commit c729bb74ce72cb3873646b431e1db676f9c69f2c
parent fe89cdb7b2e039fd3999b8ca0499f824f616edec
Author: Shinoa-Fores <btcinfo@sdf.org>
Date: Wed, 13 Jan 2021 16:57:24 -0500
bitcoin-asciilifeform-2-https_snipsnip.vpatch
Diffstat:
4 files changed, 4 insertions(+), 126 deletions(-)
diff --git a/bitcoin/src/bitcoinrpc.cpp b/bitcoin/src/bitcoinrpc.cpp
@@ -12,12 +12,6 @@
#include <boost/iostreams/concepts.hpp>
#include <boost/iostreams/stream.hpp>
#include <boost/algorithm/string.hpp>
-#ifdef USE_SSL
-#include <boost/asio/ssl.hpp>
-#include <boost/filesystem.hpp>
-#include <boost/filesystem/fstream.hpp>
-typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> SSLStream;
-#endif
#include "json/json_spirit_reader_template.h"
#include "json/json_spirit_writer_template.h"
#include "json/json_spirit_utils.h"
@@ -2078,60 +2072,6 @@ bool ClientAllowed(const string& strAddress)
return false;
}
-#ifdef USE_SSL
-//
-// IOStream device that speaks SSL but can also speak non-SSL
-//
-class SSLIOStreamDevice : public iostreams::device<iostreams::bidirectional> {
-public:
- SSLIOStreamDevice(SSLStream &streamIn, bool fUseSSLIn) : stream(streamIn)
- {
- fUseSSL = fUseSSLIn;
- fNeedHandshake = fUseSSLIn;
- }
-
- void handshake(ssl::stream_base::handshake_type role)
- {
- if (!fNeedHandshake) return;
- fNeedHandshake = false;
- stream.handshake(role);
- }
- std::streamsize read(char* s, std::streamsize n)
- {
- handshake(ssl::stream_base::server); // HTTPS servers read first
- if (fUseSSL) return stream.read_some(asio::buffer(s, n));
- return stream.next_layer().read_some(asio::buffer(s, n));
- }
- std::streamsize write(const char* s, std::streamsize n)
- {
- handshake(ssl::stream_base::client); // HTTPS clients write first
- if (fUseSSL) return asio::write(stream, asio::buffer(s, n));
- return asio::write(stream.next_layer(), asio::buffer(s, n));
- }
- bool connect(const std::string& server, const std::string& port)
- {
- ip::tcp::resolver resolver(stream.get_io_service());
- ip::tcp::resolver::query query(server.c_str(), port.c_str());
- ip::tcp::resolver::iterator endpoint_iterator = resolver.resolve(query);
- ip::tcp::resolver::iterator end;
- boost::system::error_code error = asio::error::host_not_found;
- while (error && endpoint_iterator != end)
- {
- stream.lowest_layer().close();
- stream.lowest_layer().connect(*endpoint_iterator++, error);
- }
- if (error)
- return false;
- return true;
- }
-
-private:
- bool fNeedHandshake;
- bool fUseSSL;
- SSLStream& stream;
-};
-#endif
-
void ThreadRPCServer(void* parg)
{
IMPLEMENT_RANDOMIZE_STACK(ThreadRPCServer(parg));
@@ -2179,7 +2119,6 @@ void ThreadRPCServer2(void* parg)
return;
}
- bool fUseSSL = GetBoolArg("-rpcssl");
asio::ip::address bindAddress = mapArgs.count("-rpcallowip") ? asio::ip::address_v4::any() : asio::ip::address_v4::loopback();
asio::io_service io_service;
@@ -2188,47 +2127,14 @@ void ThreadRPCServer2(void* parg)
acceptor.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
-#ifdef USE_SSL
- ssl::context context(io_service, ssl::context::sslv23);
- if (fUseSSL)
- {
- context.set_options(ssl::context::no_sslv2);
- filesystem::path certfile = GetArg("-rpcsslcertificatechainfile", "server.cert");
- if (!certfile.is_complete()) certfile = filesystem::path(GetDataDir()) / certfile;
- if (filesystem::exists(certfile)) context.use_certificate_chain_file(certfile.string().c_str());
- else printf("ThreadRPCServer ERROR: missing server certificate file %s\n", certfile.string().c_str());
- filesystem::path pkfile = GetArg("-rpcsslprivatekeyfile", "server.pem");
- if (!pkfile.is_complete()) pkfile = filesystem::path(GetDataDir()) / pkfile;
- if (filesystem::exists(pkfile)) context.use_private_key_file(pkfile.string().c_str(), ssl::context::pem);
- else printf("ThreadRPCServer ERROR: missing server private key file %s\n", pkfile.string().c_str());
-
- string ciphers = GetArg("-rpcsslciphers",
- "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH");
- SSL_CTX_set_cipher_list(context.impl(), ciphers.c_str());
- }
-#else
- if (fUseSSL)
- throw runtime_error("-rpcssl=1, but bitcoin compiled without full openssl libraries.");
-#endif
-
loop
{
// Accept connection
-#ifdef USE_SSL
- SSLStream sslStream(io_service, context);
- SSLIOStreamDevice d(sslStream, fUseSSL);
- iostreams::stream<SSLIOStreamDevice> stream(d);
-#else
ip::tcp::iostream stream;
-#endif
ip::tcp::endpoint peer;
vnThreadsRunning[4]--;
-#ifdef USE_SSL
- acceptor.accept(sslStream.lowest_layer(), peer);
-#else
acceptor.accept(*stream.rdbuf(), peer);
-#endif
vnThreadsRunning[4]++;
if (fShutdown)
return;
@@ -2236,9 +2142,10 @@ void ThreadRPCServer2(void* parg)
// Restrict callers by IP
if (!ClientAllowed(peer.address().to_string()))
{
+ // snipsnipsnip
// Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake.
