Commit Graph

25 Commits

Author SHA1 Message Date
binaryFate
1f2930ce0b Update 2019 copyright 2019-03-05 22:05:34 +01:00
moneromooo-monero
2456945408
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-02-02 20:05:33 +00:00
moneromooo-monero
85665003a7
epee: better network buffer data structure
avoids pointless allocs and memcpy
2018-12-23 16:46:07 +00:00
Riccardo Spagni
b4ec67b2f7
Merge pull request #4443
b2972927 osx compilation fix: missing boost libs added (Dusan Klinec)
2018-09-29 22:20:09 +02:00
moneromooo-monero
70271fa788
common: add a class to safely wrap mlock/munlock
This class will allow mlocking small objects, of which there
may be several per page. It adds refcounting so pages are only
munlocked when the last object on that page munlocks.
2018-08-16 11:57:46 +00:00
xmr-eric
18216f19dd Update 2018 copyright 2018-01-26 10:03:20 -05:00
Jethro Grassie
be1826c0fb
Keep readline optional 2018-01-11 13:51:13 -05:00
moneromooo-monero
fdd4c5e577
move memwipe to epee to avoid common<->crypto circular dependencies 2018-01-10 01:57:54 +00:00
moneromooo-monero
40ab12a773
epee: remove dependency on common 2018-01-10 01:57:51 +00:00
moneromooo-monero
bb89ae8b20
move connection_basic and network_throttle from src/p2p to epee
These even had the epee namespace.
This fixes some ugly circular dependencies.
2017-12-16 23:28:43 +00:00
moneromooo-monero
3dffe71b72
new wipeable_string class to replace std::string passphrases 2017-11-27 22:25:57 +00:00
moneromooo-monero
178014c995
split off readline code into epee_readline 2017-11-14 17:06:35 +00:00
redfish
4b228dd356 cmake: epee: use var from FindOpenSSL.cmake
This fixes linking when path to openssl
is defined manually:
cmake -DOPENSSL_ROOT_DIR='/usr/include/openssl-1.0;/usr/lib/openssl-1.0' ...

This is useful for building with OpenSSL v1.0
when default system installation is v1.1.

The linking error is undefined SSL_load_error_strings symbol.
This is due to -L /usr/lib/openssl-1.0 not making it onto
the linkline (so -lssl pulls in the default system openssl).
2017-10-17 16:13:07 -04:00
moneromooo-monero
52ec0e7f4e
epee: link against ssl/crypto for the new SSL code 2017-10-15 19:11:34 +01:00
Lee Clagett
8b00687735 Upgrades to epee::net_utils::network_address
- internal nullptr checks
  - prevent modifications to network_address (shallow copy issues)
  - automagically works with any type containing interface functions
  - removed fnv1a hashing
  - ipv4_network_address now flattened with no base class
2017-10-05 11:57:09 -04:00
jethro
e1f3dfccc8 Add readline support to cli
This PR adds readline support to the daemon and monero-wallet-cli. Only
GNU readline is supported (e.g. not libedit) and there are cmake checks
to ensure this.

There is a cmake variable, Readline_ROOT_DIR that can specify a
directory to find readline, otherwise some default paths are searched.

There is also a cmake option, USE_READLINE, that defaults to ON. If set
to ON, if readline is not found, the build continues but without
readline support.

One negative side effect of using readline is that the color prompt in
the wallet-cli now has no color and just uses terminal default. I know
how to fix this but it's quite a big change so will tackle another time.
2017-06-18 10:08:37 -04:00
Howard Chu
fa489a26ef
Fix PR#2039
Missed a crypto -> cncrypto rename
2017-05-31 15:34:31 +01:00
Lee Clagett
4a8f96f95d Improvements for epee binary to hex functions:
- Performance improvements
  - Added `span` for zero-copy pointer+length arguments
  - Added `std::ostream` overload for direct writing to output buffers
  - Removal of unused `string_tools::buff_to_hex`
2017-04-11 16:35:00 -04:00
moneromooo-monero
a8ac4f0a70
update easylogging++ to latest upstream 2017-04-10 21:05:02 +01:00
Lee Clagett
50cd179a60 Removed boost/asio.hpp include from epee/string_tools.h 2017-03-18 22:05:14 -04:00
Riccardo Spagni
c3599fa7b9
update copyright year, fix occasional lack of newline at line end 2017-02-21 19:38:18 +02:00
kenshi84
8027ce0c75 extract some basic code from libcryptonote_core into libcryptonote_basic 2017-02-08 22:45:15 +09:00
Jaquee
aa9561909a
GUI: Add install target for epee 2017-01-30 23:29:05 +01:00
moneromooo-monero
5833d66f65
Change logging to easylogging++
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.

To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:

This one is (mostly) silent, only outputting fatal errors:

MONERO_LOGS=*:FATAL

This one is very verbose:

MONERO_LOGS=*:TRACE

This one is totally silent (logwise):

MONERO_LOGS=""

This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):

MONERO_LOGS=*:WARNING,verify:FATAL

Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE

Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:

MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE

Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.

Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.

The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
2017-01-16 00:25:46 +00:00
Lee Clagett
bdc3d7496f Adding HTTP Digest Auth (but not yet enabled) 2016-12-13 00:19:54 -05:00