Commit Graph

239 Commits

Author SHA1 Message Date
moneromooo-monero
65c4004963
allow blocking whole subnets 2019-07-16 11:35:53 +00:00
moneromooo-monero
bc09766bf9
abstract_tcp_server2: improve DoS resistance 2019-06-14 08:47:26 +00:00
luigi1111
9c0e9c40ec
Merge pull request #5618
b0a04f7 epee: fix SSL autodetect on reconnection (xiphon)
2019-06-11 18:15:48 -05:00
xiphon
b0a04f7d45 epee: fix SSL autodetect on reconnection 2019-06-10 10:40:16 +00:00
moneromooo-monero
35c20c4332
Fix GCC 9.1 build warnings
GCC wants operator= aand copy ctor to be both defined, or neither
2019-06-09 09:39:18 +00:00
Lee Clagett
3544596f9f Add ssl_options support to monerod's rpc mode. 2019-05-22 00:09:11 -04:00
moneromooo-monero
a62e072571
net_ssl: SSL config tweaks for compatibility and security
add two RSA based ciphers for Windows/depends compatibility
also enforce server cipher ordering
also set ECDH to auto because vtnerd says it is good :)

When built with the depends system, openssl does not include any
cipher on the current whitelist, so add this one, which fixes the
problem, and does seem sensible.
2019-05-07 10:01:42 +00:00
moneromooo-monero
5e0da6fb68
change SSL certificate fingerprint whitelisting from SHA1 to SHA-256
SHA1 is too close to bruteforceable
2019-04-26 11:37:15 +00:00
Riccardo Spagni
5d09e39174
Merge pull request #5482
9956500d net_helper: clear recv buffer on eof (moneromooo-monero)
2019-04-24 22:40:12 +02:00
moneromooo-monero
9956500d14
net_helper: clear recv buffer on eof 2019-04-23 13:23:17 +00:00
moneromooo-monero
edbae2d05b
levin_protocol_handler_async: tune down preallocation a fair bit
It can allocate a lot when getting a lot of connections
(in particular, the stress test on windows apparently pushes
that memory to actual use, rather than just allocated)
2019-04-22 22:35:32 +00:00
Riccardo Spagni
c8ce4217cf
Merge pull request #5445
b18f0b10 wallet: new --offline option (moneromooo-monero)
2019-04-16 22:46:53 +02:00
Riccardo Spagni
e9527f5eed
Merge pull request #5436
61d63900 net_helper: avoid unnecessary memcpy (moneromooo-monero)
2019-04-16 22:43:15 +02:00
moneromooo-monero
b18f0b1051
wallet: new --offline option
It will avoid connecting to a daemon (so useful for cold signing
using a RPC wallet), and not perform DNS queries.
2019-04-15 09:14:12 +00:00
moneromooo-monero
61d63900b9
net_helper: avoid unnecessary memcpy 2019-04-13 13:24:58 +00:00
moneromooo-monero
c3cf930f75
abstract_tcp_server2: fix timeout on exit
When closing connections due to exiting, the IO service is
already gone, so the data exchange needed for a gracious SSL
shutdown cannot happen. We just close the socket in that case.
2019-04-12 18:13:31 +00:00
moneromooo-monero
4b3bb829c2
epee: init a new ssl related variable in ctor 2019-04-11 11:10:15 +00:00
moneromooo-monero
9f8dc4ce51
simplewallet: new net_stats command
displays total sent and received bytes
2019-04-11 10:46:41 +00:00
Lee Clagett
2e578b8214 Enabling daemon-rpc SSL now requires non-system CA verification
If `--daemon-ssl enabled` is set in the wallet, then a user certificate,
fingerprint, or onion/i2p address must be provided.
2019-04-07 13:02:43 -04:00
Lee Clagett
d58f368289 Require manual override for user chain certificates.
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
2019-04-07 00:44:37 -04:00
Lee Clagett
eca0fea45a Perform RFC 2818 hostname verification in client SSL handshakes
If the verification mode is `system_ca`, clients will now do hostname
verification. Thus, only certificates from expected hostnames are
allowed when SSL is enabled. This can be overridden by forcible setting
the SSL mode to autodetect.

Clients will also send the hostname even when `system_ca` is not being
performed. This leaks possible metadata, but allows servers providing
multiple hostnames to respond with the correct certificate. One example
is cloudflare, which getmonero.org is currently using.
2019-04-07 00:44:37 -04:00
Lee Clagett
0416764cae Require server verification when SSL is enabled.
If SSL is "enabled" via command line without specifying a fingerprint or
certificate, the system CA list is checked for server verification and
_now_ fails the handshake if that check fails. This change was made to
remain consistent with standard SSL/TLS client behavior. This can still
be overridden by using the allow any certificate flag.