- if (!fUseSSL)
- stream << HTTPReply(403, "") << std::flush;
+ //if (!fUseSSL)
+ stream << HTTPReply(403, "") << std::flush;
continue;
}
@@ -2354,25 +2261,9 @@ Object CallRPC(const string& strMethod, const Array& params)
GetConfigFile().c_str()));
// Connect to localhost
- bool fUseSSL = GetBoolArg("-rpcssl");
-#ifdef USE_SSL
- asio::io_service io_service;
- ssl::context context(io_service, ssl::context::sslv23);
- context.set_options(ssl::context::no_sslv2);
- SSLStream sslStream(io_service, context);
- SSLIOStreamDevice d(sslStream, fUseSSL);
- iostreams::stream<SSLIOStreamDevice> stream(d);
- if (!d.connect(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332")))
- throw runtime_error("couldn't connect to server");
-#else
- if (fUseSSL)
- throw runtime_error("-rpcssl=1, but bitcoin compiled without full openssl libraries.");
-
ip::tcp::iostream stream(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332"));
if (stream.fail())
throw runtime_error("couldn't connect to server");
-#endif
-
// HTTP basic authentication
string strUserPass64 = EncodeBase64(mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]);
diff --git a/bitcoin/src/init.cpp b/bitcoin/src/init.cpp
@@ -207,15 +207,6 @@ bool AppInit2(int argc, char* argv[])
" -keypool=<n> \t " + _("Set key pool size to <n> (default: 100)\n") +
" -rescan \t " + _("Rescan the block chain for missing wallet transactions\n");
-#ifdef USE_SSL
- strUsage += string() +
- _("\nSSL options: (see the Bitcoin Wiki for SSL setup instructions)\n") +
- " -rpcssl \t " + _("Use OpenSSL (https) for JSON-RPC connections\n") +
- " -rpcsslcertificatechainfile=<file.cert>\t " + _("Server certificate file (default: server.cert)\n") +
- " -rpcsslprivatekeyfile=<file.pem> \t " + _("Server private key (default: server.pem)\n") +
- " -rpcsslciphers=<ciphers> \t " + _("Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)\n");
-#endif
-
strUsage += string() +
" -? \t\t " + _("This help message\n");
diff --git a/bitcoin/src/makefile.linux-mingw b/bitcoin/src/makefile.linux-mingw
@@ -24,7 +24,7 @@ LIBS= \
-l ssl \
-l crypto
-DEFS=-D_MT -DWIN32 -D_WINDOWS -DNOPCH -DUSE_SSL -DBOOST_THREAD_USE_LIB
+DEFS=-D_MT -DWIN32 -D_WINDOWS -DNOPCH -DBOOST_THREAD_USE_LIB
DEBUGFLAGS=-g
CFLAGS=-O2 -w -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS) $(INCLUDEPATHS)
HEADERS = \
diff --git a/bitcoin/src/makefile.unix b/bitcoin/src/makefile.unix
@@ -29,10 +29,6 @@ LIBS += \
-l ssl \
-l crypto
-ifneq (${USE_SSL}, 0)
- DEFS += -DUSE_SSL
-endif
-
LIBS+= \
-Wl,-B$(LMODE2) \
-l z \
