Age | Commit message (Collapse) | Author | Files | Lines |
|
If `--daemon-ssl enabled` is set in the wallet, then a user certificate,
fingerprint, or onion/i2p address must be provided.
|
|
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
|
|
|
|
Currently if a user specifies a ca file or fingerprint to verify peer,
the default behavior is SSL autodetect which allows for mitm downgrade
attacks. It should be investigated whether a manual override should be
allowed - the configuration is likely always invalid.
|
|
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.
This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
|
|
|
|
b0c552f5 cryptonote_protocol_handler: add block/tx hashes in notify logs (moneromooo-monero)
|
|
a299dc96 rpc.gettransactions: fill as_json with partial tx in pruned mode (stoffu)
|
|
050bb337 wallet2: factor the watchonly/multisig/etc fields on creation (moneromooo-monero)
|
|
d45b85e1 wallet2: skip derivation precalc for blocks we know we'll skip (moneromooo-monero)
|
|
c84ea299 cryptonote_basic: some more minor speedups (moneromooo-monero)
e40eb2ad cryptonote_basic: speedup calculate_block_hash (moneromooo-monero)
547a9708 cryptonote: block parsing + hash calculation speedup (moneromooo-monero)
11604b6d blockchain: avoid unneeded block copy (moneromooo-monero)
8461df04 save some database calls when getting top block hash and height (moneromooo-monero)
3bbc3661 Avoid repeated (de)serialization when syncing (moneromooo-monero)
|
|
678262ab wallet_rpc_server: allow english/local language names in create_wallet (moneromooo-monero)
|
|
5e1a3e48 lmdb: fix size_t size issues on 32 bit (moneromooo-monero)
|
|
cafa15b9 wallet2: set confirmations to 0 for pool txes in proofs (moneromooo-monero)
|
|
849a768f perf_timer: move some debug levels to info for consistency (moneromooo-monero)
|
|
16eda54b wallet: use original user address if we have a short payment id (moneromooo-monero)
|
|
|
|
|
|
|
|
f825055d wallet_rpc_server: error out on getting the spend key from a hot wallet (moneromooo-monero)
67aa4adc wallet_rpc_server: add a set_daemon RPC (moneromooo-monero)
705acbac wallet2: init some variables to default values if loading old wallets (moneromooo-monero)
f82bc29e wallet_rpc_server: always fill out subaddr_indices in get_transfers (moneromooo-monero)
01efdc6a wallet_rpc_server: set confirmations to 0 for pending/pool txes (moneromooo-monero)
|
|
|
|
|
|
|
|
It was not filled out for in and pool types
|
|
|
|
9f49722c Fix build on FreeBSD (Nathan Dorfman)
|
|
19f8089f p2p: don't lookup seed nodes when offline (moneromooo-monero)
|
|
18faa6da wallet: add freeze/thaw/frozen commands (moneromooo-monero)
|
|
7c440915 Add get_tx_proof support, needed for new sanity check (cslashm)
98fdcb2a Add support for V11 protocol with BulletProofV2 and short amount. New scheme key destination contrfol Fix dummy decryption in debug mode (cslashm)
3a981a33 Add application version compatibility check. (cslashm)
|
|
f1a3796a wallet2: fix tx sanity check change test for the sweep_all case (moneromooo-monero)
|
|
ae6885f6 blockchain: incremental long term block weight cache (moneromooo-monero)
9b687c78 blockchain: simple cache for the long term block weights (moneromooo-monero)
|
|
023f2c77 wallet_rpc_server: remove mixin from transfer RPCs (moneromooo-monero)
|
|
c23ea796 New interactive daemon command 'print_net_stats': Global traffic stats (rbrunner7)
|
|
dc20d774 rpc: add miner tx hash to block header response (moneromooo-monero)
|
|
760d3a2a daemon: init public_port in all ctors (moneromooo-monero)
|
|
85f2f8c9 Fix daemon startup parameter '--limit-rate' processing after parameter defaults (rbrunner7)
|
|
