trb

trb
Log | Files | Refs

commit c729bb74ce72cb3873646b431e1db676f9c69f2c
parent fe89cdb7b2e039fd3999b8ca0499f824f616edec
Author: Shinoa-Fores <btcinfo@sdf.org>
Date:   Wed, 13 Jan 2021 16:57:24 -0500

bitcoin-asciilifeform-2-https_snipsnip.vpatch

Diffstat:
Mbitcoin/src/bitcoinrpc.cpp | 115+++----------------------------------------------------------------------------
Mbitcoin/src/init.cpp | 9---------
Mbitcoin/src/makefile.linux-mingw | 2+-
Mbitcoin/src/makefile.unix | 4----
4 files changed, 4 insertions(+), 126 deletions(-)

diff --git a/bitcoin/src/bitcoinrpc.cpp b/bitcoin/src/bitcoinrpc.cpp @@ -12,12 +12,6 @@ #include <boost/iostreams/concepts.hpp> #include <boost/iostreams/stream.hpp> #include <boost/algorithm/string.hpp> -#ifdef USE_SSL -#include <boost/asio/ssl.hpp> -#include <boost/filesystem.hpp> -#include <boost/filesystem/fstream.hpp> -typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> SSLStream; -#endif #include "json/json_spirit_reader_template.h" #include "json/json_spirit_writer_template.h" #include "json/json_spirit_utils.h" @@ -2078,60 +2072,6 @@ bool ClientAllowed(const string& strAddress) return false; } -#ifdef USE_SSL -// -// IOStream device that speaks SSL but can also speak non-SSL -// -class SSLIOStreamDevice : public iostreams::device<iostreams::bidirectional> { -public: - SSLIOStreamDevice(SSLStream &streamIn, bool fUseSSLIn) : stream(streamIn) - { - fUseSSL = fUseSSLIn; - fNeedHandshake = fUseSSLIn; - } - - void handshake(ssl::stream_base::handshake_type role) - { - if (!fNeedHandshake) return; - fNeedHandshake = false; - stream.handshake(role); - } - std::streamsize read(char* s, std::streamsize n) - { - handshake(ssl::stream_base::server); // HTTPS servers read first - if (fUseSSL) return stream.read_some(asio::buffer(s, n)); - return stream.next_layer().read_some(asio::buffer(s, n)); - } - std::streamsize write(const char* s, std::streamsize n) - { - handshake(ssl::stream_base::client); // HTTPS clients write first - if (fUseSSL) return asio::write(stream, asio::buffer(s, n)); - return asio::write(stream.next_layer(), asio::buffer(s, n)); - } - bool connect(const std::string& server, const std::string& port) - { - ip::tcp::resolver resolver(stream.get_io_service()); - ip::tcp::resolver::query query(server.c_str(), port.c_str()); - ip::tcp::resolver::iterator endpoint_iterator = resolver.resolve(query); - ip::tcp::resolver::iterator end; - boost::system::error_code error = asio::error::host_not_found; - while (error && endpoint_iterator != end) - { - stream.lowest_layer().close(); - stream.lowest_layer().connect(*endpoint_iterator++, error); - } - if (error) - return false; - return true; - } - -private: - bool fNeedHandshake; - bool fUseSSL; - SSLStream& stream; -}; -#endif - void ThreadRPCServer(void* parg) { IMPLEMENT_RANDOMIZE_STACK(ThreadRPCServer(parg)); @@ -2179,7 +2119,6 @@ void ThreadRPCServer2(void* parg) return; } - bool fUseSSL = GetBoolArg("-rpcssl"); asio::ip::address bindAddress = mapArgs.count("-rpcallowip") ? asio::ip::address_v4::any() : asio::ip::address_v4::loopback(); asio::io_service io_service; @@ -2188,47 +2127,14 @@ void ThreadRPCServer2(void* parg) acceptor.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true)); -#ifdef USE_SSL - ssl::context context(io_service, ssl::context::sslv23); - if (fUseSSL) - { - context.set_options(ssl::context::no_sslv2); - filesystem::path certfile = GetArg("-rpcsslcertificatechainfile", "server.cert"); - if (!certfile.is_complete()) certfile = filesystem::path(GetDataDir()) / certfile; - if (filesystem::exists(certfile)) context.use_certificate_chain_file(certfile.string().c_str()); - else printf("ThreadRPCServer ERROR: missing server certificate file %s\n", certfile.string().c_str()); - filesystem::path pkfile = GetArg("-rpcsslprivatekeyfile", "server.pem"); - if (!pkfile.is_complete()) pkfile = filesystem::path(GetDataDir()) / pkfile; - if (filesystem::exists(pkfile)) context.use_private_key_file(pkfile.string().c_str(), ssl::context::pem); - else printf("ThreadRPCServer ERROR: missing server private key file %s\n", pkfile.string().c_str()); - - string ciphers = GetArg("-rpcsslciphers", - "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH"); - SSL_CTX_set_cipher_list(context.impl(), ciphers.c_str()); - } -#else - if (fUseSSL) - throw runtime_error("-rpcssl=1, but bitcoin compiled without full openssl libraries."); -#endif - loop { // Accept connection -#ifdef USE_SSL - SSLStream sslStream(io_service, context); - SSLIOStreamDevice d(sslStream, fUseSSL); - iostreams::stream<SSLIOStreamDevice> stream(d); -#else ip::tcp::iostream stream; -#endif ip::tcp::endpoint peer; vnThreadsRunning[4]--; -#ifdef USE_SSL - acceptor.accept(sslStream.lowest_layer(), peer); -#else acceptor.accept(*stream.rdbuf(), peer); -#endif vnThreadsRunning[4]++; if (fShutdown) return; @@ -2236,9 +2142,10 @@ void ThreadRPCServer2(void* parg) // Restrict callers by IP if (!ClientAllowed(peer.address().to_string())) { + // snipsnipsnip // Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake. - if (!fUseSSL) - stream << HTTPReply(403, "") << std::flush; + //if (!fUseSSL) + stream << HTTPReply(403, "") << std::flush; continue; } @@ -2354,25 +2261,9 @@ Object CallRPC(const string& strMethod, const Array& params) GetConfigFile().c_str())); // Connect to localhost - bool fUseSSL = GetBoolArg("-rpcssl"); -#ifdef USE_SSL - asio::io_service io_service; - ssl::context context(io_service, ssl::context::sslv23); - context.set_options(ssl::context::no_sslv2); - SSLStream sslStream(io_service, context); - SSLIOStreamDevice d(sslStream, fUseSSL); - iostreams::stream<SSLIOStreamDevice> stream(d); - if (!d.connect(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332"))) - throw runtime_error("couldn't connect to server"); -#else - if (fUseSSL) - throw runtime_error("-rpcssl=1, but bitcoin compiled without full openssl libraries."); - ip::tcp::iostream stream(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332")); if (stream.fail()) throw runtime_error("couldn't connect to server"); -#endif - // HTTP basic authentication string strUserPass64 = EncodeBase64(mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]); diff --git a/bitcoin/src/init.cpp b/bitcoin/src/init.cpp @@ -207,15 +207,6 @@ bool AppInit2(int argc, char* argv[]) " -keypool=<n> \t " + _("Set key pool size to <n> (default: 100)\n") + " -rescan \t " + _("Rescan the block chain for missing wallet transactions\n"); -#ifdef USE_SSL - strUsage += string() + - _("\nSSL options: (see the Bitcoin Wiki for SSL setup instructions)\n") + - " -rpcssl \t " + _("Use OpenSSL (https) for JSON-RPC connections\n") + - " -rpcsslcertificatechainfile=<file.cert>\t " + _("Server certificate file (default: server.cert)\n") + - " -rpcsslprivatekeyfile=<file.pem> \t " + _("Server private key (default: server.pem)\n") + - " -rpcsslciphers=<ciphers> \t " + _("Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)\n"); -#endif - strUsage += string() + " -? \t\t " + _("This help message\n"); diff --git a/bitcoin/src/makefile.linux-mingw b/bitcoin/src/makefile.linux-mingw @@ -24,7 +24,7 @@ LIBS= \ -l ssl \ -l crypto -DEFS=-D_MT -DWIN32 -D_WINDOWS -DNOPCH -DUSE_SSL -DBOOST_THREAD_USE_LIB +DEFS=-D_MT -DWIN32 -D_WINDOWS -DNOPCH -DBOOST_THREAD_USE_LIB DEBUGFLAGS=-g CFLAGS=-O2 -w -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS) $(INCLUDEPATHS) HEADERS = \ diff --git a/bitcoin/src/makefile.unix b/bitcoin/src/makefile.unix @@ -29,10 +29,6 @@ LIBS += \ -l ssl \ -l crypto -ifneq (${USE_SSL}, 0) - DEFS += -DUSE_SSL -endif - LIBS+= \ -Wl,-B$(LMODE2) \ -l z \