Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-12-12 16:55:45 -05:00
Code Issues Projects Releases Packages Wiki Activity

core_rpc_server: new file: rpc_ssl.fingerprint

Browse source
This commit is contained in:
Jeffrey Ryan 2022-05-19 15:27:30 -05:00 committed by jeffro256
parent 94e67bf96b
commit 70bbd2536b
No known key found for this signature in database
GPG key ID: 6F79797A6E392442
4 changed files with 129 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/rpc/core_rpc_server.cpp
View file

@ -352,6 +352,7 @@ namespace cryptonote
const auto ssl_base_path = (boost::filesystem::path{data_dir} / "rpc_ssl").string();
const bool ssl_cert_file_exists = boost::filesystem::exists(ssl_base_path + ".crt");
const bool ssl_pkey_file_exists = boost::filesystem::exists(ssl_base_path + ".key");
const bool ssl_fp_file_exists = boost::filesystem::exists(ssl_base_path + ".fingerprint");
if (store_ssl_key)
{
// .key files are often given different read permissions as their corresponding .crt files.
@ -361,13 +362,39 @@ namespace cryptonote
MFATAL("Certificate (.crt) and private key (.key) files must both exist or both not exist at path: " << ssl_base_path);
return false;
}
else if (!ssl_cert_file_exists && ssl_fp_file_exists) // only fingerprint file is present
{
MFATAL("Fingerprint file is present while certificate (.crt) and private key (.key) files are not at path: " << ssl_base_path);
return false;
}
else if (ssl_cert_file_exists) { // and ssl_pkey_file_exists
// load key from previous run, password prompted by OpenSSL
store_ssl_key = false;
rpc_config->ssl_options.auth =
epee::net_utils::ssl_authentication_t{ssl_base_path + ".key", ssl_base_path + ".crt"};
// Since the .fingerprint file was added afterwards, sometimes the other 2 are present, and .fingerprint isn't
// In that case, generate the .fingerprint file from the existing .crt file
if (!ssl_fp_file_exists)
{
try
{
std::string fingerprint = epee::net_utils::get_hr_ssl_fingerprint_from_file(ssl_base_path + ".crt");
if (!epee::file_io_utils::save_string_to_file(ssl_base_path + ".fingerprint", fingerprint))
{
MWARNING("Could not save SSL fingerprint to file '" << ssl_base_path << ".fingerprint'");
}
const auto fp_perms = boost::filesystem::owner_read | boost::filesystem::group_read | boost::filesystem::others_read;
boost::filesystem::permissions(ssl_base_path + ".fingerprint", fp_perms);
}
catch (const std::exception& e)
{
// Do nothing. The fingerprint file is helpful, but not at all necessary.
MWARNING("While trying to store SSL fingerprint file, got error (ignoring): " << e.what());
}
}
}
}
} // if (store_ssl_key)
auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); };
const bool inited = epee::http_server_impl_base<core_rpc_server, connection_context>::init(