aboutsummaryrefslogtreecommitdiff
path: root/src/rpc
diff options
context:
space:
mode:
Diffstat (limited to 'src/rpc')
-rw-r--r--src/rpc/core_rpc_server.cpp63
-rw-r--r--src/rpc/core_rpc_server.h5
2 files changed, 65 insertions, 3 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index eae8cc531..d18774149 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -76,6 +76,11 @@ namespace cryptonote
command_line::add_arg(desc, arg_rpc_bind_port);
command_line::add_arg(desc, arg_rpc_restricted_bind_port);
command_line::add_arg(desc, arg_restricted_rpc);
+ command_line::add_arg(desc, arg_rpc_ssl);
+ command_line::add_arg(desc, arg_rpc_ssl_private_key);
+ command_line::add_arg(desc, arg_rpc_ssl_certificate);
+ command_line::add_arg(desc, arg_rpc_ssl_allowed_certificates);
+ command_line::add_arg(desc, arg_rpc_ssl_allow_any_cert);
command_line::add_arg(desc, arg_bootstrap_daemon_address);
command_line::add_arg(desc, arg_bootstrap_daemon_login);
cryptonote::rpc_args::init_options(desc);
@@ -112,11 +117,11 @@ namespace cryptonote
epee::net_utils::http::login login;
login.username = bootstrap_daemon_login.substr(0, loc);
login.password = bootstrap_daemon_login.substr(loc + 1);
- m_http_client.set_server(m_bootstrap_daemon_address, login, false);
+ m_http_client.set_server(m_bootstrap_daemon_address, login, epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
}
else
{
- m_http_client.set_server(m_bootstrap_daemon_address, boost::none, false);
+ m_http_client.set_server(m_bootstrap_daemon_address, boost::none, epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
}
m_should_use_bootstrap_daemon = true;
}
@@ -131,9 +136,32 @@ namespace cryptonote
if (rpc_config->login)
http_login.emplace(std::move(rpc_config->login->username), std::move(rpc_config->login->password).password());
+ epee::net_utils::ssl_support_t ssl_support;
+ const std::string ssl = command_line::get_arg(vm, arg_rpc_ssl);
+ if (!epee::net_utils::ssl_support_from_string(ssl_support, ssl))
+ {
+ MFATAL("Invalid RPC SSL support: " << ssl);
+ return false;
+ }
+ const std::string ssl_private_key = command_line::get_arg(vm, arg_rpc_ssl_private_key);
+ const std::string ssl_certificate = command_line::get_arg(vm, arg_rpc_ssl_certificate);
+ const std::vector<std::string> ssl_allowed_certificate_paths = command_line::get_arg(vm, arg_rpc_ssl_allowed_certificates);
+ std::list<std::string> ssl_allowed_certificates;
+ for (const std::string &path: ssl_allowed_certificate_paths)
+ {
+ ssl_allowed_certificates.push_back({});
+ if (!epee::file_io_utils::load_file_to_string(path, ssl_allowed_certificates.back()))
+ {
+ MERROR("Failed to load certificate: " << path);
+ ssl_allowed_certificates.back() = std::string();
+ }
+ }
+ const bool ssl_allow_any_cert = command_line::get_arg(vm, arg_rpc_ssl_allow_any_cert);
+
auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); };
return epee::http_server_impl_base<core_rpc_server, connection_context>::init(
- rng, std::move(port), std::move(rpc_config->bind_ip), std::move(rpc_config->access_control_origins), std::move(http_login)
+ rng, std::move(port), std::move(rpc_config->bind_ip), std::move(rpc_config->access_control_origins), std::move(http_login),
+ ssl_support, std::make_pair(ssl_private_key, ssl_certificate), ssl_allowed_certificates, ssl_allow_any_cert
);
}
//------------------------------------------------------------------------------------------------------------------------------
@@ -2318,6 +2346,35 @@ namespace cryptonote
, false
};
+ const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_ssl = {
+ "rpc-ssl"
+ , "Enable SSL on RPC connections: enabled|disabled|autodetect"
+ , "autodetect"
+ };
+
+ const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_ssl_private_key = {
+ "rpc-ssl-private-key"
+ , "Path to a PEM format private key"
+ , ""
+ };
+
+ const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_ssl_certificate = {
+ "rpc-ssl-certificate"
+ , "Path to a PEM format certificate"
+ , ""
+ };
+
+ const command_line::arg_descriptor<std::vector<std::string>> core_rpc_server::arg_rpc_ssl_allowed_certificates = {
+ "rpc-ssl-allowed-certificates"
+ , "List of paths to PEM format certificates of allowed peers (all allowed if empty)"
+ };
+
+ const command_line::arg_descriptor<bool> core_rpc_server::arg_rpc_ssl_allow_any_cert = {
+ "rpc-ssl-allow-any-cert"
+ , "Allow any peer certificate, rather than just those on the allowed list"
+ , false
+ };
+
const command_line::arg_descriptor<std::string> core_rpc_server::arg_bootstrap_daemon_address = {
"bootstrap-daemon-address"
, "URL of a 'bootstrap' remote daemon that the connected wallets can use while this daemon is still not fully synced"
diff --git a/src/rpc/core_rpc_server.h b/src/rpc/core_rpc_server.h
index 62a377841..da1907af2 100644
--- a/src/rpc/core_rpc_server.h
+++ b/src/rpc/core_rpc_server.h
@@ -56,6 +56,11 @@ namespace cryptonote
static const command_line::arg_descriptor<std::string, false, true, 2> arg_rpc_bind_port;
static const command_line::arg_descriptor<std::string> arg_rpc_restricted_bind_port;
static const command_line::arg_descriptor<bool> arg_restricted_rpc;
+ static const command_line::arg_descriptor<std::string> arg_rpc_ssl;
+ static const command_line::arg_descriptor<std::string> arg_rpc_ssl_private_key;
+ static const command_line::arg_descriptor<std::string> arg_rpc_ssl_certificate;
+ static const command_line::arg_descriptor<std::vector<std::string>> arg_rpc_ssl_allowed_certificates;
+ static const command_line::arg_descriptor<bool> arg_rpc_ssl_allow_any_cert;
static const command_line::arg_descriptor<std::string> arg_bootstrap_daemon_address;
static const command_line::arg_descriptor<std::string> arg_bootstrap_daemon_login;