monero-rpc-rs icon indicating copy to clipboard operation
monero-rpc-rs copied to clipboard

Published 20 hours ago verified publisher icon monero-rs

Add TLS support

Open LeoNero opened this issue 2 years ago • 2 comments

Cases:

  • [x] daemon (as a server) created with certificate generated with monero-gen-ssl-cert (needs danger_accept_invalid_hostnames(true))
  • [x] daemon (as a server) created with certificate generated "by hand" with openssl, and certificate has no hostname/CN ( needs danger_accept_invalid_hostnames(true))
  • [x] daemon (as a server) created with certificate generated "by hand" with openssl, and certificate does have hostname/CN
  • [x] daemon (as a server) that only accepts requests from certain clients with certain certificates/identities

Note 1: if a daemon acting as a server uses a certificate generated by a CA, everything should work out of the box, since your computer will probably accept the certificate with no problem (that is, you don't need to pass any of the new additional options when creating a RpcClient).

Note 2: see the files changed to have an example of how the daemon and the calls to them are setup.

Note 3: on an Apple computer, the requirements for certificates are higher then the ones for Linux (see https://support.apple.com/en-us/HT210176), so it is recommended to test using Docker if you are using a Mac.

Note 4: there are much other cases to support (TLS certificate in other formats, with passwords, etc), but we can implement them along the way.

Note 5: I though about doing a test where RpcClient would connect to a monero-wallet-rpc that is already connected to a monerod that only accepts clients with certain certificates, but this ended up not making sense since, in the point of view of RpcClient, it should not matter how monero-wallet-rpc is connecting to monerod.

Note 6: at first, I was generating the certificates inside a Docker image and using such image in docker-compose.yml. However, because there was a need to use the certificates in the host machine in order to run the tests, I decided to create certificates on the host machine, push them to Github, and use them to test.

LeoNero avatar Aug 30 '22 17:08 LeoNero

Could you merge #78, please? It fixes one of the checks that is failing here.

LeoNero avatar Sep 03 '22 03:09 LeoNero

I don't know why the tests are failing, since they work locally... could you test it please @TheCharlatan ?

Edit: just saw I did not have the most up to date .github, and it is not using the docker-compose file inside /tests.

LeoNero avatar Sep 03 '22 03:09 LeoNero