SL-12422 Clear cert cache to enshure there is no carry-over between failed logins

0d324bb2 · Andrey Kleshchev · 83127d22 · 0d324bb2 · 0d324bb2 · 0d324bb2
Commit 0d324bb2 authored 4 years ago by Andrey Kleshchev
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -264,7 +264,9 @@ class LLCertificateStore : virtual public LLCertificateVector
 	virtual void validate(int validation_policy,
 						  LLPointer<LLCertificateChain> cert_chain,
 						  const LLSD& validation_params) =0;
-	
+
+    // Clear cache if any
+    virtual void clearSertCache()=0;
 };



--- a/indra/newview/llsechandler_basic.h
+++ b/indra/newview/llsechandler_basic.h
@@ -177,7 +177,10 @@ class LLBasicCertificateStore : virtual public LLBasicCertificateVector, public
 	virtual void validate(int validation_policy,
 						  LLPointer<LLCertificateChain> ca_chain,
 						  const LLSD& validation_params);
-	
+
+	// Clears cache of certs validated agains store
+	virtual void clearSertCache() { mTrustedCertCache.clear(); }
+
 protected:
 	std::vector<LLPointer<LLCertificate> >            mCerts;
 	

--- a/indra/newview/llstartup.cpp
+++ b/indra/newview/llstartup.cpp
@@ -2824,6 +2824,11 @@ void reset_login()
 	// Hide any other stuff
 	LLFloaterReg::hideVisibleInstances();
    LLStartUp::setStartupState( STATE_BROWSER_INIT );
+
+    // Clear any verified certs and verify them again on next login
+    // to ensure cert matches server instead of just getting reused
+    LLPointer<LLCertificateStore> store = gSecAPIHandler->getCertificateStore("");
+    store->clearSertCache();
 }

 //---------------------------------------------------------------------------