET / Windows64
Mono VersionOther
ViewerFirestorm
Attached Filespatch file icon 0001-Implimented-NO_VERIFY_CERT-for-llHttpRequest.patch [^] (3,649 bytes) 2011-04-07 10:13 [Show Content]
patch file icon 0001-Implimented-HTTP_VERIFY_CERT-for-llHttpRequest.patch [^] (3,746 bytes) 2011-04-08 18:34 [Show Content]

- Relationships

-  Notes
(0018212)
justincc (administrator)
2011-04-08 14:51

Thanks for the patch, DragonEagle. Could we use an entry in WebRequest.Headers and remove it in ValidateServerCertificate() if no validation is required, rather than using ConnectionGroupName?

Also a couple of small textual issues in the patch; at one point a tab is used and in some places there are no spaces between variable and assignment (e.g. public bool VerifyCert=true).

Thanks!
(0018225)
DragonEagle (reporter)
2011-04-08 18:36

This should be better. You can't remove a header after the connection has been opened, but it doesn't seem to matter as long as it's not a reserved header. Sorry about the formatting. I think I got them all. I've been trying to stick to the coding standards, but sometimes my personal formatting creeps in.
(0018248)
justincc (administrator)
2011-04-11 15:31

Committed in git master 464fa45. Thanks DragonEagle.
(0018400)
BlueWall (administrator)
2011-05-12 10:53

This breaks the IPN in the PayPal module with: http://pastebin.com/4A6qKJtB [^]

I have been trying to import certs into mono to fix it, but haven't been able to get it to work. Looking for ideas to get it setup.

Thanks
(0018401)
Snoopy (administrator)
2011-05-12 11:03

BlueWall, I did experience the same that the Mono 2.10.2 certification manager imports certificates, but that it anyway continues to compain about failed certificate validations. I did also experience that with the VirWox OMC module.
(0018402)
BlueWall (administrator)
2011-05-12 13:27

HttpRequestModule.HttpRequestModule() registers a handler for :

ServicePointManager.ServerCertificateValidationCallback +=ValidateServerCertificate;

This is trying to handle validations for all requests in the application. Commenting it out make the PayPal module work fine. Need to dig a little deeper...

DragonEagle, do you have an example that uses this?
(0018403)
Snoopy (administrator)
2011-05-12 14:53

The following code is an error handler for certification validation errors. But in fact certificates should properly be checked and such errors should not be ignored.

        System.Net.ServicePointManager.ServerCertificateValidationCallback +=
            delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
                            System.Security.Cryptography.X509Certificates.X509Chain chain,
                            System.Net.Security.SslPolicyErrors sslPolicyErrors)
            {
                m_log.Error("[MODULE] Certificate Validation Error");
                return true; // **** Always accept
            };
(0018404)
justincc (administrator)
2011-05-12 19:40

This is odd, it should only be bypassing validation if the NoVerifyCert header is set (which is only used because there's no better way to pass that setting around).

As in the bug title, I believe this code is needed to get NO_VERIFY_CERT working for llHttpRequest().
(0018405)
BlueWall (administrator)
2011-05-12 19:52

It is registering the event handler for ServicePointManager.ServerCertificateValidationCallback, so it is getting triggered from other parts of the code - like the PayPal module. I'm not sure if it doesn't have the right context or something. I have installed the certs that should match it. I'm not 100% sure how this should normally work, but, I think some way of handling just the requests generated by the lsl needs to be provided.

I'm still exploring.
(0018406)
DragonEagle (reporter)
2011-05-13 02:02

Typically if an unrecognized header is passed to a HTTP server, it just gets ignored so this shouldn't be an issue
(0018408)
melanie (administrator)
2011-05-13 04:12

I pushed a fix we have done for that. Please test
(0018409)
BlueWall (administrator)
2011-05-13 04:29

Works great, will close again. Thanks

- Issue History
Date Modified Username Field Change
2011-04-07 10:13 DragonEagle New Issue
2011-04-07 10:13 DragonEagle File Added: 0001-Implimented-NO_VERIFY_CERT-for-llHttpRequest.patch
2011-04-07 10:13 DragonEagle Git Revision => master
2011-04-07 10:13 DragonEagle SVN Revision => 0
2011-04-07 10:13 DragonEagle Run Mode => Standalone (1 Region) , Standalone (Multiple Regions) , Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
2011-04-07 10:13 DragonEagle Physics Engine => BasicPhysics
2011-04-07 10:13 DragonEagle Environment => Mono / Linux64, .NET / Windows64
2011-04-07 10:13 DragonEagle Mono Version => Other
2011-04-07 10:13 DragonEagle Viewer => Firestorm
2011-04-07 10:15 DragonEagle Status new => patch included
2011-04-08 14:51 justincc Note Added: 0018212
2011-04-08 14:51 justincc Status patch included => patch feedback
2011-04-08 18:34 DragonEagle File Added: 0001-Implimented-HTTP_VERIFY_CERT-for-llHttpRequest.patch
2011-04-08 18:36 DragonEagle Note Added: 0018225
2011-04-09 14:02 DragonEagle Status patch feedback => patch included
2011-04-11 15:31 justincc Status patch included => closed
2011-04-11 15:31 justincc Note Added: 0018248
2011-04-11 15:31 justincc Resolution open => fixed
2011-05-12 10:53 BlueWall Assigned To => BlueWall
2011-05-12 10:53 BlueWall Status closed => feedback
2011-05-12 10:53 BlueWall Resolution fixed => reopened
2011-05-12 10:53 BlueWall Note Added: 0018400
2011-05-12 11:03 Snoopy Note Added: 0018401
2011-05-12 13:27 BlueWall Note Added: 0018402
2011-05-12 14:53 Snoopy Note Added: 0018403
2011-05-12 19:40 justincc Note Added: 0018404
2011-05-12 19:52 BlueWall Note Added: 0018405
2011-05-13 02:02 DragonEagle Note Added: 0018406
2011-05-13 04:12 melanie Note Added: 0018408
2011-05-13 04:29 BlueWall Note Added: 0018409
2011-05-13 04:30 BlueWall Status feedback => closed
2011-05-13 04:30 BlueWall Resolution reopened => fixed
2011-05-13 04:30 BlueWall Fixed in Version => master (dev code)


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker