aboutsummaryrefslogtreecommitdiff
path: root/src/rpc/core_rpc_server.cpp
diff options
context:
space:
mode:
authorLee Clagett <code@leeclagett.com>2019-05-22 00:09:11 -0400
committerLee Clagett <code@leeclagett.com>2019-05-22 00:09:11 -0400
commit3544596f9fd0a260c3a1a9b75432234f93f78cb7 (patch)
tree1e961af0bae06e17e45b80b23352d836944ba3a4 /src/rpc/core_rpc_server.cpp
parentFix configuration bug; wallet2 --daemon-ssl-allow-any-cert now works. (diff)
downloadmonero-3544596f9fd0a260c3a1a9b75432234f93f78cb7.tar.xz
Add ssl_options support to monerod's rpc mode.
Diffstat (limited to 'src/rpc/core_rpc_server.cpp')
-rw-r--r--src/rpc/core_rpc_server.cpp83
1 files changed, 3 insertions, 80 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index 5777370fc..5ca5f3fe7 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -90,15 +90,9 @@ namespace cryptonote
command_line::add_arg(desc, arg_rpc_bind_port);
command_line::add_arg(desc, arg_rpc_restricted_bind_port);
command_line::add_arg(desc, arg_restricted_rpc);
- command_line::add_arg(desc, arg_rpc_ssl);
- command_line::add_arg(desc, arg_rpc_ssl_private_key);
- command_line::add_arg(desc, arg_rpc_ssl_certificate);
- command_line::add_arg(desc, arg_rpc_ssl_ca_certificates);
- command_line::add_arg(desc, arg_rpc_ssl_allowed_fingerprints);
- command_line::add_arg(desc, arg_rpc_ssl_allow_any_cert);
command_line::add_arg(desc, arg_bootstrap_daemon_address);
command_line::add_arg(desc, arg_bootstrap_daemon_login);
- cryptonote::rpc_args::init_options(desc);
+ cryptonote::rpc_args::init_options(desc, true);
}
//------------------------------------------------------------------------------------------------------------------------------
core_rpc_server::core_rpc_server(
@@ -118,7 +112,7 @@ namespace cryptonote
m_restricted = restricted;
m_net_server.set_threads_prefix("RPC");
- auto rpc_config = cryptonote::rpc_args::process(vm);
+ auto rpc_config = cryptonote::rpc_args::process(vm, true);
if (!rpc_config)
return false;
@@ -151,46 +145,9 @@ namespace cryptonote
if (rpc_config->login)
http_login.emplace(std::move(rpc_config->login->username), std::move(rpc_config->login->password).password());
- epee::net_utils::ssl_options_t ssl_options = epee::net_utils::ssl_support_t::e_ssl_support_autodetect;
- if (command_line::get_arg(vm, arg_rpc_ssl_allow_any_cert))
- ssl_options.verification = epee::net_utils::ssl_verification_t::none;
- else
- {
- std::string ssl_ca_path = command_line::get_arg(vm, arg_rpc_ssl_ca_certificates);
- const std::vector<std::string> ssl_allowed_fingerprint_strings = command_line::get_arg(vm, arg_rpc_ssl_allowed_fingerprints);
- std::vector<std::vector<uint8_t>> ssl_allowed_fingerprints{ ssl_allowed_fingerprint_strings.size() };
- std::transform(ssl_allowed_fingerprint_strings.begin(), ssl_allowed_fingerprint_strings.end(), ssl_allowed_fingerprints.begin(), epee::from_hex::vector);
- for (const auto &fpr: ssl_allowed_fingerprints)
- {
- if (fpr.size() != SSL_FINGERPRINT_SIZE)
- {
- MERROR("SHA-256 fingerprint should be " BOOST_PP_STRINGIZE(SSL_FINGERPRINT_SIZE) " bytes long.");
- return false;
- }
- }
-
- if (!ssl_ca_path.empty() || !ssl_allowed_fingerprints.empty())
- ssl_options = epee::net_utils::ssl_options_t{std::move(ssl_allowed_fingerprints), std::move(ssl_ca_path)};
- }
-
- ssl_options.auth = epee::net_utils::ssl_authentication_t{
- command_line::get_arg(vm, arg_rpc_ssl_private_key), command_line::get_arg(vm, arg_rpc_ssl_certificate)
- };
-
- // user specified CA file or fingeprints implies enabled SSL by default
- if (ssl_options.verification != epee::net_utils::ssl_verification_t::user_certificates || !command_line::is_arg_defaulted(vm, arg_rpc_ssl))
- {
- const std::string ssl = command_line::get_arg(vm, arg_rpc_ssl);
- if (!epee::net_utils::ssl_support_from_string(ssl_options.support, ssl))
- {
- MFATAL("Invalid RPC SSL support: " << ssl);
- return false;
- }
- }
-
auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); };
return epee::http_server_impl_base<core_rpc_server, connection_context>::init(
- rng, std::move(port), std::move(rpc_config->bind_ip), std::move(rpc_config->access_control_origins), std::move(http_login), std::move(ssl_options)
+ rng, std::move(port), std::move(rpc_config->bind_ip), std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options)
);
}
//------------------------------------------------------------------------------------------------------------------------------
@@ -2439,40 +2396,6 @@ namespace cryptonote
, false
};
- const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_ssl = {
- "rpc-ssl"
- , "Enable SSL on RPC connections: enabled|disabled|autodetect"
- , "autodetect"
- };
-
- const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_ssl_private_key = {
- "rpc-ssl-private-key"
- , "Path to a PEM format private key"
- , ""
- };
-
- const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_ssl_certificate = {
- "rpc-ssl-certificate"
- , "Path to a PEM format certificate"
- , ""
- };
-
- const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_ssl_ca_certificates = {
- "rpc-ssl-ca-certificates"
- , "Path to file containing concatenated PEM format certificate(s) to replace system CA(s)."
- };
-
- const command_line::arg_descriptor<std::vector<std::string>> core_rpc_server::arg_rpc_ssl_allowed_fingerprints = {
- "rpc-ssl-allowed-fingerprints"
- , "List of certificate fingerprints to allow"
- };
-
- const command_line::arg_descriptor<bool> core_rpc_server::arg_rpc_ssl_allow_any_cert = {
- "rpc-ssl-allow-any-cert"
- , "Allow any peer certificate"
- , false
- };
-
const command_line::arg_descriptor<std::string> core_rpc_server::arg_bootstrap_daemon_address = {
"bootstrap-daemon-address"
, "URL of a 'bootstrap' remote daemon that the connected wallets can use while this daemon is still not fully synced"