From 07358a4f7ec8bf15cda70d70b44a8d6b375f97f0 Mon Sep 17 00:00:00 2001
From: Rye Mutt <rye@alchemyviewer.org>
Date: Mon, 17 Jan 2022 04:12:38 -0500
Subject: [PATCH] Update curl to 7.81.0 and openssl to 3.0.1, disable
httppipelining for stability
---
autobuild.xml | 34 +++++++++++++--------------
indra/cmake/00-Common.cmake | 2 +-
indra/cmake/CURL.cmake | 6 +++--
indra/cmake/OpenSSL.cmake | 2 +-
indra/llcorehttp/_httplibcurl.cpp | 7 ++----
indra/llcorehttp/_httpoprequest.cpp | 19 ++++++---------
indra/llcorehttp/httpcommon.cpp | 7 ++++--
indra/llcorehttp/httpstats.cpp | 4 ++--
indra/newview/llappcorehttp.cpp | 20 +++++++++-------
indra/newview/llxmlrpclistener.cpp | 3 +--
indra/newview/llxmlrpctransaction.cpp | 3 +--
11 files changed, 53 insertions(+), 54 deletions(-)
diff --git a/autobuild.xml b/autobuild.xml
index 870dcb1f855..6fecd5e336e 100644
--- a/autobuild.xml
+++ b/autobuild.xml
@@ -338,11 +338,11 @@
<key>archive</key>
<map>
<key>hash</key>
- <string>142df301583d8f0b1868dc86508b38ab122bbaacfad03f97fb6fdca562064fd4970d4aed1a1a4d09fc83210678af273bc2e4c0d71518b8fe60876df72cc9cde7</string>
+ <string>f8146bb5c8ed17867dec424bc8af4f11f245f86899525324c05b27e774a8def44424dbf19c0001e0f2275e8f46bf9e28bb6cc0ac8cc0e06444c6b69f8e34b144</string>
<key>hash_algorithm</key>
<string>blake2b</string>
<key>url</key>
- <string>https://git.alchemyviewer.org/api/v4/projects/89/packages/generic/curl/7.54.1.1354/curl-7.54.1-darwin64-1354.tar.zst</string>
+ <string>https://git.alchemyviewer.org/api/v4/projects/89/packages/generic/curl/7.81.0.1366/curl-7.81.0-darwin64-1366.tar.zst</string>
</map>
<key>name</key>
<string>darwin64</string>
@@ -352,11 +352,11 @@
<key>archive</key>
<map>
<key>hash</key>
- <string>ad535a9686ff1cc84a5a0a0a3d4231569a4244bec74e2ff9f35750bc03088fdb999baa54b01d5619fb98720b6e73804e39e641ae65107df36fb21794c3f61cfc</string>
+ <string>8ddf37d9862ada64b70b6e2da7be9cc47de11913aeae7f9bfacb67da5cd97aff031351c82c7d8a32f6fa0cf5380e4615e3845498a0faa8877948b86f4998d05c</string>
<key>hash_algorithm</key>
<string>blake2b</string>
<key>url</key>
- <string>https://git.alchemyviewer.org/api/v4/projects/89/packages/generic/curl/7.54.1.1354/curl-7.54.1-linux64-1354.tar.zst</string>
+ <string>https://git.alchemyviewer.org/api/v4/projects/89/packages/generic/curl/7.81.0.1366/curl-7.81.0-linux64-1366.tar.zst</string>
</map>
<key>name</key>
<string>linux64</string>
@@ -366,18 +366,18 @@
<key>archive</key>
<map>
<key>hash</key>
- <string>f30970375873ac2902502860b34f79986c25028a3548652c05a5c3fde1413c98d49e7caa69c6f9af82861edb4667b32fe29f0054452c1389cfa0d0ff1c42563c</string>
+ <string>3c4a83ab006ef466b7cdba6246f7c60bdf34e0fc13d45f6318ec25b35a77e988d617336a0b833f29b7b4996ae5c9be6c63d2cd647b6a8813f45ab55a4b1f2679</string>
<key>hash_algorithm</key>
<string>blake2b</string>
<key>url</key>
- <string>https://git.alchemyviewer.org/api/v4/projects/89/packages/generic/curl/7.54.1.1354/curl-7.54.1-windows64-1354.tar.zst</string>
+ <string>https://git.alchemyviewer.org/api/v4/projects/89/packages/generic/curl/7.81.0.1366/curl-7.81.0-windows64-1366.tar.zst</string>
</map>
<key>name</key>
<string>windows64</string>
</map>
</map>
<key>version</key>
