Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
24473d7 build: fix MinGW GUI dependencies build (xiphon)
|
|
4371791 epee: implement handshake timeout for SSL connections (xiphon)
|
|
Coverity fixes [3a81639, 1bd962d, 2825f07, d099658, d46f701, cd57a10] (anonimal)
|
|
|
|
use mfatal/merror/mwarning/minfo/mdebug/mtrace
|
|
ab2819a depends: attempt to fix readline (iDunk5400)
|
|
|
|
As a side effect, colouring on Windows should now work
regardless of version
|
|
Make readline actually compile, and make ncurses use existing terminfo data (if available).
|
|
|
|
|
|
1a367d6 simplewallet: lock console on inactivity (moneromooo-monero)
|
|
|
|
new cli options (RPC ones also apply to wallet):
--p2p-bind-ipv6-address (default = "::")
--p2p-bind-port-ipv6 (default same as ipv4 port for given nettype)
--rpc-bind-ipv6-address (default = "::1")
--p2p-use-ipv6 (default false)
--rpc-use-ipv6 (default false)
--p2p-require-ipv4 (default true, if ipv4 bind fails and this is
true, will not continue even if ipv6 bind
successful)
--rpc-require-ipv4 (default true, description as above)
ipv6 addresses are to be specified as "[xx:xx:xx::xx:xx]:port" except
in the cases of the cli args for bind address. For those the square
braces can be omitted.
|
|
6abaaaa remove obsolete save_graph skeleton code (moneromooo-monero)
|
|
|
|
|
|
|
|
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
|
|
9a7a453 net_ssl: free certs after setting them up (moneromooo-monero)
|
|
b8b957d cmake: fix incorrect hint for OPENSSL_ROOT_DIR (moneromooo-monero)
367bb80 mlog: default to not showing SSL errors (moneromooo-monero)
|
|
|
|
|
|
add two RSA based ciphers for Windows/depends compatibility
also enforce server cipher ordering
also set ECDH to auto because vtnerd says it is good :)
When built with the depends system, openssl does not include any
cipher on the current whitelist, so add this one, which fixes the
problem, and does seem sensible.
|
|
|
|
SHA1 is too close to bruteforceable
|
|
|
|
If `--daemon-ssl enabled` is set in the wallet, then a user certificate,
fingerprint, or onion/i2p address must be provided.
|
|
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
|
|
This allows "chain" certificates to be used with the fingerprint
whitelist option. A user can get a system-ca signature as backup while
clients explicitly whitelist the server certificate. The user specified
CA can also be combined with fingerprint whitelisting.
|
|
The former has the same behavior with single self signed certificates
while allowing the server to have separate short-term authentication
keys with long-term authorization keys.
|
|
If the verification mode is `system_ca`, clients will now do hostname
verification. Thus, only certificates from expected hostnames are
allowed when SSL is enabled. This can be overridden by forcible setting
the SSL mode to autodetect.
Clients will also send the hostname even when `system_ca` is not being
performed. This leaks possible metadata, but allows servers providing
multiple hostnames to respond with the correct certificate. One example
is cloudflare, which getmonero.org is currently using.
|
|
If SSL is "enabled" via command line without specifying a fingerprint or
certificate, the system CA list is checked for server verification and
_now_ fails the handshake if that check fails. This change was made to
remain consistent with standard SSL/TLS client behavior. This can still
be overridden by using the allow any certificate flag.
If the SSL behavior is autodetect, the system CA list is still checked
but a warning is logged if this fails. The stream is not rejected
because a re-connect will be attempted - its better to have an
unverified encrypted stream than an unverified + unencrypted stream.
|
|
Using `verify_peer` on server side requests a certificate from the
client. If no certificate is provided, the server silently accepts the
connection and rejects if the client sends an unexpected certificate.
Adding `verify_fail_if_no_cert` has no affect on client and for server
requires that the peer sends a certificate or fails the handshake. This
is the desired behavior when the user specifies a fingerprint or CA file.
|
|
|
|
Currently a client must provide a certificate, even if the server is
configured to allow all certificates. This drops that requirement from
the client - unless the server is configured to use a CA file or
fingerprint(s) for verification - which is the standard behavior for SSL
servers.
