diff options
author | luigi1111 <luigi1111w@gmail.com> | 2023-07-06 21:27:16 -0500 |
---|---|---|
committer | luigi1111 <luigi1111w@gmail.com> | 2023-07-06 21:27:16 -0500 |
commit | 3a72c4744554efd34cf5c54e8b73ae9491e53c16 (patch) | |
tree | 3ea592cea8868b6acefd8ed6a5b424c09f8a8676 /src | |
parent | Merge pull request #8250 (diff) | |
parent | core_rpc_server: new file: rpc_ssl.fingerprint (diff) | |
download | monero-3a72c4744554efd34cf5c54e8b73ae9491e53c16.tar.xz |
Merge pull request #8344
70bbd25 core_rpc_server: new file: rpc_ssl.fingerprint (Jeffrey Ryan)
Diffstat (limited to 'src')
-rw-r--r-- | src/gen_ssl_cert/gen_ssl_cert.cpp | 25 | ||||
-rw-r--r-- | src/rpc/core_rpc_server.cpp | 29 |
2 files changed, 29 insertions, 25 deletions
diff --git a/src/gen_ssl_cert/gen_ssl_cert.cpp b/src/gen_ssl_cert/gen_ssl_cert.cpp index e695df727..b25d9a73d 100644 --- a/src/gen_ssl_cert/gen_ssl_cert.cpp +++ b/src/gen_ssl_cert/gen_ssl_cert.cpp @@ -65,29 +65,6 @@ namespace const command_line::arg_descriptor<bool> arg_prompt_for_passphrase = {"prompt-for-passphrase", gencert::tr("Prompt for a passphrase with which to encrypt the private key"), false}; } -// adapted from openssl's apps/x509.c -static std::string get_fingerprint(X509 *cert, const EVP_MD *fdig) -{ - unsigned int j; - unsigned int n; - unsigned char md[EVP_MAX_MD_SIZE]; - std::string fingerprint; - - if (!X509_digest(cert, fdig, md, &n)) - { - tools::fail_msg_writer() << tr("Failed to create fingerprint: ") << ERR_reason_error_string(ERR_get_error()); - return fingerprint; - } - fingerprint.resize(n * 3 - 1); - char *out = &fingerprint[0]; - for (j = 0; j < n; ++j) - { - snprintf(out, 3 + (j + 1 < n), "%02X%s", md[j], (j + 1 == n) ? "" : ":"); - out += 3; - } - return fingerprint; -} - int main(int argc, char* argv[]) { TRY_ENTRY(); @@ -246,7 +223,7 @@ int main(int argc, char* argv[]) tools::success_msg_writer() << tr("New certificate created:"); tools::success_msg_writer() << tr("Certificate: ") << certificate_filename; - tools::success_msg_writer() << tr("SHA-256 Fingerprint: ") << get_fingerprint(cert, EVP_sha256()); + tools::success_msg_writer() << tr("SHA-256 Fingerprint: ") << epee::net_utils::get_hr_ssl_fingerprint(cert); tools::success_msg_writer() << tr("Private key: ") << private_key_filename << " (" << (private_key_passphrase.empty() ? "unencrypted" : "encrypted") << ")"; return 0; diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp index cb347110d..0adf0b65e 100644 --- a/src/rpc/core_rpc_server.cpp +++ b/src/rpc/core_rpc_server.cpp @@ -352,6 +352,7 @@ namespace cryptonote const auto ssl_base_path = (boost::filesystem::path{data_dir} / "rpc_ssl").string(); const bool ssl_cert_file_exists = boost::filesystem::exists(ssl_base_path + ".crt"); const bool ssl_pkey_file_exists = boost::filesystem::exists(ssl_base_path + ".key"); + const bool ssl_fp_file_exists = boost::filesystem::exists(ssl_base_path + ".fingerprint"); if (store_ssl_key) { // .key files are often given different read permissions as their corresponding .crt files. @@ -361,13 +362,39 @@ namespace cryptonote MFATAL("Certificate (.crt) and private key (.key) files must both exist or both not exist at path: " << ssl_base_path); return false; } + else if (!ssl_cert_file_exists && ssl_fp_file_exists) // only fingerprint file is present + { + MFATAL("Fingerprint file is present while certificate (.crt) and private key (.key) files are not at path: " << ssl_base_path); + return false; + } else if (ssl_cert_file_exists) { // and ssl_pkey_file_exists // load key from previous run, password prompted by OpenSSL store_ssl_key = false; rpc_config->ssl_options.auth = epee::net_utils::ssl_authentication_t{ssl_base_path + ".key", ssl_base_path + ".crt"}; + + // Since the .fingerprint file was added afterwards, sometimes the other 2 are present, and .fingerprint isn't + // In that case, generate the .fingerprint file from the existing .crt file + if (!ssl_fp_file_exists) + { + try + { + std::string fingerprint = epee::net_utils::get_hr_ssl_fingerprint_from_file(ssl_base_path + ".crt"); + if (!epee::file_io_utils::save_string_to_file(ssl_base_path + ".fingerprint", fingerprint)) + { + MWARNING("Could not save SSL fingerprint to file '" << ssl_base_path << ".fingerprint'"); + } + const auto fp_perms = boost::filesystem::owner_read | boost::filesystem::group_read | boost::filesystem::others_read; + boost::filesystem::permissions(ssl_base_path + ".fingerprint", fp_perms); + } + catch (const std::exception& e) + { + // Do nothing. The fingerprint file is helpful, but not at all necessary. + MWARNING("While trying to store SSL fingerprint file, got error (ignoring): " << e.what()); + } + } } - } + } // if (store_ssl_key) auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); }; const bool inited = epee::http_server_impl_base<core_rpc_server, connection_context>::init( |