Commit graph

160 commits

Author SHA1 Message Date
Lee Clagett
a3b0284837 Change SSL certificate file list to OpenSSL builtin load_verify_location
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.

This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
Riccardo Spagni
17fefb8786
Merge pull request #5358
dffdccdc No longer use deprecated RSA_generate_key in favor of RSA_generate_key_ex (Martijn Otto)
2019-04-06 16:02:31 +02:00
Riccardo Spagni
1ed6441925
Merge pull request #5327
c23ea796 New interactive daemon command 'print_net_stats': Global traffic stats (rbrunner7)
2019-04-01 17:32:01 +02:00
Martijn Otto
dffdccdc9e
No longer use deprecated RSA_generate_key in favor of
RSA_generate_key_ex
2019-03-27 13:23:30 +01:00
Lee Clagett
7acfa9f3cc Added socks proxy (tor/i2pd/kovri) support to wallet 2019-03-25 01:35:13 +00:00
rbrunner7
c23ea7962d New interactive daemon command 'print_net_stats': Global traffic stats 2019-03-24 16:58:57 +01:00
Riccardo Spagni
5259dd7a14
Merge pull request #5259
9141a0a1 connection_basic: remove debug exception ^_^ (moneromooo-monero)
2019-03-21 14:49:09 +02:00
moneromooo-monero
17769db946
epee: fix build with boost 1.70.0
get_io_service was deprecated, and got removed
2019-03-21 11:02:02 +00:00
Riccardo Spagni
4c91eb23a0
Merge pull request #5061
1f2930ce Update 2019 copyright (binaryFate)
2019-03-17 17:49:30 +02:00
Dusan Klinec
bb8eab24da
epee: certificate generation fix, pkey deleted
- pkey gets deleted by the pkey_deleter but the caller tries to serialize it which causes errors as the memory is freed
2019-03-10 20:09:51 +01:00
moneromooo-monero
9141a0a1ef
connection_basic: remove debug exception ^_^ 2019-03-08 20:13:51 +00:00
Howard Chu
b8c2e21cba
Fix startup errors with SSL cert generation
Use SSL API directly, skip boost layer
2019-03-08 15:15:24 +00:00
binaryFate
1f2930ce0b Update 2019 copyright 2019-03-05 22:05:34 +01:00
Martijn Otto
057c279cb4
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-03-05 14:16:08 +01:00
Riccardo Spagni
722a856d7e
Merge pull request #5096
7c3ade44 network_throttle: use circular_buffer where appropriate (moneromooo-monero)
2019-03-04 21:21:25 +02:00
moneromooo-monero
2456945408
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-02-02 20:05:33 +00:00
moneromooo-monero
7c3ade4410
network_throttle: use circular_buffer where appropriate 2019-02-01 21:33:13 +00:00
Lee Clagett
973403bc9f Adding initial support for broadcasting transactions over Tor
- Support for ".onion" in --add-exclusive-node and --add-peer
  - Add --anonymizing-proxy for outbound Tor connections
  - Add --anonymous-inbounds for inbound Tor connections
  - Support for sharing ".onion" addresses over Tor connections
  - Support for broadcasting transactions received over RPC exclusively
    over Tor (else broadcast over public IP when Tor not enabled).
2019-01-28 23:56:33 +00:00
Jethro Grassie
ca86ef1beb
readline: don't dereference possible NULL pointer 2019-01-21 01:57:14 -05:00
Riccardo Spagni
3e9bb9626a
Merge pull request #5001
a5ffc2d5 Remove boost::lexical_cast for uuid and unused uuid function (Lee Clagett)
2019-01-16 19:27:13 +02:00
Riccardo Spagni
846362842c
Merge pull request #4976
85665003 epee: better network buffer data structure (moneromooo-monero)
2019-01-16 19:04:22 +02:00
Riccardo Spagni
e723eb960d
Merge pull request #4951
b21a60ef mlocker: set default log category (moneromooo-monero)
2019-01-06 20:38:33 +02:00
luigi1111
53760ee044
Merge pull request #4957
0e2f5cb perf_timer: make all logs Info level (moneromooo-monero)
2018-12-31 16:30:47 -06:00
moneromooo-monero
85665003a7
epee: better network buffer data structure
avoids pointless allocs and memcpy
2018-12-23 16:46:07 +00:00
Lee Clagett
a5ffc2d5ad Remove boost::lexical_cast for uuid and unused uuid function 2018-12-23 11:11:30 +00:00
Riccardo Spagni
5e9225e637
Merge pull request #4925
ab783b17 easylogging++: ensure logger is initialized before main (moneromooo-monero)
9b69a0ae daemon: print monero version at startup when calling a detached daemon (moneromooo-monero)
4d71d463 mlocker: remove early page size log (moneromooo-monero)
2018-12-12 12:01:18 +02:00
moneromooo-monero
0e2f5cb5fc
perf_timer: make all logs Info level
and make them not default at log level 1
2018-12-08 10:53:09 +00:00
moneromooo-monero
b21a60efd9
mlocker: set default log category 2018-12-07 13:13:24 +00:00
Riccardo Spagni
16dc6900fb
Merge pull request #4883
40485a73 mlocker: fix access to global lock map after dtor on exit (moneromooo-monero)
2018-12-04 17:30:46 +02:00
Riccardo Spagni
d4a0fb2b89
Merge pull request #4880
96e6b439 blockchain_stats: don't use gmtime_r on Windows (moneromooo-monero)
2018-12-04 17:29:46 +02:00
Riccardo Spagni
3d745573d7
Merge pull request #4876
1132436f Only show a single mlock() error, to avoid flooding the log (Martijn Otto)
2018-12-04 17:16:29 +02:00
Riccardo Spagni
f6e8ab0dc6
Merge pull request #4875
23829ebb mlocker: don't throw from lock/unlock (moneromooo-monero)
2018-12-04 17:15:07 +02:00
Riccardo Spagni
c00ac446fd
Merge pull request #4854
bd98e99c Removed a lot of unnecessary includes (Martijn Otto)
2018-12-04 17:08:42 +02:00
Riccardo Spagni
398f7076bb
Merge pull request #4853
2b3595d0 various: do not propagate exception through dtor (moneromooo-monero)
2018-12-04 17:07:51 +02:00
moneromooo-monero
4d71d46373
mlocker: remove early page size log
It comes before the logger is initialized, so gets displayed
even though it should not be by default, and apparenly comes
too early for (some versions of) Android, where it crashes.
2018-11-30 16:52:50 +00:00
Martijn Otto
1132436f97
Only show a single mlock() error, to avoid flooding the log 2018-11-26 09:37:07 +01:00
moneromooo-monero
40485a73b6
mlocker: fix access to global lock map after dtor on exit
as the lock, it now leaks
2018-11-22 01:43:42 +00:00
moneromooo-monero
96e6b43970
blockchain_stats: don't use gmtime_r on Windows
In some cases, it doesn't like it (I don't know the details).

