Permalink
Browse files

Merge pull request #5677

d528025 Revert "rpc-tests: re-enable rpc-tests for Windows" (Wladimir J. van der Laan)
1e700c9 doc: update deps in build-unix.md after libevent (Wladimir J. van der Laan)
26c9b83 Move windows socket init to utility function (Wladimir J. van der Laan)
4be0b08 libevent: Windows reuseaddr workaround in depends (Cory Fields)
3a174cd Fix race condition between starting HTTP server thread and setting EventBase() (Wladimir J. van der Laan)
6d2bc22 Document options for new HTTP/RPC server in --help (Wladimir J. van der Laan)
be33f3f Implement RPCTimerHandler for Qt RPC console (Wladimir J. van der Laan)
57d85d9 doc: mention SSL support dropped for RPC in release notes (Wladimir J. van der Laan)
40b556d evhttpd implementation (Wladimir J. van der Laan)
ee2a42b tests: GET requests cannot have request body, use POST in rest.py (Wladimir J. van der Laan)
6e996d3 tests: fix qt payment test (Cory Fields)
3140ef9 build: build-system changes for libevent (Wladimir J. van der Laan)
a9af234 libevent: add depends (Cory Fields)
6a21dd5 Remove rpc_boostasiotocnetaddr test (Wladimir J. van der Laan)
8f9301c qa: Remove -rpckeepalive tests from httpbasics (Wladimir J. van der Laan)
51fcfc0 doc: remove documentation for rpcssl (Wladimir J. van der Laan)
  • Loading branch information...
laanwj committed Sep 4, 2015
2 parents 4b437b2 + d528025 commit 9aa90994ee85e549ddbe23a6f03e33d0edcd57b2
View
@@ -664,6 +664,12 @@ if test x$use_pkgconfig = xyes; then
if test x$use_qr != xno; then
BITCOIN_QT_CHECK([PKG_CHECK_MODULES([QR], [libqrencode], [have_qrencode=yes], [have_qrencode=no])])
fi
+ if test x$build_bitcoin_utils$build_bitcoind$bitcoin_enable_qt$use_tests != xnononono; then
+ PKG_CHECK_MODULES([EVENT], [libevent],, [AC_MSG_ERROR(libevent not found.)])
+ if test x$TARGET_OS != xwindows; then
+ PKG_CHECK_MODULES([EVENT_PTHREADS], [libevent_pthreads],, [AC_MSG_ERROR(libevent_pthreads not found.)])
+ fi
+ fi
]
)
else
@@ -673,6 +679,14 @@ else
AC_CHECK_HEADER([openssl/ssl.h],, AC_MSG_ERROR(libssl headers missing),)
AC_CHECK_LIB([ssl], [main],SSL_LIBS=-lssl, AC_MSG_ERROR(libssl missing))
+ if test x$build_bitcoin_utils$build_bitcoind$bitcoin_enable_qt$use_tests != xnononono; then
+ AC_CHECK_HEADER([event2/event.h],, AC_MSG_ERROR(libevent headers missing),)
+ AC_CHECK_LIB([event],[main],EVENT_LIBS=-levent,AC_MSG_ERROR(libevent missing))
+ if test x$TARGET_OS != xwindows; then
+ AC_CHECK_LIB([event_pthreads],[main],EVENT_PTHREADS_LIBS=-levent_pthreads,AC_MSG_ERROR(libevent_pthreads missing))
+ fi
+ fi
+
BITCOIN_QT_CHECK(AC_CHECK_LIB([protobuf] ,[main],[PROTOBUF_LIBS=-lprotobuf], BITCOIN_QT_FAIL(libprotobuf not found)))
if test x$use_qr != xno; then
BITCOIN_QT_CHECK([AC_CHECK_LIB([qrencode], [main],[QR_LIBS=-lqrencode], [have_qrencode=no])])
@@ -96,7 +96,7 @@ _bitcoind() {
esac
case "$cur" in
- -conf=*|-pid=*|-loadblock=*|-wallet=*|-rpcsslcertificatechainfile=*|-rpcsslprivatekeyfile=*)
+ -conf=*|-pid=*|-loadblock=*|-wallet=*)
cur="${cur#*=}"
_filedir
return 0
@@ -95,15 +95,6 @@
# running on another host using this option:
#rpcconnect=127.0.0.1
-# Use Secure Sockets Layer (also known as TLS or HTTPS) to communicate
-# with Bitcoin -server or bitcoind
-#rpcssl=1
-
-# OpenSSL settings used when rpcssl=1
-#rpcsslciphers=TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH
-#rpcsslcertificatechainfile=server.cert
-#rpcsslprivatekeyfile=server.pem
-
# Transaction Fee Changes in 0.10.0
# Send transactions as zero-fee transactions if possible (default: 0)
@@ -36,9 +36,6 @@ Listen for JSON\-RPC connections on <port> (default: 8332 or testnet: 18332).