If the SSL behavior is autodetect, the system CA list is still checked
but a warning is logged if this fails. The stream is not rejected
because a re-connect will be attempted - its better to have an
unverified encrypted stream than an unverified + unencrypted stream.
2019-04-07 00:44:37 -04:00
Lee Clagett
21eb1b0725 Pass SSL arguments via one class and use shared_ptr instead of reference 2019-04-07 00:44:37 -04:00
Lee Clagett
a3b0284837 Change SSL certificate file list to OpenSSL builtin load_verify_location
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.

This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
Riccardo Spagni
38317f384c
Merge pull request #5348
59776a64 epee: some more minor JSON parsing speedup (moneromooo-monero)
2019-04-06 16:00:18 +02:00
Riccardo Spagni
1ed6441925
Merge pull request #5327
c23ea796 New interactive daemon command 'print_net_stats': Global traffic stats (rbrunner7)
2019-04-01 17:32:01 +02:00
moneromooo-monero
59776a64ff
epee: some more minor JSON parsing speedup 2019-03-25 14:29:29 +00:00
Lee Clagett
7acfa9f3cc Added socks proxy (tor/i2pd/kovri) support to wallet 2019-03-25 01:35:13 +00:00
rbrunner7
c23ea7962d New interactive daemon command 'print_net_stats': Global traffic stats 2019-03-24 16:58:57 +01:00
Riccardo Spagni
f5d7652f73
Merge pull request #5283
16590294 abstract_tcp_server2: fix crashy race on socket shutdown (moneromooo-monero)
2019-03-21 14:53:03 +02:00
moneromooo-monero
17769db946
epee: fix build with boost 1.70.0
get_io_service was deprecated, and got removed
2019-03-21 11:02:02 +00:00
moneromooo-monero
1659029469
abstract_tcp_server2: fix crashy race on socket shutdown 2019-03-19 16:50:00 +00:00
Riccardo Spagni
4c91eb23a0
Merge pull request #5061
1f2930ce Update 2019 copyright (binaryFate)
2019-03-17 17:49:30 +02:00
Howard Chu
b8c2e21cba
Fix startup errors with SSL cert generation
Use SSL API directly, skip boost layer
2019-03-08 15:15:24 +00:00
binaryFate
1f2930ce0b Update 2019 copyright 2019-03-05 22:05:34 +01:00
Martijn Otto
057c279cb4
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-03-05 14:16:08 +01:00
moneromooo-monero
e396146aee
default initialize rpc structures 2019-03-04 22:38:03 +00:00
Riccardo Spagni
c83e80c263
Merge pull request #5162
4d3b61a3 Use io_service::work in epee tcp server (Lee Clagett)
2019-03-04 21:33:48 +02:00
Riccardo Spagni
f18a7e39b8
Merge pull request #5160
7af4fbd4 epee: Add space after ':' in additional http response headers (Tom Smeding)
2019-03-04 21:33:24 +02:00
Riccardo Spagni
722a856d7e
Merge pull request #5096
7c3ade44 network_throttle: use circular_buffer where appropriate (moneromooo-monero)
2019-03-04 21:21:25 +02:00
Riccardo Spagni
4466f4504e
Merge pull request #5091
123fc2a2 i2p: initial support (Jethro Grassie)
2019-03-04 21:20:34 +02:00
Tom Smeding
7af4fbd4d1 epee: Add space after ':' in additional http response headers 2019-02-18 14:56:28 +01:00
Lee Clagett
4d3b61a31b Use io_service::work in epee tcp server 2019-02-10 13:40:32 -05:00
moneromooo-monero
2456945408
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-02-02 20:05:33 +00:00
moneromooo-monero
7c3ade4410
network_throttle: use circular_buffer where appropriate 2019-02-01 21:33:13 +00:00
Jethro Grassie
123fc2a25a
i2p: initial support 2019-01-30 13:37:45 -05:00
Lee Clagett
973403bc9f Adding initial support for broadcasting transactions over Tor
- Support for ".onion" in --add-exclusive-node and --add-peer
  - Add --anonymizing-proxy for outbound Tor connections
  - Add --anonymous-inbounds for inbound Tor connections
  - Support for sharing ".onion" addresses over Tor connections
  - Support for broadcasting transactions received over RPC exclusively
    over Tor (else broadcast over public IP when Tor not enabled).
2019-01-28 23:56:33 +00:00
moneromooo-monero
acfff8d0ce
rpc: fix internal daemon calls in restricted rpc getting partial data 2019-01-28 19:35:20 +00:00
moneromooo-monero
b750fb27b0
Pruning
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.

No other data is currently pruned.

There are three ways to prune a blockchain:

- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility

The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.

The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.

Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
2019-01-22 20:30:51 +00:00
Riccardo Spagni
846362842c
Merge pull request #4976
85665003 epee: better network buffer data structure (moneromooo-monero)
2019-01-16 19:04:22 +02:00