Commit graph

8295 commits

Author SHA1 Message Date
Lee Clagett
d58f368289 Require manual override for user chain certificates.
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
2019-04-07 00:44:37 -04:00
Lee Clagett
97cd1fa98d Only check top-level certificate against fingerprint list.
This allows "chain" certificates to be used with the fingerprint
whitelist option. A user can get a system-ca signature as backup while
clients explicitly whitelist the server certificate. The user specified
CA can also be combined with fingerprint whitelisting.
2019-04-07 00:44:37 -04:00
Lee Clagett
7c388fb358 Call use_certificate_chain_file instead of use_certificate_file
The former has the same behavior with single self signed certificates
while allowing the server to have separate short-term authentication
keys with long-term authorization keys.
2019-04-07 00:44:37 -04:00
Lee Clagett
eca0fea45a Perform RFC 2818 hostname verification in client SSL handshakes
If the verification mode is `system_ca`, clients will now do hostname
verification. Thus, only certificates from expected hostnames are
allowed when SSL is enabled. This can be overridden by forcible setting
the SSL mode to autodetect.

Clients will also send the hostname even when `system_ca` is not being
performed. This leaks possible metadata, but allows servers providing
multiple hostnames to respond with the correct certificate. One example
is cloudflare, which getmonero.org is currently using.
2019-04-07 00:44:37 -04:00
Lee Clagett
0416764cae Require server verification when SSL is enabled.
If SSL is "enabled" via command line without specifying a fingerprint or
certificate, the system CA list is checked for server verification and
_now_ fails the handshake if that check fails. This change was made to
remain consistent with standard SSL/TLS client behavior. This can still
be overridden by using the allow any certificate flag.

If the SSL behavior is autodetect, the system CA list is still checked
but a warning is logged if this fails. The stream is not rejected
because a re-connect will be attempted - its better to have an
unverified encrypted stream than an unverified + unencrypted stream.
2019-04-07 00:44:37 -04:00
Lee Clagett
96d602ac84 Add verify_fail_if_no_cert option for proper client authentication
Using `verify_peer` on server side requests a certificate from the
client. If no certificate is provided, the server silently accepts the
connection and rejects if the client sends an unexpected certificate.
Adding `verify_fail_if_no_cert` has no affect on client and for server
requires that the peer sends a certificate or fails the handshake. This
is the desired behavior when the user specifies a fingerprint or CA file.
2019-04-07 00:44:37 -04:00
Lee Clagett
21eb1b0725 Pass SSL arguments via one class and use shared_ptr instead of reference 2019-04-07 00:44:37 -04:00
Lee Clagett
1f5ed328aa Change default SSL to "enabled" if user specifies fingerprint/certificate
Currently if a user specifies a ca file or fingerprint to verify peer,
the default behavior is SSL autodetect which allows for mitm downgrade
attacks. It should be investigated whether a manual override should be
allowed - the configuration is likely always invalid.
2019-04-06 23:47:07 -04:00
Lee Clagett
f18a069fcc Do not require client certificate unless server has some whitelisted.
Currently a client must provide a certificate, even if the server is
configured to allow all certificates. This drops that requirement from
the client - unless the server is configured to use a CA file or
fingerprint(s) for verification - which is the standard behavior for SSL
servers.

The "system-wide" CA is not being used as a "fallback" to verify clients
before or after this patch.
2019-04-06 23:47:06 -04:00
Lee Clagett
a3b0284837 Change SSL certificate file list to OpenSSL builtin load_verify_location
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.

