TheCharlatan
5157060077
Add debug targets to depends Makefile
...
Packages can now be built individually and for each stage. This allows
easier debugging.
2019-06-25 19:16:59 +02:00
moneromooo-monero
434e617a1d
ensure no NULL is passed to memcpy
...
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
2019-06-14 08:48:25 +00:00
moneromooo-monero
279f1f2c26
abstract_tcp_server2: improve DoS resistance
2019-06-14 08:48:22 +00:00
moneromooo-monero
b873b69ded
epee: basic sanity check on allocation size from untrusted source
...
Reported by guidov
2019-06-14 08:47:58 +00:00
luigi1111
3395de2e7f
Merge pull request #5633
...
cfa88ac
Don't use -march=native (hyc)
e85bf46
Allow parallel make (hyc)
0ef8391
Delete redundant cppzmq dependency (hyc)
86591eb
Use 9 digit build IDs (hyc)
2019-06-12 14:50:01 -05:00
luigi1111
9f2882dbb7
Merge pull request #5631
...
c27d961
[depends] update openssl to 1.0.2r (who-biz)
2019-06-12 14:45:40 -05:00
Howard Chu
86591ebf64
Use 9 digit build IDs
2019-06-12 16:15:07 +01:00
Howard Chu
0ef8391628
Delete redundant cppzmq dependency
2019-06-12 10:21:19 +01:00
Howard Chu
e85bf46641
Allow parallel make
2019-06-12 09:10:37 +01:00
Howard Chu
cfa88acb2b
Don't use -march=native
2019-06-12 09:10:29 +01:00
luigi1111
538fae4ec2
Merge pull request #5614
...
4cff925
p2p: fix GCC 9.1 crash (monermooo-monero)
f47488c
Fix GCC 9.1 build warnings (moneromooo-monero)
ce13a98
cmake: do not use -mmitigate-rop on GCC >= 9.1 (moneromooo-monero)
2019-06-11 17:22:11 -05:00
luigi1111
0c62e7b15f
Merge pull request #5622
...
b0a04f7
epee: fix SSL autodetect on reconnection (xiphon)
2019-06-11 17:05:17 -05:00
xiphon
b0a04f7d45
epee: fix SSL autodetect on reconnection
2019-06-10 10:40:16 +00:00
moneromooo-monero
f47488c734
Fix GCC 9.1 build warnings
...
GCC wants operator= aand copy ctor to be both defined, or neither
2019-06-09 09:39:34 +00:00
Lee Clagett
fafc5c3692
Add ssl_options support to monerod's rpc mode.
2019-05-21 16:17:34 +00:00
who-biz
c27d96129e
[depends] update openssl to 1.0.2r
...
- This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.
Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543 ), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.
The above (1.1) is patched in openssl, where it was marked as low severity. Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.
2019-05-18 02:18:55 -04:00
Riccardo Spagni
e8487fa46b
Merge pull request #5539
...
3f612cda
Changed odd bullet point to low level header (Rohaq)
af9bc4ec
Used subeaders to avoid slightly wonky looking formatting (Rohaq)
1873af35
Made code block usage consistent across all .md files (Rohaq)
68103075
Updated Copyright notice (Rohaq)
39bd157f
Added Table of Contents to main README.md (Rohaq)
2019-05-15 16:10:41 +02:00
luigi1111
14723fc6e7
Merge pull request #5527
...
9a7a453
net_ssl: free certs after setting them up (moneromooo-monero)
2019-05-14 15:55:25 -05:00
luigi1111
1fc1c7318c
Merge pull request #5519
...
b8b957d
cmake: fix incorrect hint for OPENSSL_ROOT_DIR (moneromooo-monero)
367bb80
mlog: default to not showing SSL errors (moneromooo-monero)
2019-05-14 15:52:32 -05:00
Rohaq
1873af35bf
Made code block usage consistent across all .md files
2019-05-12 05:16:26 +01:00
moneromooo-monero
9a7a453f25
net_ssl: free certs after setting them up
2019-05-10 00:16:49 +00:00
Riccardo Spagni
c0bc6d96cd
Merge pull request #5509
...
a62e0725
net_ssl: SSL config tweaks for compatibility and security (moneromooo-monero)
2019-05-07 17:39:20 +02:00
Riccardo Spagni
2d04b0e500
Merge pull request #5499
...
a4c4a2d8
blockchain: keep a rolling long term block weight median (moneromooo-monero)
2019-05-07 17:31:45 +02:00
Riccardo Spagni
123df0eaf7
Merge pull request #5419
...
f29fecd5
build: debug and test builds via contrib (Dusan Klinec)
2019-05-07 17:26:32 +02:00
moneromooo-monero
a62e072571
net_ssl: SSL config tweaks for compatibility and security
...
add two RSA based ciphers for Windows/depends compatibility
also enforce server cipher ordering
also set ECDH to auto because vtnerd says it is good :)
When built with the depends system, openssl does not include any
cipher on the current whitelist, so add this one, which fixes the
problem, and does seem sensible.