.TP
\fB\-rpcconnect=\fR<ip>
Send commands to node running on <ip> (default: 127.0.0.1).
-.TP
-\fB\-rpcssl\fR=\fI1\fR
-Use OpenSSL (https) for JSON\-RPC connections (see the Bitcoin Wiki for SSL setup instructions).
.SH "SEE ALSO"
\fBbitcoind\fP, \fBbitcoin.conf\fP
@@ -178,18 +178,6 @@ Set maximum block size in bytes (default: 250000)
.HP
\fB\-blockprioritysize=\fR<n> Set maximum size of high\-priority/low\-fee transactions in bytes (default: 27000)
.PP
-SSL options: (see the Bitcoin Wiki for SSL setup instructions)
-.TP
-\fB\-rpcssl\fR
-Use OpenSSL (https) for JSON\-RPC connections
-.TP
-\fB\-rpcsslcertificatechainfile=\fR<file.cert>
-Server certificate file (default: server.cert)
-.TP
-\fB\-rpcsslprivatekeyfile=\fR<file.pem>
-Server private key (default: server.pem)
-.TP
-\fB\-rpcsslciphers=\fR<ciphers>
Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)
.SS "UI options:"
.TP
@@ -46,16 +46,6 @@ Listen for RPC connections on this TCP port.
\fBrpcconnect=\fR\fI'127.0.0.1'\fR
You can use *bitcoin* or *bitcoind(1)* to send commands to *bitcoin*/*bitcoind(1)* running on another host using this option.
.TP
-\fBrpcssl=\fR\fI'1'\fR
-Use Secure Sockets Layer (also known as TLS or HTTPS) to communicate with *bitcoin* '\-server' or *bitcoind(1)*. Example of OpenSSL settings used when *rpcssl*='1':
-.TP
-\fB\-rpcsslciphers=\fR<ciphers>
-Acceptable ciphers (default: TLSv1+HIGH:\:!SSLv2:\:!aNULL:\:!eNULL:\:!AH:\:!3DES:\:@STRENGTH)
-.TP
-\fBrpcsslcertificatechainfile=\fR\fI'server.cert'\fR
-.TP
-\fBrpcsslprivatekeyfile=\fR\fI'server.pem'\fR
-.TP
.SH MISCELLANEOUS OPTIONS
.TP
\fBgen=\fR[\fI'0'\fR|\fI'1'\fR]
@@ -62,20 +62,6 @@ Allow JSON\-RPC connections from specified IP address
.TP
\fB\-rpcconnect=\fR<ip>
Send commands to node running on <ip>
-.PP
-SSL options: (see the Bitcoin Wiki for SSL setup instructions)
-.TP
-\fB\-rpcssl\fR=\fI1\fR
-Use OpenSSL (https) for JSON\-RPC connections
-.TP
-\fB\-rpcsslcertificatchainfile=\fR<file.cert>
-Server certificate file (default: server.cert)
-.TP
-\fB\-rpcsslprivatekeyfile=\fR<file.pem>
-Server private key (default: server.pem)
-.TP
-\fB\-rpcsslciphers=\fR<ciphers>
-Acceptable ciphers (default: TLSv1+HIGH:\:!SSLv2:\:!aNULL:\:!eNULL:\:!AH:\:!3DES:\:@STRENGTH)
.TP
\-?
