-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL fixes for validator list (RIPD-1558) #2275
Conversation
bachase
commented
Nov 20, 2017
- Configures domain name for SNI
- On windows, uses wincrypt API to use system's root certificates.
Support Server Name Indication Ensure windows uses available certificates
The first commit is the only one required for published validator lists. I believe the second commit fixes remaining spots in |
Codecov Report
@@ Coverage Diff @@
## develop #2275 +/- ##
===========================================
- Coverage 70.11% 70.09% -0.02%
===========================================
Files 689 690 +1
Lines 50800 50808 +8
===========================================
- Hits 35617 35613 -4
- Misses 15183 15195 +12
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From what I can tell, HTTPClient
is only used by RPCSub
(Subscription object for JSON-RPC
), which seem to be deprecated
https://ripple.com/build/rippled-apis/#subscriptions
JSON-RPC support for subscription callbacks is deprecated and may not work as expected.
pContext->cbCertEncoded); | ||
if (x509 != NULL) | ||
{ | ||
X509_STORE_add_cert(store, x509); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure how this would fail, but should we log if it does?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably worth doing. I'll look into making an error_code.
} | ||
} | ||
|
||
CertFreeCertificateContext(pContext); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't pContext
guaranteed to be NULL
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, will fix.
CertFreeCertificateContext(pContext); | ||
CertCloseStore(hStore, 0); | ||
|
||
SSL_CTX_set_cert_store(ctx.native_handle(), store); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to confirm, the reason we don't use SSL_CTX_set1_cert_store
here is because
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cert_store.html
SSL_CTX_set_cert_store() does not increment the store's reference count, so it should not be used to assign an X509_STORE that is owned by another SSL_CTX.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct. I believe since we create the store
above, we do not need to increment the reference count.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, it looks like the reference counted version is not available in the 1.0.* versions we are using.
//============================================================================== | ||
#include <BeastConfig.h> | ||
#include <ripple/net/RegisterSSLCerts.h> | ||
#if BEAST_WINDOWS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like BEAST_WINDOWS
is only used in src/ripple/beast/
Should a different macro be used here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can use boost predef instead.
{ | ||
X509* x509 = d2i_X509( | ||
NULL, | ||
(const unsigned char**)&pContext->pbCertEncoded, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d2i_X509
actually modifies the pointer taken as the second argument; I will fix to use a local instead.
@HowardHinnant can you do a pass on the use of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me! The ownership properties of these functions looks complex and poorly documented. Nice use of comments to clarify what owns what and when.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't test on Windows but LGTM 👍
I think you could take or leave the HTTPClient
changes if it really is deprecated.
ec = boost::system::error_code( | ||
static_cast<int>(::ERR_get_error()), | ||
boost::asio::error::get_ssl_category()); | ||
return; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is ok as is (returning with ec
and throwing if anything goes wrong), but I'm wondering if we could alternatively be ok calling continue
here (and on line 85) and just having the caller log ec
.
//------------------------------------------------------------------------------ | ||
/* | ||
This file is part of rippled: https://github.com/ripple/rippled | ||
Copyright (c) 2016 Ripple Labs Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stale date
@@ -754,6 +754,7 @@ def config_env(toolchain, variant, env): | |||
'uuid.lib', | |||
'odbc32.lib', | |||
'odbccp32.lib', | |||
'crypt32.lib' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: misaligned
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Merged as a4a43a4 |