2019-05-07 10:01:42 +00:00
moneromooo-monero
367bb80ae7
mlog: default to not showing SSL errors
2019-05-06 07:38:52 +00:00
moneromooo-monero
a4c4a2d8aa
blockchain: keep a rolling long term block weight median
2019-05-02 09:47:01 +00:00
moneromooo-monero
5e0da6fb68
change SSL certificate fingerprint whitelisting from SHA1 to SHA-256
...
SHA1 is too close to bruteforceable
2019-04-26 11:37:15 +00:00
Riccardo Spagni
5d09e39174
Merge pull request #5482
...
9956500d
net_helper: clear recv buffer on eof (moneromooo-monero)
2019-04-24 22:40:12 +02:00
Riccardo Spagni
d86dd5fa7c
Merge pull request #5479
...
edbae2d0
levin_protocol_handler_async: tune down preallocation a fair bit (moneromooo-monero)
2019-04-24 22:39:30 +02:00
moneromooo-monero
9956500d14
net_helper: clear recv buffer on eof
2019-04-23 13:23:17 +00:00
moneromooo-monero
edbae2d05b
levin_protocol_handler_async: tune down preallocation a fair bit
...
It can allocate a lot when getting a lot of connections
(in particular, the stress test on windows apparently pushes
that memory to actual use, rather than just allocated)
2019-04-22 22:35:32 +00:00
moneromooo-monero
7a9316ebef
serialization: set default log category
2019-04-21 09:26:25 +00:00
moneromooo-monero
b672d4d6e5
epee: use boost/timer/timer.hpp, boost/timer.hpp is deprecated
2019-04-18 15:12:34 +00:00
Riccardo Spagni
ba1b6d36c4
Merge pull request #5447
...
02c01c0b
Add Brewfile to allow for an even easier management of dependencies (Florian)
2019-04-16 22:47:56 +02:00
Riccardo Spagni
c8ce4217cf
Merge pull request #5445
...
b18f0b10
wallet: new --offline option (moneromooo-monero)
2019-04-16 22:46:53 +02:00
Riccardo Spagni
e9527f5eed
Merge pull request #5436
...
61d63900
net_helper: avoid unnecessary memcpy (moneromooo-monero)
2019-04-16 22:43:15 +02:00
Riccardo Spagni
c603044398
Merge pull request #5432
...
c3cf930f
abstract_tcp_server2: fix timeout on exit (moneromooo-monero)
2019-04-16 22:41:18 +02:00
Florian
02c01c0bd8
Add Brewfile to allow for an even easier management of dependencies
2019-04-15 14:46:26 +02:00
moneromooo-monero
b18f0b1051
wallet: new --offline option
...
It will avoid connecting to a daemon (so useful for cold signing
using a RPC wallet), and not perform DNS queries.
2019-04-15 09:14:12 +00:00
Riccardo Spagni
e46dc055d1
Merge pull request #5369
...
e72c2c5d
do not build in parallel as it is non-deterministic (Jane Mercer)
2019-04-15 09:13:48 +02:00
moneromooo-monero
61d63900b9
net_helper: avoid unnecessary memcpy
2019-04-13 13:24:58 +00:00
moneromooo-monero
c3cf930f75
abstract_tcp_server2: fix timeout on exit
...
When closing connections due to exiting, the IO service is
already gone, so the data exchange needed for a gracious SSL
shutdown cannot happen. We just close the socket in that case.
2019-04-12 18:13:31 +00:00
moneromooo-monero
4b3bb829c2
epee: init a new ssl related variable in ctor
2019-04-11 11:10:15 +00:00
moneromooo-monero
9f8dc4ce51
simplewallet: new net_stats command
...
displays total sent and received bytes
2019-04-11 10:46:41 +00:00
Dusan Klinec
f29fecd517
build: debug and test builds via contrib
2019-04-10 15:43:52 +02:00
Lee Clagett
2e578b8214
Enabling daemon-rpc SSL now requires non-system CA verification
...
If `--daemon-ssl enabled` is set in the wallet, then a user certificate,
fingerprint, or onion/i2p address must be provided.
2019-04-07 13:02:43 -04:00
Lee Clagett
d58f368289
Require manual override for user chain certificates.
...
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
2019-04-07 00:44:37 -04:00
Lee Clagett
97cd1fa98d
Only check top-level certificate against fingerprint list.
...
This allows "chain" certificates to be used with the fingerprint
whitelist option. A user can get a system-ca signature as backup while
clients explicitly whitelist the server certificate. The user specified
CA can also be combined with fingerprint whitelisting.
2019-04-07 00:44:37 -04:00
Lee Clagett
7c388fb358
Call `use_certificate_chain_file` instead of `use_certificate_file`
...
The former has the same behavior with single self signed certificates
while allowing the server to have separate short-term authentication
keys with long-term authorization keys.
2019-04-07 00:44:37 -04:00