Lee Clagett
96d602ac84
Add verify_fail_if_no_cert
option for proper client authentication
...
Using `verify_peer` on server side requests a certificate from the
client. If no certificate is provided, the server silently accepts the
connection and rejects if the client sends an unexpected certificate.
Adding `verify_fail_if_no_cert` has no affect on client and for server
requires that the peer sends a certificate or fails the handshake. This
is the desired behavior when the user specifies a fingerprint or CA file.
2019-04-07 00:44:37 -04:00
Lee Clagett
21eb1b0725
Pass SSL arguments via one class and use shared_ptr instead of reference
2019-04-07 00:44:37 -04:00
Lee Clagett
1f5ed328aa
Change default SSL to "enabled" if user specifies fingerprint/certificate
...
Currently if a user specifies a ca file or fingerprint to verify peer,
the default behavior is SSL autodetect which allows for mitm downgrade
attacks. It should be investigated whether a manual override should be
allowed - the configuration is likely always invalid.
2019-04-06 23:47:07 -04:00
Lee Clagett
f18a069fcc
Do not require client certificate unless server has some whitelisted.
...
Currently a client must provide a certificate, even if the server is
configured to allow all certificates. This drops that requirement from
the client - unless the server is configured to use a CA file or
fingerprint(s) for verification - which is the standard behavior for SSL
servers.
The "system-wide" CA is not being used as a "fallback" to verify clients
before or after this patch.
2019-04-06 23:47:06 -04:00
Lee Clagett
a3b0284837
Change SSL certificate file list to OpenSSL builtin load_verify_location
...
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.
This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
Riccardo Spagni
5dbcceb664
Merge pull request #5364
...
e8cf7dcc
rpc: merge the two get_info implementations (moneromooo-monero)
2019-04-06 16:09:06 +02:00
Riccardo Spagni
c34930c207
Merge pull request #5391
...
71907980
unit_tests: fix long term block weight test after cache change (moneromooo-monero)
2019-04-06 16:04:27 +02:00
moneromooo-monero
e8cf7dcc2b
rpc: merge the two get_info implementations
2019-04-06 14:04:24 +00:00
Riccardo Spagni
0baf26c8d6
Merge pull request #5375
...
1569776a
Add missing include (Leon Klingele)
2019-04-06 16:04:06 +02:00
Riccardo Spagni
3759e2359f
Merge pull request #5360
...
b0c552f5
cryptonote_protocol_handler: add block/tx hashes in notify logs (moneromooo-monero)
2019-04-06 16:03:13 +02:00
Riccardo Spagni
17fefb8786
Merge pull request #5358
...
dffdccdc
No longer use deprecated RSA_generate_key in favor of RSA_generate_key_ex (Martijn Otto)
2019-04-06 16:02:31 +02:00
Riccardo Spagni
55e3980d89
Merge pull request #5353
...
1bc78cc2
tests: trezor_test fix (Dusan Klinec)
2019-04-06 16:02:16 +02:00
Riccardo Spagni
18ceac9ca5
Merge pull request #5351
...
a299dc96
rpc.gettransactions: fill as_json with partial tx in pruned mode (stoffu)
2019-04-06 16:01:44 +02:00
Riccardo Spagni
c7e536db23
Merge pull request #5350
...
050bb337
wallet2: factor the watchonly/multisig/etc fields on creation (moneromooo-monero)
2019-04-06 16:00:40 +02:00
Riccardo Spagni
38317f384c
Merge pull request #5348
...
59776a64
epee: some more minor JSON parsing speedup (moneromooo-monero)
2019-04-06 16:00:18 +02:00
Riccardo Spagni
cd8fe937ad
Merge pull request #5347
...
d45b85e1
wallet2: skip derivation precalc for blocks we know we'll skip (moneromooo-monero)
2019-04-06 15:59:56 +02:00
Riccardo Spagni
4ac78e1612
Merge pull request #5346
...
c84ea299
cryptonote_basic: some more minor speedups (moneromooo-monero)
e40eb2ad
cryptonote_basic: speedup calculate_block_hash (moneromooo-monero)
547a9708
cryptonote: block parsing + hash calculation speedup (moneromooo-monero)
11604b6d
blockchain: avoid unneeded block copy (moneromooo-monero)
8461df04
save some database calls when getting top block hash and height (moneromooo-monero)
3bbc3661
Avoid repeated (de)serialization when syncing (moneromooo-monero)
2019-04-06 15:59:43 +02:00
Riccardo Spagni
7e5651c346
Merge pull request #5345
...
678262ab
wallet_rpc_server: allow english/local language names in create_wallet (moneromooo-monero)
2019-04-06 15:59:10 +02:00
Riccardo Spagni
c61b3f0ead
Merge pull request #5344
...
5e1a3e48
lmdb: fix size_t size issues on 32 bit (moneromooo-monero)
2019-04-06 15:58:50 +02:00
Riccardo Spagni
9e72f785d6
Merge pull request #5343
...
cafa15b9
wallet2: set confirmations to 0 for pool txes in proofs (moneromooo-monero)
2019-04-06 15:58:25 +02:00
Riccardo Spagni
6f8e0a28b2
Merge pull request #5342
...