This help message
@@ -0,0 +1,31 @@
+package=libevent
+$(package)_version=2.0.22
+$(package)_download_path=https://github.com/libevent/libevent/releases/download/release-2.0.22-stable
+$(package)_file_name=$(package)-$($(package)_version)-stable.tar.gz
+$(package)_sha256_hash=71c2c49f0adadacfdbe6332a372c38cf9c8b7895bb73dabeaa53cdcc1d4e1fa3
+$(package)_patches=reuseaddr.patch
+
+define $(package)_preprocess_cmds
+ patch -p1 < $($(package)_patch_dir)/reuseaddr.patch
+endef
+
+define $(package)_set_vars
+ $(package)_config_opts=--disable-shared --disable-openssl --disable-libevent-regress
+ $(package)_config_opts_release=--disable-debug-mode
+ $(package)_config_opts_linux=--with-pic
+endef
+
+define $(package)_config_cmds
+ $($(package)_autoconf)
+endef
+
+define $(package)_build_cmds
+ $(MAKE)
+endef
+
+define $(package)_stage_cmds
+ $(MAKE) DESTDIR=$($(package)_staging_dir) install
+endef
+
+define $(package)_postprocess_cmds
+endef
@@ -1,4 +1,4 @@
-packages:=boost openssl
+packages:=boost openssl libevent
native_packages := native_ccache native_comparisontool
qt_native_packages = native_protobuf
@@ -0,0 +1,21 @@
+--- old/evutil.c 2015-08-28 19:26:23.488765923 -0400
++++ new/evutil.c 2015-08-28 19:27:41.392767019 -0400
+@@ -321,15 +321,16 @@
+ int
+ evutil_make_listen_socket_reuseable(evutil_socket_t sock)
+ {
+-#ifndef WIN32
+ int one = 1;
++#ifndef WIN32
+ /* REUSEADDR on Unix means, "don't hang on to this address after the
+ * listener is closed." On Windows, though, it means "don't keep other
+ * processes from binding to this address while we're using it. */
+ return setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
+ (ev_socklen_t)sizeof(one));
+ #else
+- return 0;
++ return setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (const char*) &one,
++ (ev_socklen_t)sizeof(one));
+ #endif
+ }
+
View
@@ -31,8 +31,9 @@ These dependencies are required:
Library | Purpose | Description
------------|------------------|----------------------
- libssl | SSL Support | Secure communications
- libboost | Boost | C++ Library
+ libssl | Crypto | Random Number Generation, Elliptic Curve Cryptography
+ libboost | Utility | Library for threading, data structures, etc
+ libevent | Networking | OS independent asynchronous networking
Optional dependencies:
@@ -57,7 +58,7 @@ Dependency Build Instructions: Ubuntu & Debian
----------------------------------------------
Build requirements:
- sudo apt-get install build-essential libtool autotools-dev autoconf pkg-config libssl-dev
+ sudo apt-get install build-essential libtool autotools-dev autoconf pkg-config libssl-dev libevent-dev
For Ubuntu 12.04 and later or Debian 7 and later libboost-all-dev has to be installed:
View
@@ -4,6 +4,29 @@ release-notes at release time)
Notable changes
===============
+SSL support for RPC dropped
+----------------------------
+
+SSL support for RPC, previously enabled by the option `rpcssl` has been dropped
+from both the client and the server. This was done in preparation for removing
+the dependency on OpenSSL for the daemon completely.
+
+Trying to use `rpcssl` will result in an error:
+
+ Error: SSL mode for RPC (-rpcssl) is no longer supported.
+
+If you are one of the few people that relies on this feature, a flexible
+migration path is to use `stunnel`. This is an utility that can tunnel
+arbitrary TCP connections inside SSL. On e.g. Ubuntu it can be installed with:
+
+ sudo apt-get install stunnel4
+
+Then, to tunnel a SSL connection on 28332 to a RPC server bound on localhost on port 18332 do:
+
+ stunnel -d 28332 -r 127.0.0.1:18332 -p stunnel.pem -P ''
+
+It can also be set up system-wide in inetd style.
