Commits on Feb 2, 2019

1. epee: add SSL support …

   RPC connections now have optional tranparent SSL.
   
   An optional private key and certificate file can be passed,
   using the --{rpc,daemon}-ssl-private-key and
   --{rpc,daemon}-ssl-certificate options. Those have as
   argument a path to a PEM format private private key and
   certificate, respectively.
   If not given, a temporary self signed certificate will be used.
   
   SSL can be enabled or disabled using --{rpc}-ssl, which
   accepts autodetect (default), disabled or enabled.
   
   Access can be restricted to particular certificates using the
   --rpc-ssl-allowed-certificates, which takes a list of
   paths to PEM encoded certificates. This can allow a wallet to
   connect to only the daemon they think they're connected to,
   by forcing SSL and listing the paths to the known good
   certificates.
   
   To generate long term certificates:
   
   openssl genrsa -out /tmp/KEY 4096
   openssl req -new -key /tmp/KEY -out /tmp/REQ
   openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
   
   /tmp/KEY is the private key, and /tmp/CERT is the certificate,
   both in PEM format. /tmp/REQ can be removed. Adjust the last
   command to set expiration date, etc, as needed. It doesn't
   make a whole lot of sense for monero anyway, since most servers
   will run with one time temporary self signed certificates anyway.
   
   SSL support is transparent, so all communication is done on the
   existing ports, with SSL autodetection. This means you can start
   using an SSL daemon now, but you should not enforce SSL yet or
   nothing will talk to you.

   

   moneromooo-monero committed Feb 2, 2019
   Configuration menu

   • View commit details
   • Copy full SHA for 2456945
   • Browse repository at this point

   Copy the full SHA

   2456945 View commit details

   Browse the repository at this point in the history