diff options
| author | Riccardo Spagni <ric@spagni.net> | 2019-03-05 16:21:30 +0200 |
|---|---|---|
| committer | Riccardo Spagni <ric@spagni.net> | 2019-03-05 16:21:30 +0200 |
| commit | 5bbbe3902b4ee77ca1eb23edc0b5495812353b1f (patch) | |
| tree | 16ab3b2aedec9e6b68ee8254434fbb937ecb37f3 /src/rpc | |
| parent | Merge pull request #5119 (diff) | |
| parent | epee: add SSL support (diff) | |
| download | monero-5bbbe3902b4ee77ca1eb23edc0b5495812353b1f.tar.xz | |
Merge pull request #4852
057c279c epee: add SSL support (Martijn Otto)
Diffstat (limited to 'src/rpc')
| -rw-r--r-- | src/rpc/core_rpc_server.cpp | 12 | ||||
| -rw-r--r-- | src/rpc/core_rpc_server.h | 1 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp index d18774149..fa27c259d 100644 --- a/src/rpc/core_rpc_server.cpp +++ b/src/rpc/core_rpc_server.cpp @@ -80,6 +80,7 @@ namespace cryptonote command_line::add_arg(desc, arg_rpc_ssl_private_key); command_line::add_arg(desc, arg_rpc_ssl_certificate); command_line::add_arg(desc, arg_rpc_ssl_allowed_certificates); + command_line::add_arg(desc, arg_rpc_ssl_allowed_fingerprints); command_line::add_arg(desc, arg_rpc_ssl_allow_any_cert); command_line::add_arg(desc, arg_bootstrap_daemon_address); command_line::add_arg(desc, arg_bootstrap_daemon_login); @@ -156,12 +157,16 @@ namespace cryptonote ssl_allowed_certificates.back() = std::string(); } } + + const std::vector<std::string> ssl_allowed_fingerprint_strings = command_line::get_arg(vm, arg_rpc_ssl_allowed_fingerprints); + std::vector<std::vector<uint8_t>> ssl_allowed_fingerprints{ ssl_allowed_fingerprint_strings.size() }; + std::transform(ssl_allowed_fingerprint_strings.begin(), ssl_allowed_fingerprint_strings.end(), ssl_allowed_fingerprints.begin(), epee::from_hex::vector); const bool ssl_allow_any_cert = command_line::get_arg(vm, arg_rpc_ssl_allow_any_cert); auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); }; return epee::http_server_impl_base<core_rpc_server, connection_context>::init( rng, std::move(port), std::move(rpc_config->bind_ip), std::move(rpc_config->access_control_origins), std::move(http_login), - ssl_support, std::make_pair(ssl_private_key, ssl_certificate), ssl_allowed_certificates, ssl_allow_any_cert + ssl_support, std::make_pair(ssl_private_key, ssl_certificate), std::move(ssl_allowed_certificates), std::move(ssl_allowed_fingerprints), ssl_allow_any_cert ); } //------------------------------------------------------------------------------------------------------------------------------ @@ -2369,6 +2374,11 @@ namespace cryptonote , "List of paths to PEM format certificates of allowed peers (all allowed if empty)" }; + const command_line::arg_descriptor<std::vector<std::string>> core_rpc_server::arg_rpc_ssl_allowed_fingerprints = { + "rpc-ssl-allowed-fingerprints" + , "List of certificate fingerprints to allow" + }; + const command_line::arg_descriptor<bool> core_rpc_server::arg_rpc_ssl_allow_any_cert = { "rpc-ssl-allow-any-cert" , "Allow any peer certificate, rather than just those on the allowed list" diff --git a/src/rpc/core_rpc_server.h b/src/rpc/core_rpc_server.h index da1907af2..54fce3cd9 100644 --- a/src/rpc/core_rpc_server.h +++ b/src/rpc/core_rpc_server.h @@ -60,6 +60,7 @@ namespace cryptonote static const command_line::arg_descriptor<std::string> arg_rpc_ssl_private_key; static const command_line::arg_descriptor<std::string> arg_rpc_ssl_certificate; static const command_line::arg_descriptor<std::vector<std::string>> arg_rpc_ssl_allowed_certificates; + static const command_line::arg_descriptor<std::vector<std::string>> arg_rpc_ssl_allowed_fingerprints; static const command_line::arg_descriptor<bool> arg_rpc_ssl_allow_any_cert; static const command_line::arg_descriptor<std::string> arg_bootstrap_daemon_address; static const command_line::arg_descriptor<std::string> arg_bootstrap_daemon_login; |