1730a44f core: improve block rate monitor trigger probabilities (moneromooo-monero)
|
|
a7211793 rpc: quantize db size up to 5 GB in restricted mode (moneromooo-monero)
|
|
e99b2b12 simplewallet: make the long payment ids warnigns more warney (moneromooo-monero)
|
|
8a97563a Use threadpool instead of new threads for DNS queries (Howard Chu)
|
|
4500236f wallet2: make use_fork_rules handle chain heights lower than leeway (moneromooo-monero)
|
|
0a6cb30d wallet: flush output cache upon reorg (moneromooo-monero)
|
|
23fb056a wallet_rpc_server: new auto_refresh RPC (moneromooo-monero)
|
|
4ee15655 wallet_rpc_server: fix buffer read overflow in string assignment (moneromooo-monero)
|
|
8fd7452b wallet: move light wallet RPC out of core RPC (moneromooo-monero)
|
|
a8b98a0b wallet: fix memory only wallets (moneromooo-monero)
|
|
2b10f22a mnemonics: fix half length seed to bytes conversion (moneromooo-monero)
|
|
77e9815d blockchain: do not try to pop the genesis block (moneromooo-monero)
|
|
328d291f wallet2: set seed language when creating from json (moneromooo-monero)
|
|
a52366c1 wallet2: fix generation from json when restore height is not set (moneromooo-monero)
|
|
39f000b3 miner: fix possible exit crash due to race in stop (moneromooo-monero)
|
|
1d14b3f0 ringct: fix capitalization for scaler mult (fuwa)
|
|
91f4c7f4 Make difficulty 128 bit instead of 64 bit (moneromooo-monero)
|
|
|
|
|
|
|
|
Enhance debug info
|
|
New scheme key destination contrfol
Fix dummy decryption in debug mode
|
|
|
|
|
|
|
|
There's half a dozen calls, and it's easy to miss some when
adding a new field.
|
|
|
|
|
|
|
|
The block 202612 fix can be left tested at the end, if we
already know we're not in the general case
|
|
This saves a duplicate serialization step
|
|
|
|
|
|
|
|
and return both in get_languages
|
|
at least when using restore_deterministic_wallet
|
|
|
|
|
|
The original intent of one false positive a week on average
was not met, since what we really want is not the probability
of having N blocks in T seconds, but either N blocks of fewer
in T seconds, or N blocks or more in T seconds.
Some of this could be cached since it calculates the same fairly
complex floating point values, but it seems pretty fast already.
|
|
It makes more sense than (uint64_t)-1, which is going to look
like very much confirmed when not checking in_pool
|
|
Based on Boolberry work by:
jahrsg <jahr@jahr.me>
cr.zoidberg <crypto.zoidberg@gmail.com>
|
|
|
|
cce948a5 simplewallet: add some missing spacing before uses data (moneromooo-monero)
|
|
f962449d wallet_rpc_server: include out subaddress indices in get_transfers (moneromooo-monero)
|
|
adf6d773 wallet: fix offline signing calling a daemon RPC (moneromooo-monero)
|
|
be6f426a rpc: Allow submitting tx as hex blob over ZMQ (Nathan Dorfman)
|
|
223c6b07 dns_utils: really add default DNSSEC servers on failure (moneromooo-monero)
|
|
e9519e98 cryptonote: fix calculating coinbase tx hash (moneromooo-monero)
|
|
|
|
|
|
|
|
This will cause DNS requests, which will block and timeout
if there is really no network connectivity
|
|
These commands let one freeze outputs by key image, so they
do not appear in balance, nor are considered when creating
a transaction, etc
This is helpful when receiving an output from a suspected spy,
who might try to track your other outputs by seeing with what
other outputs it gets spent.
The frozen command may be used without parameters to list all
currently frozen outputs.
|
|
Also set error flag on exception when handling new txes
to keep tests working
|
|
it's been a while, only use ring_size now
|
|
|
|
We generate and check tx proofs and verify the amounts in those
match what the original amounts were.