Factor into a new epee function
2018-11-21 00:50:53 +00:00
moneromooo-monero
23829ebb09
mlocker: don't throw from lock/unlock
This prevents exceptions from showing up in various awkward
places such as dtors, since the only exception that can be
thrown is a lock failure, and nothing handles a lock failure
anyway.
2018-11-20 15:26:00 +00:00
Riccardo Spagni
42dbb3aa1b
Merge pull request #4785
0cfd2ae5 mlocker: fix dtor ordering problem (moneromooo-monero)
2018-11-16 11:06:09 +02:00
Martijn Otto
bd98e99c80
Removed a lot of unnecessary includes 2018-11-15 17:29:34 +01:00
moneromooo-monero
2b3595d0fe
various: do not propagate exception through dtor
Coverity 189689, 189690, 189692, 189695
2018-11-15 15:53:21 +00:00
moneromooo-monero
0cfd2ae5e7
mlocker: fix dtor ordering problem
leak the mutex instead, it's a one off
2018-11-02 12:59:43 +00:00
moneromooo-monero
2362baf735
network_throttle: initialize m_last_sample_time in ctor
Coverity 136593
2018-10-29 16:23:14 +00:00
Riccardo Spagni
442c58e994
Merge pull request #4573
8f3c7937 readline_buffer: fix "cursor in prompt" bug (moneromooo-monero)
2018-10-26 22:34:04 +02:00
Riccardo Spagni
6ef07b10b9
Merge pull request #4520
2e2daebc ANSI colors in Windows 10 (iDunk5400)
2018-10-20 20:34:47 +02:00
moneromooo-monero
8f3c793749
readline_buffer: fix "cursor in prompt" bug
It happens when readline displays a prompt just before switching
to a shorter one
2018-10-12 21:03:59 +00:00
iDunk5400
2e2daebcc9
ANSI colors in Windows 10 2018-10-08 14:56:16 +02:00
moneromooo-monero
00901e9c93
epee: initialize a few data members where it seems to be appropriate 2018-10-02 17:28:50 +00:00
moneromooo-monero
758d768486
connection_basic: remove unused floating time start time 2018-10-02 17:28:46 +00:00