- <string>7.54.1</string>
+ <string>7.81.0</string>
</map>
<key>dbus_glib</key>
<map>
@@ -1291,18 +1291,18 @@
<key>archive</key>
<map>
<key>hash</key>
- <string>e6e6b97c73ea91ebe2125b67422de71854582f793915d8bbd7cb23fc502b2ca6f7008498edb10ce69b1cfb315c881be3db511cb7338b0882cc044b064eafbab3</string>
+ <string>d948a773f88c617b315f2a6622464865fa9c7d7cdca223dc9d8ff497b44d265a5ea2de3204fecfcacc728bf64c7d1be365ffdbf861e864cf55c6b1eb062bb790</string>
<key>hash_algorithm</key>
<string>blake2b</string>
<key>url</key>
- <string>https://git.alchemyviewer.org/api/v4/projects/125/packages/generic/llca/2021.1216.2157.1317/llca-2021.1216.2157-common-1317.tar.zst</string>
+ <string>https://git.alchemyviewer.org/api/v4/projects/125/packages/generic/llca/2022.0116.1922.1361/llca-2022.0116.1922-common-1361.tar.zst</string>
</map>
<key>name</key>
<string>common</string>
</map>
</map>
<key>version</key>
- <string>2021.1216.2157</string>
+ <string>2022.0116.1922</string>
</map>
<key>llphysicsextensions_stub</key>
<map>
@@ -1782,11 +1782,11 @@ Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors</string>
<key>archive</key>
<map>
<key>hash</key>
- <string>33e944c0ba597c9d2b32ac33f2c25f7121e1f8596520ea0879f3d4bf6b1db5e588b283d884dd3bcc7829ad15e85c26ee55571a69267aedcfa0fda08789e6d71d</string>
+ <string>f1ee540c8988ff06618bea0acab2c803fa6841fa3d32b02cf5bbd6e16ba5a3882d8ff796bdf72ba6ddd3f41a5ee1672083869bed8e6429b43b324068339fd756</string>
<key>hash_algorithm</key>
<string>blake2b</string>
<key>url</key>
- <string>https://git.alchemyviewer.org/api/v4/projects/90/packages/generic/openssl/1.1.1m.1348/openssl-1.1.1m-darwin64-1348.tar.zst</string>
+ <string>https://git.alchemyviewer.org/api/v4/projects/90/packages/generic/openssl/3.0.1.1365/openssl-3.0.1-darwin64-1365.tar.zst</string>
</map>
<key>name</key>
<string>darwin64</string>
@@ -1796,11 +1796,11 @@ Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors</string>
<key>archive</key>
<map>
<key>hash</key>
- <string>cdb9a841e85d2bed15e582a9ad9189b01e65add7148ea7b7d9f40ef16b8ce4551e7ac0260ac5e19ad27b64996a83c7097ac4d43c5c8ed68867a868b06fc31b41</string>
+ <string>a0e53a93fa889d1c7b9cc9bae00984c61c3540437696a5580ee548a1d70cd69ead1982017fbe4d58809a0371a69d15c384adb436e6c4264aaf516e0b85577308</string>
<key>hash_algorithm</key>
<string>blake2b</string>
<key>url</key>
- <string>https://git.alchemyviewer.org/api/v4/projects/90/packages/generic/openssl/1.1.1m.1348/openssl-1.1.1m-linux64-1348.tar.zst</string>
+ <string>https://git.alchemyviewer.org/api/v4/projects/90/packages/generic/openssl/3.0.1.1365/openssl-3.0.1-linux64-1365.tar.zst</string>
</map>
<key>name</key>
<string>linux64</string>
@@ -1810,18 +1810,18 @@ Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors</string>
<key>archive</key>
<map>
<key>hash</key>
- <string>6dfcc53bb1c8af5dd700939815d03ae1c33d272dde14a4f38c57dc1283339151069ead19442e174c0f775fc152ea78eafe81d11d2625c3d37a24cd530ee1debd</string>
+ <string>9b2abdfb2a66d681653bb3416de8545e28a434d41f7bf429c6cb1910a6d82a91823df66b9f1be9a919b5fd37b5abb67dcbdc225a18d2c34133c35da3c2622948</string>
<key>hash_algorithm</key>
<string>blake2b</string>
<key>url</key>