|
|
2790d4d3 hardfork: update last_versions on popped block (moneromooo-monero)
|
|
5ade7281 Wallet API: multisig_tx_set passing bug fixed (naughtyfox)
|
|
576116d4 wallet: fix load failure if the mms isn't usable (moneromooo-monero)
|
|
4b21d38d blockchain: speed up getting N blocks weights/long term weights (moneromooo-monero)
|
|
7ac33342 slow-hash: cache TLS references locally once at function start (moneromooo-monero)
|
|
7632dede crypto: fix PaX issue on NetBSD with CNv4 JIT (moneromooo-monero)
89b1630e gtest: build fix for NetBSD (moneromooo-monero)
fa43b547 tests: handle any cmake detected python interpreter (moneromooo-monero)
|
|
a48e49aa aesb: avoid stomping on an existing define on NetBSD (moneromooo-monero)
|
|
3f6f90bb wallet2: do not use invalid keys as fake outs in rings (moneromooo-monero)
|
|
3907588b rpc: make fill_pow restricted (moneromooo-monero)
|
|
c6a70af8 wallet2: key image import fixes (moneromooo-monero)
|
|
efb2bdd3 slow-hash: default to JIT on x86_64 (moneromooo-monero)
|
|
c9b13fbb tests/trezor: HF9 and HF10 tests (Dusan Klinec)
a1fd1d49 device/trezor: HF10 support added, wallet::API (Dusan Klinec)
d74d26f2 crypto: hmac_keccak added (Dusan Klinec)
|
|
|
|
|
|
Coverity 196597
|
|
Coverity 196596
|
|
- import only key images generated by cold signing process
- wallet_api: trezor methods added
- wallet: button request code added
- const added to methods
- wallet2::get_tx_key_device() tries to decrypt stored tx private keys using the device.
- simplewallet supports get_tx_key and get_tx_proof on hw device using the get_tx_key feature
- live refresh enables refresh with trezor i.e. computing key images on the fly. More convenient and efficient for users.
- device: has_ki_live_refresh added
- a thread is watching whether live refresh is being computed, if not for 30 seconds, it terminates the live refresh process - switches Trezor state
|
|
|
|
|
|
|
|
4921c794 cn_deserialize: remove some unused code (moneromooo-monero)
|
|
8b514645 add multisig tx sets to describe_transfer rpc endpoint (spoke0)
|
|
eef164f7 cryptonote_protocol_handler: search for syncing peers in "cruise mode" (moneromooo-monero)
|
|
9c4d403a dns_utils: use fallback if the default resolver does not support DNSSEC (moneromooo-monero)
|
|
a54e81e5 daemon: add '--no-sync' arg to optionally disable blockchain sync (xiphon)
|
|
f42263eb wallet: adds rescan_bc option with preserving key images (Dusan Klinec)
|
|
|
|
We want people to really realize it's bad for *their* privacy.
|
|
d0e07b3d performance_tests: fix NetBSD build (moneromooo-monero)
7d88d8f2 discontinue use of alloca (moneromooo-monero)
|
|
551104fb daemon: add --public-node mode, RPC port propagation over P2P (xiphon)
|
|
59478c80 daemon: new mining_status command (moneromooo-monero)
|
|
b674728d Better error when sending a tx with a too large extra field (moneromooo-monero)
|
|
7c09882a dns_utils: remove MoneroPulse/checkpoints mention in TXT record code (moneromooo-monero)
|
|
bb2aed8e rpc: quantize db size up to 5 GB in restricted mode (moneromooo-monero)
|
|
8630a028 wallet: fix payment ID decryption for construction data (Dusan Klinec)
|
|
75e5aafd device/trezor: dummy payment ID fix (Dusan Klinec)
|
|
36451697 Simplify RPC endpoint, emoving second RPC endpoint generate_from_view_key (Joel)
c17c8188 Remove code duplication (Joel)
acb14c10 Add generate_from_view_key RPC method (Joel)
7dd7a3b7 Add generate_from_keys RPC method (Joel)
|
|
de32dcea Human readable message if maximum outputs reached (italocoin)
|
|
1f2930ce Update 2019 copyright (binaryFate)
|
|
|
|
|
|
Fixes output usage tracking
|
|
It can enable/disable auto refresh, and set auto refresh period
|
|
3ac40938 timings: fix errno.h mispelt as error.h (moneromooo-monero)
|
|
aac4e2f5 wallet_rpc_server: add missing --rpc-ssl-allowed-fingerprints (moneromooo-monero)
|
|
|
|
It's not nothing to do with it
|
|
- enables to perform rescan_spent / ki sync with untrusted daemon. Spent check status involves RPC calls which require trusted daemon status as it leaks information. The new call performs soft reset while preserving key images thus a sequence: refresh, ki sync / import, rescan_bc keep_ki will correctly perform spent checking without need for trusted daemon.
