Commit graph

601 commits

Author SHA1 Message Date
Dusan Klinec
bb8eab24da
epee: certificate generation fix, pkey deleted
- pkey gets deleted by the pkey_deleter but the caller tries to serialize it which causes errors as the memory is freed
2019-03-10 20:09:51 +01:00
Howard Chu
b8c2e21cba
Fix startup errors with SSL cert generation
Use SSL API directly, skip boost layer
2019-03-08 15:15:24 +00:00
Martijn Otto
057c279cb4
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-03-05 14:16:08 +01:00
TheCharlatan
5057eb1199
cmake: ARCH_ID fixes for cross compilation 2019-03-05 10:24:14 +00:00
moneromooo-monero
e396146aee
default initialize rpc structures 2019-03-04 22:38:03 +00:00
Riccardo Spagni
c83e80c263
Merge pull request #5162
4d3b61a3 Use io_service::work in epee tcp server (Lee Clagett)
2019-03-04 21:33:48 +02:00
Riccardo Spagni
f18a7e39b8
Merge pull request #5160
7af4fbd4 epee: Add space after ':' in additional http response headers (Tom Smeding)
2019-03-04 21:33:24 +02:00
Riccardo Spagni
5260111631
Merge pull request #5146
4a9257b4 Support docker for gitian builds (TheCharlatan)
2019-03-04 21:32:30 +02:00
Riccardo Spagni
d70de1150a
Merge pull request #5136
7da7a9bb Update openssl to 1.0.2q in depends build system (who-biz)
2019-03-04 21:29:28 +02:00
Riccardo Spagni
933c701c6e
Merge pull request #5133
f0fc4064 Various speedups to depends and Travis (TheCharlatan)
2019-03-04 21:28:56 +02:00
Riccardo Spagni
4a390d43f8
Merge pull request #5113
c0e9e805 Fixed missing return value in once_a_time class on windows (Markus Behm)
2019-03-04 21:25:44 +02:00
Riccardo Spagni
a28237c9ca
Merge pull request #5102
1eef0565 performance_tests: better stats, and keep track of timing history (moneromooo-monero)
2019-03-04 21:22:51 +02:00
Riccardo Spagni
722a856d7e
Merge pull request #5096
7c3ade44 network_throttle: use circular_buffer where appropriate (moneromooo-monero)
2019-03-04 21:21:25 +02:00
Riccardo Spagni
4466f4504e
Merge pull request #5091
123fc2a2 i2p: initial support (Jethro Grassie)
2019-03-04 21:20:34 +02:00
TheCharlatan
f0fc4064a0
Various speedups to depends and Travis
Further speedups to icu compilation, it is faster to run the
pre-generated configure scripts.

Ensure that the native protobuf installation only generates the required
libraries and binaries.

Disable qt compilation when running travis on windows. Qt is used for
lrelease, the travis recipe instead usese the a local installation of
lrelease.

Remove various packages and options from the travis recipe.

Update Readline to version 8.0. The previously used url 404'd sometimes,
use the official gnu ftp server instead.

Remove unused cmake config.
2019-02-23 15:34:59 +01:00
Tom Smeding
7af4fbd4d1 epee: Add space after ':' in additional http response headers 2019-02-18 14:56:28 +01:00
TheCharlatan
4a9257b464
Support docker for gitian builds
Building with docker is arguably easier and more familiar to most people
than either kvm, or lxc.

This commit also relaxes the back compat requirement a bit. 32 bit linux
now uses glibc version 2.0. Also, the docker shell could not handle gcc arguments
containing spaces, so the explicit '-DFELT_TYPE' declaration was dropped.

Lastly, this removes some packages from the osx descriptor.
2019-02-14 23:14:34 +01:00
Lee Clagett
4d3b61a31b Use io_service::work in epee tcp server 2019-02-10 13:40:32 -05:00
who-biz
7da7a9bbcc Update openssl to 1.0.2q in depends build system 2019-02-10 08:14:33 -05:00
Markus Behm
c0e9e80581 Fixed missing return value in once_a_time class on windows 2019-02-09 15:24:34 -05:00
moneromooo-monero
2456945408
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-02-02 20:05:33 +00:00
moneromooo-monero
7c3ade4410
network_throttle: use circular_buffer where appropriate 2019-02-01 21:33:13 +00:00
Jethro Grassie
123fc2a25a
i2p: initial support 2019-01-30 13:37:45 -05:00
Lee Clagett
973403bc9f Adding initial support for broadcasting transactions over Tor
- Support for ".onion" in --add-exclusive-node and --add-peer
  - Add --anonymizing-proxy for outbound Tor connections
  - Add --anonymous-inbounds for inbound Tor connections
  - Support for sharing ".onion" addresses over Tor connections
  - Support for broadcasting transactions received over RPC exclusively
    over Tor (else broadcast over public IP when Tor not enabled).
2019-01-28 23:56:33 +00:00
Riccardo Spagni
1e5cd3b35a
Merge pull request #5062
acfff8d0 rpc: fix internal daemon calls in restricted rpc getting partial data (moneromooo-monero)
2019-01-28 21:40:11 +02:00
moneromooo-monero
acfff8d0ce
rpc: fix internal daemon calls in restricted rpc getting partial data 2019-01-28 19:35:20 +00:00
Riccardo Spagni
d214992a7f
Merge pull request #5073
45ea19fa bump sodium to 1.0.16 (italocoin)
2019-01-28 21:33:11 +02:00
Riccardo Spagni
fbecfc3c8f
Merge pull request #5065
ca86ef1b readline: don't dereference possible NULL pointer (Jethro Grassie)
2019-01-28 21:31:20 +02:00
moneromooo-monero
1eef056588
performance_tests: better stats, and keep track of timing history 2019-01-28 15:45:37 +00:00
moneromooo-monero
b750fb27b0
Pruning
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.