- <string>https://git.alchemyviewer.org/api/v4/projects/90/packages/generic/openssl/1.1.1m.1348/openssl-1.1.1m-windows64-1348.tar.zst</string>
+ <string>https://git.alchemyviewer.org/api/v4/projects/90/packages/generic/openssl/3.0.1.1365/openssl-3.0.1-windows64-1365.tar.zst</string>
</map>
<key>name</key>
<string>windows64</string>
</map>
</map>
<key>version</key>
- <string>1.1.1m</string>
+ <string>3.0.1</string>
</map>
<key>sentry</key>
<map>
diff --git a/indra/cmake/00-Common.cmake b/indra/cmake/00-Common.cmake
index 69bf984ecd5..1e6ce33b8fe 100644
--- a/indra/cmake/00-Common.cmake
+++ b/indra/cmake/00-Common.cmake
@@ -336,7 +336,7 @@ endif (LINUX OR DARWIN)
add_definitions(-DBOOST_BIND_GLOBAL_PLACEHOLDERS)
-add_definitions(-DOPENSSL_API_COMPAT=0x10100000L)
+add_definitions(-DOPENSSL_API_COMPAT=0x30000000L)
if (USESYSTEMLIBS)
add_definitions(-DLL_USESYSTEMLIBS=1)
diff --git a/indra/cmake/CURL.cmake b/indra/cmake/CURL.cmake
index 990d8b0c55d..2f430d7e430 100644
--- a/indra/cmake/CURL.cmake
+++ b/indra/cmake/CURL.cmake
@@ -11,8 +11,10 @@ else (USESYSTEMLIBS)
use_prebuilt_binary(curl)
if (WINDOWS)
set(CURL_LIBRARIES
- debug ${ARCH_PREBUILT_DIRS_DEBUG}/libcurld.lib
- optimized ${ARCH_PREBUILT_DIRS_RELEASE}/libcurl.lib)
+ debug ${ARCH_PREBUILT_DIRS_DEBUG}/libcurld.lib
+ optimized ${ARCH_PREBUILT_DIRS_RELEASE}/libcurl.lib
+ Normaliz.lib
+ )
else (WINDOWS)
set(CURL_LIBRARIES libcurl.a)
endif (WINDOWS)
diff --git a/indra/cmake/OpenSSL.cmake b/indra/cmake/OpenSSL.cmake
index ef97bcdc147..b7c6c5b8c6d 100644
--- a/indra/cmake/OpenSSL.cmake
+++ b/indra/cmake/OpenSSL.cmake
@@ -16,7 +16,7 @@ else (USESYSTEMLIBS)
set(CRYPTO_LIBRARY
debug ${ARCH_PREBUILT_DIRS_DEBUG}/libcrypto.lib
optimized ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto.lib)
- set(OPENSSL_LIBRARIES ${SSL_LIBRARY} ${CRYPTO_LIBRARY})
+ set(OPENSSL_LIBRARIES ${SSL_LIBRARY} ${CRYPTO_LIBRARY} Crypt32.lib)
else (WINDOWS)
set(OPENSSL_LIBRARIES ssl crypto)
endif (WINDOWS)
diff --git a/indra/llcorehttp/_httplibcurl.cpp b/indra/llcorehttp/_httplibcurl.cpp
index 45df2e7cf91..e0182eb93f1 100644
--- a/indra/llcorehttp/_httplibcurl.cpp
+++ b/indra/llcorehttp/_httplibcurl.cpp
@@ -481,10 +481,7 @@ void HttpLibcurl::policyUpdated(int policy_class)
// We'll try to do pipelining on this multihandle
check_curl_multi_setopt(multi_handle,
CURLMOPT_PIPELINING,
- 1L);
- check_curl_multi_setopt(multi_handle,
- CURLMOPT_MAX_PIPELINE_LENGTH,
- long(options.mPipelining));
+ CURLPIPE_MULTIPLEX);
check_curl_multi_setopt(multi_handle,
CURLMOPT_MAX_HOST_CONNECTIONS,
long(options.mPerHostConnectionLimit));
@@ -496,7 +493,7 @@ void HttpLibcurl::policyUpdated(int policy_class)
{
check_curl_multi_setopt(multi_handle,
CURLMOPT_PIPELINING,
- 0L);
+ CURLPIPE_NOTHING);
check_curl_multi_setopt(multi_handle,
CURLMOPT_MAX_HOST_CONNECTIONS,
0L);
diff --git a/indra/llcorehttp/_httpoprequest.cpp b/indra/llcorehttp/_httpoprequest.cpp
index 76852a18bbf..dab6df0d521 100644
--- a/indra/llcorehttp/_httpoprequest.cpp
+++ b/indra/llcorehttp/_httpoprequest.cpp
@@ -504,12 +504,14 @@ HttpStatus HttpOpRequest::prepareRequest(HttpService * service)
return HttpStatus(HttpStatus::LLCORE, HE_BAD_ALLOC);
}
+ check_curl_easy_setopt(mCurlHandle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