This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
moneromooo-monero
d34599dae1
wallet: add number of blocks required for the balance to fully unlock 2019-04-06 16:36:15 +00:00
Riccardo Spagni
5dbcceb664
Merge pull request #5364
e8cf7dcc rpc: merge the two get_info implementations (moneromooo-monero)
2019-04-06 16:09:06 +02:00
Riccardo Spagni
c34930c207
Merge pull request #5391
71907980 unit_tests: fix long term block weight test after cache change (moneromooo-monero)
2019-04-06 16:04:27 +02:00
moneromooo-monero
e8cf7dcc2b
rpc: merge the two get_info implementations 2019-04-06 14:04:24 +00:00
Riccardo Spagni
0baf26c8d6
Merge pull request #5375
1569776a Add missing include (Leon Klingele)
2019-04-06 16:04:06 +02:00
Riccardo Spagni
3759e2359f
Merge pull request #5360
b0c552f5 cryptonote_protocol_handler: add block/tx hashes in notify logs (moneromooo-monero)
2019-04-06 16:03:13 +02:00
Riccardo Spagni
17fefb8786
Merge pull request #5358
dffdccdc No longer use deprecated RSA_generate_key in favor of RSA_generate_key_ex (Martijn Otto)
2019-04-06 16:02:31 +02:00
Riccardo Spagni
55e3980d89
Merge pull request #5353
1bc78cc2 tests: trezor_test fix (Dusan Klinec)
2019-04-06 16:02:16 +02:00
Riccardo Spagni
18ceac9ca5
Merge pull request #5351
a299dc96 rpc.gettransactions: fill as_json with partial tx in pruned mode (stoffu)
2019-04-06 16:01:44 +02:00
Riccardo Spagni
c7e536db23
Merge pull request #5350
050bb337 wallet2: factor the watchonly/multisig/etc fields on creation (moneromooo-monero)
2019-04-06 16:00:40 +02:00
Riccardo Spagni
38317f384c
Merge pull request #5348
59776a64 epee: some more minor JSON parsing speedup (moneromooo-monero)
2019-04-06 16:00:18 +02:00
Riccardo Spagni
cd8fe937ad
Merge pull request #5347
d45b85e1 wallet2: skip derivation precalc for blocks we know we'll skip (moneromooo-monero)
2019-04-06 15:59:56 +02:00
Riccardo Spagni
4ac78e1612
Merge pull request #5346
c84ea299 cryptonote_basic: some more minor speedups (moneromooo-monero)
e40eb2ad cryptonote_basic: speedup calculate_block_hash (moneromooo-monero)
547a9708 cryptonote: block parsing + hash calculation speedup (moneromooo-monero)
11604b6d blockchain: avoid unneeded block copy (moneromooo-monero)
8461df04 save some database calls when getting top block hash and height (moneromooo-monero)
3bbc3661 Avoid repeated (de)serialization when syncing (moneromooo-monero)
2019-04-06 15:59:43 +02:00
Riccardo Spagni
7e5651c346
Merge pull request #5345
678262ab wallet_rpc_server: allow english/local language names in create_wallet (moneromooo-monero)
2019-04-06 15:59:10 +02:00
Riccardo Spagni
c61b3f0ead
Merge pull request #5344
5e1a3e48 lmdb: fix size_t size issues on 32 bit (moneromooo-monero)
2019-04-06 15:58:50 +02:00
Riccardo Spagni
9e72f785d6
Merge pull request #5343
cafa15b9 wallet2: set confirmations to 0 for pool txes in proofs (moneromooo-monero)
2019-04-06 15:58:25 +02:00
Riccardo Spagni
6f8e0a28b2
Merge pull request #5342
849a768f perf_timer: move some debug levels to info for consistency (moneromooo-monero)
2019-04-06 15:57:50 +02:00
Riccardo Spagni
c96fc4bf59
Merge pull request #5341
0218bc49 test: hmac_keccak - fix number of chunks counting (Dusan Klinec)
2019-04-06 15:57:28 +02:00
Riccardo Spagni
e1f0e6da5c
Merge pull request #5340
16eda54b wallet: use original user address if we have a short payment id (moneromooo-monero)
2019-04-06 15:56:52 +02:00
Dusan Klinec
827f52add0
wallet: API changes to enable passphrase entry 2019-04-05 22:17:50 +02:00
moneromooo-monero
cbf3224180
rpc: make wide_difficulty hexadecimal
This should be friendlier for clients which don't have bignum support
2019-04-05 16:30:16 +00:00
moneromooo-monero
089c7637a6
cryptonote: rework block blob size sanity check
Use the actual block weight limit, assuming that weight is always
greater or equal to size
2019-04-05 09:35:19 +00:00
moneromooo-monero
a2561653cb
wallet: new option to start background mining
The setup-background-mining option can be used to select
background mining when a wallet loads. The user will be asked
the first time the wallet is created.
2019-04-04 18:10:45 +00:00
moneromooo-monero
b40392fb02
wallet2: add --no-dns flag 2019-04-04 14:32:40 +00:00
stoffu
a2195b9b7f
crypto: replace rand<T>()%N idiom with unbiased rand_idx(N) 2019-04-04 22:38:19 +09:00
stoffu
a299dc96f7
rpc.gettransactions: fill as_json with partial tx in pruned mode 2019-04-04 18:08:01 +09:00
moneromooo-monero
15f27c80b9
wallet2: support multi out txes without change in sanity check 2019-04-03 20:58:21 +00:00
Riccardo Spagni
fe3403c8f0
Merge pull request #5390
8bb253b0 libwallet_merged: add missing net target (selsta)
2019-04-03 19:45:18 +02:00
moneromooo-monero
c5d3ea2fef
tests: add a few try/catch in main to shut coverity up 2019-04-03 16:24:09 +00:00
moneromooo-monero
7190798049
unit_tests: fix long term block weight test after cache change 2019-04-03 00:10:48 +00:00
selsta
8bb253b0db
libwallet_merged: add missing net target 2019-04-02 21:22:51 +02:00
moneromooo-monero
0be5b2ee78
simplewallet: new unset_ring command
Useful when debugging, though not much for users
2019-04-02 14:18:07 +00:00
Riccardo Spagni
1ef3d05c4a
Merge pull request #5387
d3018d0f api/wallet: fix some wrong namespace (stoffu)
2019-04-02 09:44:07 +02:00
George
f064efae66 README: add and remove dependencies on OSX line 2019-04-01 23:57:56 -05:00
stoffu
d3018d0f0b
api/wallet: fix some wrong namespace 2019-04-02 10:11:49 +09:00
moneromooo-monero
c12b43cb5a
wallet: add number of blocks required for the balance to fully unlock 2019-04-01 19:31:19 +00:00
moneromooo-monero
3f1e9e84c0
wallet2: set confirmations to 0 for pool txes in proofs
It makes more sense than (uint64_t)-1, which is going to look
like very much confirmed when not checking in_pool
2019-04-01 19:31:10 +00:00
moneromooo-monero
36c037ec47
wallet_rpc_server: error out on getting the spend key from a hot wallet 2019-04-01 19:31:01 +00:00
moneromooo-monero
cd1eaff29e
wallet_rpc_server: always fill out subaddr_indices in get_transfers
It was not filled out for in and pool types
2019-04-01 19:30:27 +00:00
moneromooo-monero
def4016171 miner: fix race when stopping mining with start mining enabled 2019-04-01 19:28:50 +00:00