849a768f
perf_timer: move some debug levels to info for consistency (moneromooo-monero)
2019-04-06 15:57:50 +02:00
Riccardo Spagni
c96fc4bf59
Merge pull request #5341
...
0218bc49
test: hmac_keccak - fix number of chunks counting (Dusan Klinec)
2019-04-06 15:57:28 +02:00
Riccardo Spagni
e1f0e6da5c
Merge pull request #5340
...
16eda54b
wallet: use original user address if we have a short payment id (moneromooo-monero)
2019-04-06 15:56:52 +02:00
moneromooo-monero
089c7637a6
cryptonote: rework block blob size sanity check
...
Use the actual block weight limit, assuming that weight is always
greater or equal to size
2019-04-05 09:35:19 +00:00
moneromooo-monero
a2561653cb
wallet: new option to start background mining
...
The setup-background-mining option can be used to select
background mining when a wallet loads. The user will be asked
the first time the wallet is created.
2019-04-04 18:10:45 +00:00
stoffu
a299dc96f7
rpc.gettransactions: fill as_json with partial tx in pruned mode
2019-04-04 18:08:01 +09:00
Riccardo Spagni
fe3403c8f0
Merge pull request #5390
...
8bb253b0
libwallet_merged: add missing net target (selsta)
2019-04-03 19:45:18 +02:00
moneromooo-monero
7190798049
unit_tests: fix long term block weight test after cache change
2019-04-03 00:10:48 +00:00
selsta
8bb253b0db
libwallet_merged: add missing net target
2019-04-02 21:22:51 +02:00
moneromooo-monero
0be5b2ee78
simplewallet: new unset_ring command
...
Useful when debugging, though not much for users
2019-04-02 14:18:07 +00:00
Riccardo Spagni
1ef3d05c4a
Merge pull request #5387
...
d3018d0f
api/wallet: fix some wrong namespace (stoffu)
2019-04-02 09:44:07 +02:00
George
f064efae66
README: add and remove dependencies on OSX line
2019-04-01 23:57:56 -05:00
stoffu
d3018d0f0b
api/wallet: fix some wrong namespace
2019-04-02 10:11:49 +09:00
moneromooo-monero
c12b43cb5a
wallet: add number of blocks required for the balance to fully unlock
2019-04-01 19:31:19 +00:00
moneromooo-monero
3f1e9e84c0
wallet2: set confirmations to 0 for pool txes in proofs
...
It makes more sense than (uint64_t)-1, which is going to look
like very much confirmed when not checking in_pool
2019-04-01 19:31:10 +00:00
moneromooo-monero
36c037ec47
wallet_rpc_server: error out on getting the spend key from a hot wallet
2019-04-01 19:31:01 +00:00
moneromooo-monero
cd1eaff29e
wallet_rpc_server: always fill out subaddr_indices in get_transfers
...
It was not filled out for in and pool types
2019-04-01 19:30:27 +00:00
moneromooo-monero
def4016171
miner: fix race when stopping mining with start mining enabled
2019-04-01 19:28:50 +00:00
moneromooo-monero
113e487739
blockchain_stats: fix sign in formatting function
2019-04-01 19:24:47 +00:00
moneromooo-monero
adaea3ea3c
various: remove unused variables
2019-04-01 19:24:41 +00:00
moneromooo-monero
631ef00e76
blockchain: some debug info when adding txes-from-block fails
2019-04-01 19:24:35 +00:00
Riccardo Spagni
b6726aaa6c
Merge pull request #5319
...
f825055d
wallet_rpc_server: error out on getting the spend key from a hot wallet (moneromooo-monero)
67aa4adc
wallet_rpc_server: add a set_daemon RPC (moneromooo-monero)
705acbac
wallet2: init some variables to default values if loading old wallets (moneromooo-monero)
f82bc29e
wallet_rpc_server: always fill out subaddr_indices in get_transfers (moneromooo-monero)
01efdc6a
wallet_rpc_server: set confirmations to 0 for pending/pool txes (moneromooo-monero)
2019-04-01 20:56:52 +02:00
moneromooo-monero
f825055d22
wallet_rpc_server: error out on getting the spend key from a hot wallet
2019-04-01 16:03:29 +00:00
moneromooo-monero
67aa4adcfc
wallet_rpc_server: add a set_daemon RPC
2019-04-01 16:03:25 +00:00
moneromooo-monero
705acbac4d
wallet2: init some variables to default values if loading old wallets
2019-04-01 16:03:23 +00:00
moneromooo-monero
f82bc29ec2
wallet_rpc_server: always fill out subaddr_indices in get_transfers
...
It was not filled out for in and pool types
2019-04-01 16:03:20 +00:00
moneromooo-monero
01efdc6a7e
wallet_rpc_server: set confirmations to 0 for pending/pool txes
2019-04-01 16:03:17 +00:00
cslashm
83fc45a413
Add NanoX support
2019-04-01 17:40:24 +02:00
Riccardo Spagni
4308a2e173
Merge pull request #5318
...
1a91385e
block_weight: fix python 2/3 compatibility (moneromooo-monero)
2019-04-01 17:37:57 +02:00
Riccardo Spagni
0eb2c7b272
Merge pull request #5339
...
9f49722c
Fix build on FreeBSD (Nathan Dorfman)
2019-04-01 17:37:14 +02:00