+
check_curl_easy_setopt(mCurlHandle, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
check_curl_easy_setopt(mCurlHandle, CURLOPT_NOSIGNAL, 1);
check_curl_easy_setopt(mCurlHandle, CURLOPT_NOPROGRESS, 1);
check_curl_easy_setopt(mCurlHandle, CURLOPT_URL, mReqURL.c_str());
check_curl_easy_setopt(mCurlHandle, CURLOPT_PRIVATE, getHandle());
- check_curl_easy_setopt(mCurlHandle, CURLOPT_ACCEPT_ENCODING, "");
+ //check_curl_easy_setopt(mCurlHandle, CURLOPT_ACCEPT_ENCODING, "gzip,deflate");
check_curl_easy_setopt(mCurlHandle, CURLOPT_AUTOREFERER, 1);
check_curl_easy_setopt(mCurlHandle, CURLOPT_MAXREDIRS, HTTP_REDIRECTS_DEFAULT);
@@ -573,18 +575,18 @@ HttpStatus HttpOpRequest::prepareRequest(HttpService * service)
LLProxy::applyProxySettings(mCurlHandle);
}
- else if (gpolicy.mHttpProxy.size())
+ else if (!gpolicy.mHttpProxy.empty())
{
// *TODO: This is fine for now but get fuller socks5/
// authentication thing going later....
check_curl_easy_setopt(mCurlHandle, CURLOPT_PROXY, gpolicy.mHttpProxy.c_str());
check_curl_easy_setopt(mCurlHandle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
}
- if (gpolicy.mCAPath.size())
+ if (!gpolicy.mCAPath.empty())
{
check_curl_easy_setopt(mCurlHandle, CURLOPT_CAPATH, gpolicy.mCAPath.c_str());
}
- if (gpolicy.mCAFile.size())
+ if (!gpolicy.mCAFile.empty())
{
check_curl_easy_setopt(mCurlHandle, CURLOPT_CAINFO, gpolicy.mCAFile.c_str());
}
@@ -599,7 +601,7 @@ HttpStatus HttpOpRequest::prepareRequest(HttpService * service)
case HOR_POST:
{
check_curl_easy_setopt(mCurlHandle, CURLOPT_POST, 1);
- check_curl_easy_setopt(mCurlHandle, CURLOPT_ACCEPT_ENCODING, "");
+
long data_size(0);
if (mReqBody)
{
@@ -739,13 +741,6 @@ HttpStatus HttpOpRequest::prepareRequest(HttpService * service)
//
// xfer_timeout *= cpolicy.mPipelining;
xfer_timeout *= 2L;
-
- // Also try requesting HTTP/2.
-/******************************/
- // but for test purposes, only if overriding VIEWERASSET
- if (getenv("VIEWERASSET"))
-/******************************/
- check_curl_easy_setopt(mCurlHandle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
}
// *DEBUG: Enable following override for timeout handling and "[curl:bugs] #1420" tests
//if (cpolicy.mPipelining)
diff --git a/indra/llcorehttp/httpcommon.cpp b/indra/llcorehttp/httpcommon.cpp
index 1e4e2267174..eacd636b602 100644
--- a/indra/llcorehttp/httpcommon.cpp
+++ b/indra/llcorehttp/httpcommon.cpp
@@ -284,8 +284,8 @@ CURL *getCurlTemplateHandle()
check_curl_code(result, CURLOPT_NOSIGNAL);
result = curl_easy_setopt(curlpTemplateHandle, CURLOPT_NOPROGRESS, 1);
check_curl_code(result, CURLOPT_NOPROGRESS);
- result = curl_easy_setopt(curlpTemplateHandle, CURLOPT_ACCEPT_ENCODING, "");
- check_curl_code(result, CURLOPT_ACCEPT_ENCODING);
+ //result = curl_easy_setopt(curlpTemplateHandle, CURLOPT_ACCEPT_ENCODING, "gzip,deflate");
+ //check_curl_code(result, CURLOPT_ACCEPT_ENCODING);
result = curl_easy_setopt(curlpTemplateHandle, CURLOPT_AUTOREFERER, 1);
check_curl_code(result, CURLOPT_AUTOREFERER);
result = curl_easy_setopt(curlpTemplateHandle, CURLOPT_FOLLOWLOCATION, 1);
@@ -303,6 +303,9 @@ CURL *getCurlTemplateHandle()
// seconds and no RSTs.
