Browse Source

Merge pull request #5434

683dc40 Disable SSLv3 (in favor of TLS) for the RPC client and server. (Gregory Maxwell)
0.10
Wladimir J. van der Laan 10 years ago
parent
commit
4b5b263ac0
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
  1. 2
      src/bitcoin-cli.cpp
  2. 2
      src/rpcserver.cpp

2
src/bitcoin-cli.cpp

@ -110,7 +110,7 @@ Object CallRPC(const string& strMethod, const Array& params)
bool fUseSSL = GetBoolArg("-rpcssl", false); bool fUseSSL = GetBoolArg("-rpcssl", false);
asio::io_service io_service; asio::io_service io_service;
ssl::context context(io_service, ssl::context::sslv23); ssl::context context(io_service, ssl::context::sslv23);
context.set_options(ssl::context::no_sslv2); context.set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context); asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL); SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d); iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);

2
src/rpcserver.cpp

@ -597,7 +597,7 @@ void StartRPCThreads()
if (fUseSSL) if (fUseSSL)
{ {
rpc_ssl_context->set_options(ssl::context::no_sslv2); rpc_ssl_context->set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert")); filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));
if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile; if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;

Loading…
Cancel
Save