+
Random-cookie RPC authentication
---------------------------------
@@ -8,6 +8,11 @@ CURDIR=$(cd $(dirname "$0"); pwd)
export BITCOIND=${REAL_BITCOIND}
export BITCOINCLI=${REAL_BITCOINCLI}
+if [ "x${EXEEXT}" = "x.exe" ]; then
+ echo "Win tests currently disabled"
+ exit 0
+fi
+
#Run the tests
testScripts=(
@@ -22,7 +22,7 @@
class HTTPBasicsTest (BitcoinTestFramework):
def setup_nodes(self):
- return start_nodes(4, self.options.tmpdir, extra_args=[['-rpckeepalive=1'], ['-rpckeepalive=0'], [], []])
+ return start_nodes(4, self.options.tmpdir)
def run_test(self):
@@ -84,9 +84,8 @@ def run_test(self):
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse().read();
assert_equal('"error":null' in out1, True)
- assert_equal(conn.sock!=None, False) #connection must be closed because keep-alive was set to false
- #node2 (third node) is running with standard keep-alive parameters which means keep-alive is off
+ #node2 (third node) is running with standard keep-alive parameters which means keep-alive is on
urlNode2 = urlparse.urlparse(self.nodes[2].url)
authpair = urlNode2.username + ':' + urlNode2.password
headers = {"Authorization": "Basic " + base64.b64encode(authpair)}
View
@@ -32,10 +32,20 @@ def deser_uint256(f):
r += t << (i * 32)
return r
-#allows simple http get calls with a request body
-def http_get_call(host, port, path, requestdata = '', response_object = 0):
+#allows simple http get calls
+def http_get_call(host, port, path, response_object = 0):
conn = httplib.HTTPConnection(host, port)
- conn.request('GET', path, requestdata)
+ conn.request('GET', path)
+
+ if response_object:
+ return conn.getresponse()
+
+ return conn.getresponse().read()
+
+#allows simple http post calls with a request body
+def http_post_call(host, port, path, requestdata = '', response_object = 0):
+ conn = httplib.HTTPConnection(host, port)
+ conn.request('POST', path, requestdata)
if response_object:
return conn.getresponse()
@@ -137,7 +147,7 @@ def run_test(self):
binaryRequest += binascii.unhexlify(vintx);
binaryRequest += pack("i", 0);
- bin_response = http_get_call(url.hostname, url.port, '/rest/getutxos'+self.FORMAT_SEPARATOR+'bin', binaryRequest)
+ bin_response = http_post_call(url.hostname, url.port, '/rest/getutxos'+self.FORMAT_SEPARATOR+'bin', binaryRequest)
output = StringIO.StringIO()
output.write(bin_response)
output.seek(0)
@@ -175,29 +185,29 @@ def run_test(self):
#do some invalid requests
json_request = '{"checkmempool'
- response = http_get_call(url.hostname, url.port, '/rest/getutxos'+self.FORMAT_SEPARATOR+'json', json_request, True)
+ response = http_post_call(url.hostname, url.port, '/rest/getutxos'+self.FORMAT_SEPARATOR+'json', json_request, True)
assert_equal(response.status, 500) #must be a 500 because we send a invalid json request
json_request = '{"checkmempool'
- response = http_get_call(url.hostname, url.port, '/rest/getutxos'+self.FORMAT_SEPARATOR+'bin', json_request, True)
+ response = http_post_call(url.hostname, url.port, '/rest/getutxos'+self.FORMAT_SEPARATOR+'bin', json_request, True)
assert_equal(response.status, 500) #must be a 500 because we send a invalid bin request
- response = http_get_call(url.hostname, url.port, '/rest/getutxos/checkmempool'+self.FORMAT_SEPARATOR+'bin', '', True)
+ response = http_post_call(url.hostname, url.port, '/rest/getutxos/checkmempool'+self.FORMAT_SEPARATOR+'bin', '', True)
assert_equal(response.status, 500) #must be a 500 because we send a invalid bin request
#test limits
json_request = '/checkmempool/'
for x in range(0, 20):
json_request += txid+'-'+str(n)+'/'
json_request = json_request.rstrip("/")
- response = http_get_call(url.hostname, url.port, '/rest/getutxos'+json_request+self.FORMAT_SEPARATOR+'json', '', True)
+ response = http_post_call(url.hostname, url.port, '/rest/getutxos'+json_request+self.FORMAT_SEPARATOR+'json', '', True)
assert_equal(response.status, 500) #must be a 500 because we exceeding the limits
json_request = '/checkmempool/'
