aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRiccardo Spagni <ric@spagni.net>2019-05-02 11:30:28 +0200
committerRiccardo Spagni <ric@spagni.net>2019-05-02 11:30:28 +0200
commit77f9bfa4d5de1b39c8f0c86508eab5ac0ae6488a (patch)
tree2fb25ffb3cc161b87c2275e95a67ba2bda28d0e9 /src
parentMerge pull request #5491 (diff)
parentchange SSL certificate fingerprint whitelisting from SHA1 to SHA-256 (diff)
downloadmonero-77f9bfa4d5de1b39c8f0c86508eab5ac0ae6488a.tar.xz
Merge pull request #5493
5e0da6fb change SSL certificate fingerprint whitelisting from SHA1 to SHA-256 (moneromooo-monero)
Diffstat (limited to 'src')
-rw-r--r--src/rpc/core_rpc_server.cpp9
-rw-r--r--src/wallet/wallet2.cpp6
-rw-r--r--src/wallet/wallet_rpc_server.cpp9
3 files changed, 24 insertions, 0 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index c41fb37d8..97e9b482e 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -28,6 +28,7 @@
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+#include <boost/preprocessor/stringize.hpp>
#include "include_base_utils.h"
#include "string_tools.h"
using namespace epee;
@@ -159,6 +160,14 @@ namespace cryptonote
const std::vector<std::string> ssl_allowed_fingerprint_strings = command_line::get_arg(vm, arg_rpc_ssl_allowed_fingerprints);
std::vector<std::vector<uint8_t>> ssl_allowed_fingerprints{ ssl_allowed_fingerprint_strings.size() };
std::transform(ssl_allowed_fingerprint_strings.begin(), ssl_allowed_fingerprint_strings.end(), ssl_allowed_fingerprints.begin(), epee::from_hex::vector);
+ for (const auto &fpr: ssl_allowed_fingerprints)
+ {
+ if (fpr.size() != SSL_FINGERPRINT_SIZE)
+ {
+ MERROR("SHA-256 fingerprint should be " BOOST_PP_STRINGIZE(SSL_FINGERPRINT_SIZE) " bytes long.");
+ return false;
+ }
+ }
if (!ssl_ca_path.empty() || !ssl_allowed_fingerprints.empty())
ssl_options = epee::net_utils::ssl_options_t{std::move(ssl_allowed_fingerprints), std::move(ssl_ca_path)};
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 0a5d34e77..f5b492771 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -39,6 +39,7 @@
#include <boost/algorithm/string/join.hpp>
#include <boost/asio/ip/address.hpp>
#include <boost/range/adaptor/transformed.hpp>
+#include <boost/preprocessor/stringize.hpp>
#include "include_base_utils.h"
using namespace epee;
@@ -343,6 +344,11 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
{
std::vector<std::vector<uint8_t>> ssl_allowed_fingerprints{ daemon_ssl_allowed_fingerprints.size() };
std::transform(daemon_ssl_allowed_fingerprints.begin(), daemon_ssl_allowed_fingerprints.end(), ssl_allowed_fingerprints.begin(), epee::from_hex::vector);
+ for (const auto &fpr: daemon_ssl_allowed_fingerprints)
+ {
+ THROW_WALLET_EXCEPTION_IF(fpr.size() != SSL_FINGERPRINT_SIZE, tools::error::wallet_internal_error,
+ "SHA-256 fingerprint should be " BOOST_PP_STRINGIZE(SSL_FINGERPRINT_SIZE) " bytes long.");
+ }
ssl_options = epee::net_utils::ssl_options_t{
std::move(ssl_allowed_fingerprints), std::move(daemon_ssl_ca_file)
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 8e67f8f51..22eaffa6f 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -31,6 +31,7 @@
#include <boost/asio/ip/address.hpp>
#include <boost/filesystem/operations.hpp>
#include <boost/algorithm/string.hpp>
+#include <boost/preprocessor/stringize.hpp>
#include <cstdint>
#include "include_base_utils.h"
using namespace epee;
@@ -254,6 +255,14 @@ namespace tools
{
std::vector<std::vector<uint8_t>> allowed_fingerprints{ rpc_ssl_allowed_fingerprints.size() };
std::transform(rpc_ssl_allowed_fingerprints.begin(), rpc_ssl_allowed_fingerprints.end(), allowed_fingerprints.begin(), epee::from_hex::vector);
+ for (const auto &fpr: rpc_ssl_allowed_fingerprints)
+ {
+ if (fpr.size() != SSL_FINGERPRINT_SIZE)
+ {
+ MERROR("SHA-256 fingerprint should be " BOOST_PP_STRINGIZE(SSL_FINGERPRINT_SIZE) " bytes long.");
+ return false;
+ }
+ }
rpc_ssl_options = epee::net_utils::ssl_options_t{
std::move(allowed_fingerprints), std::move(rpc_ssl_ca_file)