The "system-wide" CA is not being used as a "fallback" to verify clients
before or after this patch.
|
|
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.
This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
|
|
dffdccdc No longer use deprecated RSA_generate_key in favor of RSA_generate_key_ex (Martijn Otto)
|
|
c23ea796 New interactive daemon command 'print_net_stats': Global traffic stats (rbrunner7)
|
|
RSA_generate_key_ex
|
|
|
|
|
|
9141a0a1 connection_basic: remove debug exception ^_^ (moneromooo-monero)
|
|
get_io_service was deprecated, and got removed
|
|
1f2930ce Update 2019 copyright (binaryFate)
|
|
- pkey gets deleted by the pkey_deleter but the caller tries to serialize it which causes errors as the memory is freed
|
|
|
|
Use SSL API directly, skip boost layer
|
|
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
7c3ade44 network_throttle: use circular_buffer where appropriate (moneromooo-monero)
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
|
|
- Support for ".onion" in --add-exclusive-node and --add-peer
- Add --anonymizing-proxy for outbound Tor connections
- Add --anonymous-inbounds for inbound Tor connections
- Support for sharing ".onion" addresses over Tor connections
- Support for broadcasting transactions received over RPC exclusively
over Tor (else broadcast over public IP when Tor not enabled).
|
|
|
|
a5ffc2d5 Remove boost::lexical_cast for uuid and unused uuid function (Lee Clagett)
|
|
85665003 epee: better network buffer data structure (moneromooo-monero)
|
|
b21a60ef mlocker: set default log category (moneromooo-monero)
|
|
0e2f5cb perf_timer: make all logs Info level (moneromooo-monero)
|
|
avoids pointless allocs and memcpy
|
|
|
|
ab783b17 easylogging++: ensure logger is initialized before main (moneromooo-monero)
9b69a0ae daemon: print monero version at startup when calling a detached daemon (moneromooo-monero)
4d71d463 mlocker: remove early page size log (moneromooo-monero)
|
|
and make them not default at log level 1
|
|
|
|
40485a73 mlocker: fix access to global lock map after dtor on exit (moneromooo-monero)
|
|
96e6b439 blockchain_stats: don't use gmtime_r on Windows (moneromooo-monero)
|
|
1132436f Only show a single mlock() error, to avoid flooding the log (Martijn Otto)
|
|
23829ebb mlocker: don't throw from lock/unlock (moneromooo-monero)
|
|
bd98e99c Removed a lot of unnecessary includes (Martijn Otto)
|
|
2b3595d0 various: do not propagate exception through dtor (moneromooo-monero)
|
|
It comes before the logger is initialized, so gets displayed
even though it should not be by default, and apparenly comes
too early for (some versions of) Android, where it crashes.
|
|
|
|
as the lock, it now leaks
|
|
In some cases, it doesn't like it (I don't know the details).
Factor into a new epee function
|
|
This prevents exceptions from showing up in various awkward
places such as dtors, since the only exception that can be
thrown is a lock failure, and nothing handles a lock failure
anyway.