for x in range(0, 15):
json_request += txid+'-'+str(n)+'/'
json_request = json_request.rstrip("/");
- response = http_get_call(url.hostname, url.port, '/rest/getutxos'+json_request+self.FORMAT_SEPARATOR+'json', '', True)
+ response = http_post_call(url.hostname, url.port, '/rest/getutxos'+json_request+self.FORMAT_SEPARATOR+'json', '', True)
assert_equal(response.status, 200) #must be a 500 because we exceeding the limits
self.nodes[0].generate(1) #generate block to not affect upcoming tests
@@ -208,27 +218,27 @@ def run_test(self):
################
# check binary format
- response = http_get_call(url.hostname, url.port, '/rest/block/'+bb_hash+self.FORMAT_SEPARATOR+"bin", "", True)
+ response = http_get_call(url.hostname, url.port, '/rest/block/'+bb_hash+self.FORMAT_SEPARATOR+"bin", True)
assert_equal(response.status, 200)
assert_greater_than(int(response.getheader('content-length')), 80)
response_str = response.read()
# compare with block header
- response_header = http_get_call(url.hostname, url.port, '/rest/headers/1/'+bb_hash+self.FORMAT_SEPARATOR+"bin", "", True)
+ response_header = http_get_call(url.hostname, url.port, '/rest/headers/1/'+bb_hash+self.FORMAT_SEPARATOR+"bin", True)
assert_equal(response_header.status, 200)
assert_equal(int(response_header.getheader('content-length')), 80)
response_header_str = response_header.read()
assert_equal(response_str[0:80], response_header_str)
# check block hex format
- response_hex = http_get_call(url.hostname, url.port, '/rest/block/'+bb_hash+self.FORMAT_SEPARATOR+"hex", "", True)
+ response_hex = http_get_call(url.hostname, url.port, '/rest/block/'+bb_hash+self.FORMAT_SEPARATOR+"hex", True)
assert_equal(response_hex.status, 200)
assert_greater_than(int(response_hex.getheader('content-length')), 160)
response_hex_str = response_hex.read()
assert_equal(response_str.encode("hex")[0:160], response_hex_str[0:160])
# compare with hex block header
- response_header_hex = http_get_call(url.hostname, url.port, '/rest/headers/1/'+bb_hash+self.FORMAT_SEPARATOR+"hex", "", True)
+ response_header_hex = http_get_call(url.hostname, url.port, '/rest/headers/1/'+bb_hash+self.FORMAT_SEPARATOR+"hex", True)
assert_equal(response_header_hex.status, 200)
assert_greater_than(int(response_header_hex.getheader('content-length')), 160)
response_header_hex_str = response_header_hex.read()
@@ -241,7 +251,7 @@ def run_test(self):
assert_equal(block_json_obj['hash'], bb_hash)
# compare with json block header
- response_header_json = http_get_call(url.hostname, url.port, '/rest/headers/1/'+bb_hash+self.FORMAT_SEPARATOR+"json", "", True)
+ response_header_json = http_get_call(url.hostname, url.port, '/rest/headers/1/'+bb_hash+self.FORMAT_SEPARATOR+"json", True)
assert_equal(response_header_json.status, 200)
response_header_json_str = response_header_json.read()
json_obj = json.loads(response_header_json_str, parse_float=decimal.Decimal)
@@ -265,7 +275,7 @@ def run_test(self):
#see if we can get 5 headers in one response
self.nodes[1].generate(5)
self.sync_all()
- response_header_json = http_get_call(url.hostname, url.port, '/rest/headers/5/'+bb_hash+self.FORMAT_SEPARATOR+"json", "", True)
+ response_header_json = http_get_call(url.hostname, url.port, '/rest/headers/5/'+bb_hash+self.FORMAT_SEPARATOR+"json", True)
assert_equal(response_header_json.status, 200)
response_header_json_str = response_header_json.read()
json_obj = json.loads(response_header_json_str)
@@ -278,7 +288,7 @@ def run_test(self):
assert_equal(json_obj['txid'], tx_hash)
# check hex format response
- hex_string = http_get_call(url.hostname, url.port, '/rest/tx/'+tx_hash+self.FORMAT_SEPARATOR+"hex", "", True)
+ hex_string = http_get_call(url.hostname, url.port, '/rest/tx/'+tx_hash+self.FORMAT_SEPARATOR+"hex", True)
assert_equal(hex_string.status, 200)
assert_greater_than(int(response.getheader('content-length')), 10)
Oops, something went wrong.

0 comments on commit 9aa9099

Please sign in to comment.