Commit Graph

319 Commits

Author SHA1 Message Date
Lee Clagett
21eb1b0725 Pass SSL arguments via one class and use shared_ptr instead of reference 2019-04-07 00:44:37 -04:00
Lee Clagett
1f5ed328aa Change default SSL to "enabled" if user specifies fingerprint/certificate
Currently if a user specifies a ca file or fingerprint to verify peer,
the default behavior is SSL autodetect which allows for mitm downgrade
attacks. It should be investigated whether a manual override should be
allowed - the configuration is likely always invalid.
2019-04-06 23:47:07 -04:00
Lee Clagett
a3b0284837 Change SSL certificate file list to OpenSSL builtin load_verify_location
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.

This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
Riccardo Spagni
7e5651c346
Merge pull request #5345
678262ab wallet_rpc_server: allow english/local language names in create_wallet (moneromooo-monero)
2019-04-06 15:59:10 +02:00
Riccardo Spagni
e1f0e6da5c
Merge pull request #5340
16eda54b wallet: use original user address if we have a short payment id (moneromooo-monero)
2019-04-06 15:56:52 +02:00
moneromooo-monero
f825055d22
wallet_rpc_server: error out on getting the spend key from a hot wallet 2019-04-01 16:03:29 +00:00
moneromooo-monero
67aa4adcfc
wallet_rpc_server: add a set_daemon RPC 2019-04-01 16:03:25 +00:00
moneromooo-monero
f82bc29ec2
wallet_rpc_server: always fill out subaddr_indices in get_transfers
It was not filled out for in and pool types
2019-04-01 16:03:20 +00:00
moneromooo-monero
01efdc6a7e
wallet_rpc_server: set confirmations to 0 for pending/pool txes 2019-04-01 16:03:17 +00:00
Riccardo Spagni
3b1fa543ca
Merge pull request #5329
023f2c77 wallet_rpc_server: remove mixin from transfer RPCs (moneromooo-monero)
2019-04-01 17:32:20 +02:00
Riccardo Spagni
94880540e7
Merge pull request #5302
23fb056a wallet_rpc_server: new auto_refresh RPC (moneromooo-monero)
2019-04-01 17:25:53 +02:00
Riccardo Spagni
b09f1bdb8f
Merge pull request #5299
4ee15655 wallet_rpc_server: fix buffer read overflow in string assignment (moneromooo-monero)
2019-04-01 17:24:33 +02:00
Riccardo Spagni
f13d38350a
Merge pull request #5297
a8b98a0b wallet: fix memory only wallets (moneromooo-monero)
2019-04-01 17:23:37 +02:00
moneromooo-monero
678262ab65
wallet_rpc_server: allow english/local language names in create_wallet
and return both in get_languages
2019-03-25 12:52:43 +00:00
moneromooo-monero
a8b98a0bd7
wallet: fix memory only wallets
at least when using restore_deterministic_wallet
2019-03-25 12:49:25 +00:00
Riccardo Spagni
4176a399de
Merge pull request #5282
f962449d wallet_rpc_server: include out subaddress indices in get_transfers (moneromooo-monero)
2019-03-24 19:37:07 +02:00
moneromooo-monero
16eda54b38
wallet: use original user address if we have a short payment id 2019-03-24 08:58:59 +00:00
moneromooo-monero
023f2c7747
wallet_rpc_server: remove mixin from transfer RPCs
it's been a while, only use ring_size now
2019-03-21 14:47:39 +00:00
Riccardo Spagni
695d51a481
Merge pull request #5203
8b514645 add multisig tx sets to describe_transfer rpc endpoint (spoke0)
2019-03-19 10:59:42 +02:00
Riccardo Spagni
6d5849d9bb
Merge pull request #5165
36451697 Simplify RPC endpoint, emoving second RPC endpoint generate_from_view_key (Joel)
c17c8188 Remove code duplication (Joel)
acb14c10 Add generate_from_view_key RPC method (Joel)
7dd7a3b7 Add generate_from_keys RPC method (Joel)
2019-03-17 17:51:24 +02:00
Riccardo Spagni
4c91eb23a0
Merge pull request #5061
1f2930ce Update 2019 copyright (binaryFate)