|
|
0cfd2ae5 mlocker: fix dtor ordering problem (moneromooo-monero)
|
|
|
|
Coverity 189689, 189690, 189692, 189695
|
|
leak the mutex instead, it's a one off
|
|
Coverity 136593
|
|
8f3c7937 readline_buffer: fix "cursor in prompt" bug (moneromooo-monero)
|
|
2e2daebc ANSI colors in Windows 10 (iDunk5400)
|
|
It happens when readline displays a prompt just before switching
to a shorter one
|
|
|
|
|
|
|
|
bcf3f6af fuzz_tests: catch unhandled exceptions (moneromooo-monero)
3ebd05d4 miner: restore stream flags after changing them (moneromooo-monero)
a093092e levin_protocol_handler_async: do not propagate exception through dtor (moneromooo-monero)
1eebb82b net_helper: do not propagate exceptions through dtor (moneromooo-monero)
fb6a3630 miner: do not propagate exceptions through dtor (moneromooo-monero)
2e2139ff epee: do not propagate exception through dtor (moneromooo-monero)
0749a8bd db_lmdb: do not propagate exceptions in dtor (moneromooo-monero)
1b0afeeb wallet_rpc_server: exit cleanly on unhandled exceptions (moneromooo-monero)
418a9936 unit_tests: catch unhandled exceptions (moneromooo-monero)
ea7f9543 threadpool: do not propagate exceptions through the dtor (moneromooo-monero)
6e855422 gen_multisig: nice exit on unhandled exception (moneromooo-monero)
53df2deb db_lmdb: catch error in mdb_stat calls during migration (moneromooo-monero)
e67016dd blockchain_blackball: catch failure to commit db transaction (moneromooo-monero)
661439f4 mlog: don't remove old logs if we failed to rename the current file (moneromooo-monero)
5fdcda50 easylogging++: test for NULL before dereference (moneromooo-monero)
7ece1550 performance_test: fix bad last argument calling add_arg (moneromooo-monero)
a085da32 unit_tests: add check for page size > 0 before dividing (moneromooo-monero)
d8b1ec8b unit_tests: use std::shared_ptr to shut coverity up about leaks (moneromooo-monero)
02563bf4 simplewallet: top level exception catcher to print nicer messages (moneromooo-monero)
c57a65b2 blockchain_blackball: fix shift range for 32 bit archs (moneromooo-monero)
|
|
b2972927 osx compilation fix: missing boost libs added (Dusan Klinec)
|
|
4d52ec0c mlog: do not display http errors by default (moneromooo-monero)
|
|
They're controllable by potential attackers and would just spam
|
|
|
|
262e391 mlog: handle filenames without parent directories (moneromooo-monero)
|
|
This class will allow mlocking small objects, of which there
may be several per page. It adds refcounting so pages are only
munlocked when the last object on that page munlocks.
|
|
|
|
eg, --log-file=foo.log
This would otherwise throw and crash with a stack overflow
|
|
Some of them don't like it
|
|
8766528 epee: fallback to a counter if gmtime fails when rotating logs (moneromooo-monero)
|
|
|
|
|
|
|
|
memset_s doesn't like it
|
|
|
|
fde4489e wipeable_string: call memwipe directly (moneromooo-monero)
|
|
851bd057 call _exit instead of abort in release mode (moneromooo-monero)
|
|
Avoids cores being created, as they're nowadays often piped
to some call home system
|
|
since the original reason for the indirect call (that memwipe
was not in contrib) is now gone
|
|
|
|
|
|
|
|
|
|
6ccc51f6 wipeable_string: fix buffer overread (moneromooo-monero)
|
|
|
|
|
|
bd5cce07 network_throttle: fix ineffective locking (moneromooo-monero)
e0a61299 network_throttle: remove unused xxx static member (moneromooo-monero)
24f584d9 cryptonote_core: remove unused functions with off by one bugs (moneromooo-monero)
b1634aa3 blockchain: don't leave dangling pointers in this (moneromooo-monero)
8e60b81c cryptonote_core: fix db leak on error (moneromooo-monero)
213e326c abstract_tcp_server2: log init_server errors as fatal (moneromooo-monero)
b51dc566 use const refs in for loops for non tiny types (moneromooo-monero)
f0568ca6 net_parse_helpers: fix regex error checking (moneromooo-monero)
b49ddc76 check accessing an element past the end of a container (moneromooo-monero)
2305bf26 check return value for generate_key_derivation and derive_public_key (moneromooo-monero)
a4240d9f catch const exceptions (moneromooo-monero)
45a1c4c0 add empty container sanity checks when using front() and back() (moneromooo-monero)