No other data is currently pruned.

There are three ways to prune a blockchain:

- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility

The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.

The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.

Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
2019-01-22 20:30:51 +00:00
Jethro Grassie
ca86ef1beb
readline: don't dereference possible NULL pointer 2019-01-21 01:57:14 -05:00
Riccardo Spagni
b65106ce93
Merge pull request #5017
21777daf epee: speedup word/number matching (moneromooo-monero)
2019-01-18 09:24:41 +02:00
TheCharlatan
b4433abc64
Optimize the depends builds for faster compilation
This includes more fine grained configure options and skipping the
openssl and zlib dependencies when compiling qt. The zlib and libevent
packages are removed.
2019-01-17 13:23:24 +01:00
moneromooo-monero
21777daf6e
epee: speedup word/number matching
Number matching semantics are slightly changed: since this is used
as a filter to check whether a number is signed and/or floating
point, we can speed this up further. strto* functions are called
afterwards and will error out where necessary. We now also accept
numbers like .4 which were not accepted before.

The strto* calls on a boost::string_ref will not access unallocated
memory since the parsers always stop at the first bad character,
and the original string is zero terminated.

in arbitrary time measurement units for some arbitrary test case:

match_number2: 235 -> 70
match_word2: 330 -> 108
2019-01-16 19:59:40 +00:00
Riccardo Spagni
246b28e47a
Merge pull request #5022
37a9bcf4 Remove visibility settings from boost.mk (TheCharlatan)
2019-01-16 21:37:52 +02:00
Riccardo Spagni
a093a7569e
Merge pull request #5021
b82efa32 epee: speed up json parsing (moneromooo-monero)
2019-01-16 21:37:29 +02:00
Riccardo Spagni
3e9bb9626a
Merge pull request #5001
a5ffc2d5 Remove boost::lexical_cast for uuid and unused uuid function (Lee Clagett)
2019-01-16 19:27:13 +02:00
Riccardo Spagni
846362842c
Merge pull request #4976
85665003 epee: better network buffer data structure (moneromooo-monero)
2019-01-16 19:04:22 +02:00
italocoin
45ea19fafb bump sodium to 1.0.16 2019-01-15 07:35:45 -05:00
Riccardo Spagni
e723eb960d
Merge pull request #4951
b21a60ef mlocker: set default log category (moneromooo-monero)
2019-01-06 20:38:33 +02:00
Riccardo Spagni
3ce7977389
Merge pull request #4950
68f045de easylogging++: check allowed categories before logging (moneromooo-monero)
2019-01-06 20:38:10 +02:00
Riccardo Spagni
13b006137c
Merge pull request #4949
5464725a protocol: change standby mode to not wait sleeping (moneromooo-monero)
85807dfb add a once_a_time_milliseconds class (moneromooo-monero)
2019-01-06 20:37:51 +02:00
Riccardo Spagni
ad1eb3338c
Merge pull request #4938
a13eb0a1 epee: speed up string matching a bit (moneromooo-monero)
3a3858dc epee: avoid string allocation when parsing a pod from string (moneromooo-monero)
2019-01-06 20:36:46 +02:00
luigi1111
53760ee044
Merge pull request #4957
0e2f5cb perf_timer: make all logs Info level (moneromooo-monero)
2018-12-31 16:30:47 -06:00
luigi1111
9c2d671397
Merge pull request #4945
e37154a build: protobuf dependency fixes, libusb build (ph4r05)
2018-12-31 15:53:59 -06:00
luigi1111
d8c03191ca
Merge pull request #4933
3cf85f0 Changed RECIEVED to RECEIVED in log messages. (normoes)
2018-12-31 15:33:18 -06:00
luigi1111
3adac4ee2b
Merge pull request #4929
5a76933 Add glibc back compat code (TheCharlatan)
2018-12-31 15:31:01 -06:00
luigi1111
c93c638199
Merge pull request #4864
707c2f8 Remove -Werror (moneromooo-monero)
2018-12-31 15:13:59 -06:00
TheCharlatan
37a9bcf483 Remove visibility settings from boost.mk
Clang gave a visibility error when compiling boost with visibility
hidden.
2018-12-27 23:30:22 +01:00
moneromooo-monero
b82efa32e7
epee: speed up json parsing 2018-12-27 14:28:30 +00:00