2019-03-17 17:49:30 +02:00
moneromooo-monero
23fb056a72
wallet_rpc_server: new auto_refresh RPC
It can enable/disable auto refresh, and set auto refresh period
2019-03-17 10:33:51 +00:00
moneromooo-monero
4ee156556d
wallet_rpc_server: fix buffer read overflow in string assignment 2019-03-15 19:36:13 +00:00
moneromooo-monero
f962449d46
wallet_rpc_server: include out subaddress indices in get_transfers 2019-03-13 14:14:15 +00:00
moneromooo-monero
aac4e2f585
wallet_rpc_server: add missing --rpc-ssl-allowed-fingerprints 2019-03-13 12:59:44 +00:00
binaryFate
1f2930ce0b Update 2019 copyright 2019-03-05 22:05:34 +01:00
Riccardo Spagni
5bbbe3902b
Merge pull request #4852
057c279c epee: add SSL support (Martijn Otto)
2019-03-05 16:21:30 +02:00
spoke0
8b51464516 add multisig tx sets to describe_transfer rpc endpoint 2019-03-05 14:42:43 +01:00
Martijn Otto
057c279cb4
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-03-05 14:16:08 +01:00
moneromooo-monero
c4851024ce
wallet_rpc_server: avoid repeated string allocations when parsing 2019-03-05 11:58:22 +00:00
moneromooo-monero
ef93b0995c
various: remove unused variables 2019-03-04 22:24:49 +00:00
Riccardo Spagni
2f7108f9d7
Merge pull request #5156
3d2772a0 wallet-rpc: get balance for all accounts and subaddresses (stoffu)
2019-03-04 21:33:07 +02:00
Riccardo Spagni
6984a4d69c
Merge pull request #5154
8a1ff079 wallet-rpc: get transfers for all accounts and subaddresses (Jethro Grassie)
2019-03-04 21:32:42 +02:00
Riccardo Spagni
27db0e3bb9
Merge pull request #5141
5c81a9f1 wallet_rpc_server: add a validate_address RPC (moneromooo-monero)
2019-03-04 21:30:45 +02:00
Riccardo Spagni
46fd181cca
Merge pull request #4054
24569454 epee: add SSL support (moneromooo-monero)
2019-03-04 21:17:21 +02:00
Joel
364516975a Simplify RPC endpoint, emoving second RPC endpoint generate_from_view_key 2019-03-02 23:14:35 +01:00
Joel
c17c81881b Remove code duplication 2019-02-21 15:49:32 +01:00
stoffu
3d2772a0d6
wallet-rpc: get balance for all accounts and subaddresses 2019-02-20 14:23:36 +09:00
Joel
acb14c1079 Add generate_from_view_key RPC method 2019-02-19 14:30:35 +01:00
Joel
7dd7a3b791 Add generate_from_keys RPC method 2019-02-19 14:13:01 +01:00
Jethro Grassie
8a1ff079ea
wallet-rpc: get transfers for all accounts and subaddresses 2019-02-17 22:21:45 -05:00
moneromooo-monero
5c81a9f1a1
wallet_rpc_server: add a validate_address RPC 2019-02-14 21:01:11 +00:00
moneromooo-monero
2456945408
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-02-02 20:05:33 +00:00
moneromooo-monero
45b7df703b
wallet_rpc_server: remove detached short payment ids support 2019-02-02 18:53:14 +00:00
moneromooo-monero
acfff8d0ce
rpc: fix internal daemon calls in restricted rpc getting partial data 2019-01-28 19:35:20 +00:00
moneromooo-monero
b7441c4a32
core, wallet: remember original text version of destination address 2019-01-18 16:58:47 +00:00
moneromooo-monero
d7354c7864
wallet_rpc_server: add all field to export_key_images
To use if you want all key images, not just the ones for
recently imported outputs
2018-12-24 13:00:29 +00:00
moneromooo-monero
aee7a4e364
wallet_rpc_server: do not use RPC data if the call failed
Found by codacy.com
2018-11-23 15:38:00 +00:00
Riccardo Spagni
056abf980e
Merge pull request #4801
7ae36e91 wallet_rpc_server: account for watch-only/non-deterministic/multisig when querying seed (stoffu)
2018-11-16 11:13:09 +02:00
Riccardo Spagni
4561119846
Merge pull request #4784
1c04c21d wallet_rpc_server: include additional tx keys in sign_transfer response (stoffu)
2018-11-16 11:05:31 +02:00