56fa6ce1 tests: fix a buffer overread in a unit test (moneromooo-monero)
b4524892 rpc: guard against json parsing a non object (moneromooo-monero)
c2ed8618 easylogging++: avoid buffer underflow (moneromooo-monero)
187a6ab2 epee: trap failure to parse URI from request (moneromooo-monero)
061789b5 checkpoints: trap failure to load JSON checkpoints (moneromooo-monero)
ba2fefb9 checkpoints: pass std::string by const ref, not const value (moneromooo-monero)
38c8f4e0 mlog: terminate a string at last char, just in case (moneromooo-monero)
d753d716 fix a few leaks by throwing objects, not newed pointers to objects (moneromooo-monero)
fe568db8 p2p: use size_t for arbitrary counters instead of uint8_t (moneromooo-monero)
46d6fa35 cryptonote_protocol: sanity check chain hashes from peer (moneromooo-monero)
25584f86 cryptonote_protocol: print peer versions when unexpected (moneromooo-monero)
490a5d41 rpc: do not try to use an invalid txid in relay_tx (moneromooo-monero)
|
|
|
|
That way, all implicit wipes ends up in grow, which is more robust
|
|
This was asserting, but stoffu pointed out the std::string standard
considers this ok and ignorable
|
|
|
|
|
|
|
|
|
|
43f5269f Wallets now do not depend on the daemon rpc lib (moneromooo-monero)
bb89ae8b move connection_basic and network_throttle from src/p2p to epee (moneromooo-monero)
4abf25f3 cryptonote_core does not depend on p2p anymore (moneromooo-monero)
|
|
These even had the epee namespace.
This fixes some ugly circular dependencies.
|
|
|
|
|
|
|
|
This fixes linking when path to openssl
is defined manually:
cmake -DOPENSSL_ROOT_DIR='/usr/include/openssl-1.0;/usr/lib/openssl-1.0' ...
This is useful for building with OpenSSL v1.0
when default system installation is v1.1.
The linking error is undefined SSL_load_error_strings symbol.
This is due to -L /usr/lib/openssl-1.0 not making it onto
the linkline (so -lssl pulls in the default system openssl).
|
|
|
|
Level 1 logs map to INFO, so setting log level to 1 should
show these. Demote some stuff to DEBUG to avoid spam, though.
|
|
- internal nullptr checks
- prevent modifications to network_address (shallow copy issues)
- automagically works with any type containing interface functions
- removed fnv1a hashing
- ipv4_network_address now flattened with no base class
|
|
792ba4f0 Log categories can now be added to and removed from (moneromooo-monero)
48f92eb6 easylogging++: add categories getter (moneromooo-monero)
f35afe62 epee: factor log level/categories setting (moneromooo-monero)
|
|
Also, set_log without parameters now prints the log categories
|
|
|
|
|
|
And don't use std::mutex
|
|
|
|
Also added and moved two free's hoping to fix leaks.
|
|
This should prevent "silent" failures to start
|
|
335fc8ab mlog: fix crash accessing stale data when rotating logs (moneromooo-monero)
|
|
d75cff1a Fix readline prompt when command does not output (Jethro Grassie)
|
|
|
|
There might be privacy issues doing it by default
|
|
|
|
6955976b Add various readline related fixes (Jethro Grassie)
|
|
6a23cd07 Add notification on stop (Jethro Grassie)
|
|
a02d7458 mlog: make MONERO_LOGS env var understand N,logs type spec (moneromooo-monero)
|
|
|
|
- Add missing unbind key
- Fix colored messages
- Add command completion
- Preserve last command input
- Fix cursor position issues
- Fix trailing whitespace in commands
- Synchronize set_prompt
|
|
|
|
This ensures command output gets logged by default
|
|
76043b17 monero-wallet-cli: hang on exit in readline code (#2117) (moneromooo-monero)
a73a42a6 monero-wallet-cli: hang on exit in readline code (#2117) (moneromooo-monero)
be9d4f04 Fix multiline wallet cli output with readline (Jethro Grassie)
|
|
readline_buffer: move a local to local scope
Also limit the select fd limit to what we use
Signed-off-by: Jethro Grassie <jtg@xtrabass.com>
|
|
readline_buffer: fix start/stop threads being starved by process
process could run for quite some time re-acquiring the process
lock, leaving start/stop starving. Yielding after unlock in
process is much better but doesn't seem to be enough to reliably
yield, so we sleep for a millisecond, which should be transparent
for user input anyway.