- useful to detect spent outputs with untrusted daemon on watch_only / multisig / hw-cold wallets after expensive key image sync.
- cli: rescan_bc keep_ki
|
|
|
|
|
|
|
|
It was not recovering then, but creating a new random address
|
|
If a thread asks to stop the miner, m_stop will be set, and
that thread will wait to join. If the main thread is exiting
at that time, it will ask the miner to stop, but the miner
will claim it's not mining and early out since m_stop is
set. This will cause the database and other things to get
shutdown. If the miner happens to find a block at that time,
it will try to call core, and crash.
Instead, lock and check whether any threads are currently
in m_threads, since they'll only be cleared once the threads
are joined. Moreover, since we lock, the second thread will
have to wait for the first one to have finished. Calling
join twice on a thread seems fine as per pthread_join(3).
|
|
|
|
5ea17909 device/trezor: debugging features, trezor tests (Dusan Klinec)
|
|
|
|
|
|
It's better to just ignore them, the user does not really need
to know they're here. If the mask is wrong, they'll fail to be
used, and sweeping will fail as it tries to use it.
Reported by Josh Davis.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
082149c5 fix merge errors, update recommended version to 0.14.0.2 (Riccardo Spagni)
f3b368c6 update checkpoints hash (Riccardo Spagni)
e518f2b1 update checkpoints, update README for 0.14.1 release (Riccardo Spagni)
8780d6b4 update readme via cherry-pick (Riccardo Spagni)
|
|
It's slow work, so let's not expose it
|
|
- return the right output data when offset is not zero
- do not consider import failed if result height is zero
(it can be 0 if unknown)
- select the right tx pubkey when using subaddresses (it's faster,
and we might select the wrong one if we got an output using one
of the additional tx keys)
- account for skipped outputs for spent/unspent balance info
"spent" is arguably wrong, since it will count spent change
multiple times as it goes through receive/spend cycles.
|
|
|
|
057c279c epee: add SSL support (Martijn Otto)
|
|
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
|
|
f024a10b db_lmdb: make mdb_block_info format conversion more future proof (moneromooo-monero)
|
|
ceb72be3 p2p: avoid busy loop when we have nothing to connect to (moneromooo-monero)
|
|
c4851024 wallet_rpc_server: avoid repeated string allocations when parsing (moneromooo-monero)
88c85c18 cryptonote: avoid double parsing blocks when syncing (moneromooo-monero)
9feda0ee cryptonote: speed up calculating coinbase tx prunable hash (moneromooo-monero)
238401d4 core: avoid double parsing blocks after hoh (moneromooo-monero)
dc5a7609 blockchain: avoid unneeded block copy (moneromooo-monero)
79b4e9f3 save some database calls when getting top block hash and height (moneromooo-monero)
98278808 blockchain: avoid pointless transaction copy and temporary (moneromooo-monero)
07d655e4 blockchain: avoid duplicate block hash computation (moneromooo-monero)
f75d51ab core: avoid calculating tx prefix hash when we don't need it (moneromooo-monero)
b044d03a Avoid repeated (de)serialization when syncing (moneromooo-monero)
b747e836 wallet2: don't calculate prefix hash when we don't need it (moneromooo-monero)
e69477bf db: speedup block addition (moneromooo-monero)
|
|
If mdb_block_info changes again, the v2 to v3 conversion would
convert to an incorrect format.
|
|
|
|
|
|
|
|
It's a hash of an empty buffer, so we can avoid keccak
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
by avoiding repeated (de)serialization
|
|
|
|
|
|
|
|
|
|
|
|
3d2772a0 wallet-rpc: get balance for all accounts and subaddresses (stoffu)
|
|
8a1ff079 wallet-rpc: get transfers for all accounts and subaddresses (Jethro Grassie)
|
|
4a9257b4 Support docker for gitian builds (TheCharlatan)
|
|
1f5680c8 simplewallet: add help for ask-password options (moneromooo-monero)
c7c74caf simplewallet: mark confirm-missing-payment-id as obsolete (moneromooo-monero)
|
|
5c81a9f1 wallet_rpc_server: add a validate_address RPC (moneromooo-monero)
|