result = curl_easy_setopt(curlpTemplateHandle, CURLOPT_DNS_CACHE_TIMEOUT, 60); // Refetch dns after 60 seconds
check_curl_code(result, CURLOPT_DNS_CACHE_TIMEOUT);
+
+ result = curl_easy_setopt(curlpTemplateHandle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
+ check_curl_code(result, CURLOPT_HTTP_VERSION);
}
}
diff --git a/indra/llcorehttp/httpstats.cpp b/indra/llcorehttp/httpstats.cpp
index fc81db92b44..1cd0cda4beb 100644
--- a/indra/llcorehttp/httpstats.cpp
+++ b/indra/llcorehttp/httpstats.cpp
@@ -66,9 +66,9 @@ namespace
F32 value = bytes;
int suffix = 0;
- while ((value > 1024.0) && (suffix < 3))
+ while ((value > 1024.f) && (suffix < 3))
{
- value /= 1024.0;
+ value /= 1024.f;
++suffix;
}
diff --git a/indra/newview/llappcorehttp.cpp b/indra/newview/llappcorehttp.cpp
index 303174b27ac..21ba5770e32 100644
--- a/indra/newview/llappcorehttp.cpp
+++ b/indra/newview/llappcorehttp.cpp
@@ -69,12 +69,12 @@ static const struct
"other"
},
{ // AP_ASSET
- 8, 1, 16, 0, true,
+ 16, 1, 32, 0, true,
"AssetFetchConcurrency",
"asset fetch"
},
{ // AP_TEXTURE
- 8, 1, 12, 0, true,
+ 16, 1, 32, 0, true,
"TextureFetchConcurrency",
"texture fetch"
},
@@ -84,7 +84,7 @@ static const struct
"mesh fetch"
},
{ // AP_MESH2
- 8, 1, 32, 0, true,
+ 16, 1, 32, 0, true,
"Mesh2MaxConcurrentRequests",
"mesh2 fetch"
},
@@ -277,12 +277,16 @@ void LLAppCoreHttp::init()
}
// Global pipelining setting
- static const std::string http_pipelining("HttpPipelining");
- if (gSavedSettings.controlExists(http_pipelining))
+ //static const std::string http_pipelining("HttpPipelining");
+ //if (gSavedSettings.controlExists(http_pipelining))
+ //{
+ // // Default to true (in ctor) if absent.
+ // mPipelined = gSavedSettings.getBOOL(http_pipelining);
+ // LL_INFOS("Init") << "HTTP Pipelining " << (mPipelined ? "enabled" : "disabled") << "!" << LL_ENDL;
+ //}
+
{
- // Default to true (in ctor) if absent.
- mPipelined = gSavedSettings.getBOOL(http_pipelining);
- LL_INFOS("Init") << "HTTP Pipelining " << (mPipelined ? "enabled" : "disabled") << "!" << LL_ENDL;
+ mPipelined = false;
}
// Register signals for settings and state changes
diff --git a/indra/newview/llxmlrpclistener.cpp b/indra/newview/llxmlrpclistener.cpp
index 964ff7654d6..3755ee2fc2c 100644
--- a/indra/newview/llxmlrpclistener.cpp
+++ b/indra/newview/llxmlrpclistener.cpp
@@ -338,8 +338,7 @@ class Poller
switch (curlcode)
{
- case CURLE_SSL_PEER_CERTIFICATE:
- case CURLE_SSL_CACERT:
+ case CURLE_PEER_FAILED_VERIFICATION:
data["certificate"] = mTransaction->getErrorCertData();
break;
diff --git a/indra/newview/llxmlrpctransaction.cpp b/indra/newview/llxmlrpctransaction.cpp
index 535c5abdee2..af61b8cdf37 100644
--- a/indra/newview/llxmlrpctransaction.cpp
+++ b/indra/newview/llxmlrpctransaction.cpp
@@ -498,11 +498,10 @@ void LLXMLRPCTransaction::Impl::setHttpStatus(const LLCore::HttpStatus &status)
message = LLTrans::getString("couldnt_resolve_host", args);
break;
- case CURLE_SSL_PEER_CERTIFICATE:
+ case CURLE_PEER_FAILED_VERIFICATION:
message = LLTrans::getString("ssl_peer_certificate");
break;
- case CURLE_SSL_CACERT:
case CURLE_SSL_CONNECT_ERROR:
message = LLTrans::getString("ssl_connect_error");
break;
--
GitLab