Signed-off-by: Jethro Grassie <jtg@xtrabass.com>
|
|
monero-wallet-cli commands which have multine output sometimes causes
issues with the readline support. This patch fixes show_transfers,
payments and incoming_transfers.
|
|
Color prompt now working and no reprompting on exit command.
|
|
8261ba69 readline_buffer: fix busy wait (moneromooo-monero)
|
|
It'd eat up a core constantly, due to spending its time jumping
back and forth between userland and kernel. We now wait for up
to a millisecond in kernel, which will be transparent to the user
and drop to idle most of the time.
|
|
m_cout_buf was not initialized
|
|
|
|
This PR adds readline support to the daemon and monero-wallet-cli. Only
GNU readline is supported (e.g. not libedit) and there are cmake checks
to ensure this.
There is a cmake variable, Readline_ROOT_DIR that can specify a
directory to find readline, otherwise some default paths are searched.
There is also a cmake option, USE_READLINE, that defaults to ON. If set
to ON, if readline is not found, the build continues but without
readline support.
One negative side effect of using readline is that the color prompt in
the wallet-cli now has no color and just uses terminal default. I know
how to fix this but it's quite a big change so will tackle another time.
|
|
Missed a crypto -> cncrypto rename
|
|
|
|
|
|
- Performance improvements
- Added `span` for zero-copy pointer+length arguments
- Added `std::ostream` overload for direct writing to output buffers
- Removal of unused `string_tools::buff_to_hex`
|
|
62efe5f6 mlog: direct log category changes to file only (moneromooo-monero)
|
|
|
|
Because some people just won't even try to read what is written
and freak out because the word FATAL is in here, despite the
context making it clear it's not an error.
|
|
|
|
0effe196 Revert "Increase the log level for the info about log levels" (moneromooo-monero)
|
|
We want to know which log categories are active.
This reverts commit 4f7bce6d20c72a1384289f7c35b7fe0ee796ed41.
|
|
|
|
b7f85a30 mlog: default net.cn to FATAL (moneromooo-monero)
|
|
Errors in this layer depend on how peers behave, and thus errors
are expected
|
|
|
|
72deb484 updated fallback nodes (Riccardo Spagni)
33329f5b update version to 0.10.2 (Riccardo Spagni)
04a50a7e update checkpoints.dat (Riccardo Spagni)
c3599fa7 update copyright year, fix occasional lack of newline at line end (Riccardo Spagni)
|
|
|
|
|
|
|
|
Makes it more likely to show up
|
|
|
|
ce7fcbb4 Add server auth to monerod, and client auth to wallet-cli and wallet-rpc (Lee Clagett)
|
|
|
|
|
|
c3d7a198 mlog: probable fix for gmtime_r not being available on windows (moneromooo-monero)
|
|
|
|
|
|
|
|
eg, 2,foo:ERROR,bar:INFO
|
|
13dd102e mlog: fix default level/category mapping (moneromooo-monero)
|
|
a854cec3 Make stack trace show up in log file with default settings (moneromooo-monero)
|
|
It was not matching the LOG_PRINT_Lx mapping for 2/3/4
|
|
|
|
using the MONERO_LOG_FORMAT environment variable.
Default is:
%datetime{%Y-%M-%d %H:%m:%s.%g}\t%thread\t%level\t%logger\t%loc\t%msg
Field list in easylogging++ documentation.
Don't forget to escape as needed.
|
|
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.
To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:
This one is (mostly) silent, only outputting fatal errors:
MONERO_LOGS=*:FATAL
This one is very verbose:
MONERO_LOGS=*:TRACE
This one is totally silent (logwise):
MONERO_LOGS=""
This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):
MONERO_LOGS=*:WARNING,verify:FATAL
Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:
MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE
Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.
Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.
The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
|
|
|
|
|