Allow disabling RPC server TLS for localhost only. #192
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
davecgh
changed the title
|
Change looks good to me. No reason to allow notls when talking to the outside world but there are definitely times where I've need to not use it when local only. |
This commit introduces a new flag, --notls, which can be used to disable TLS for the RPC server. However, the flag can only be used when the RPC server is bound to localhost interfaces. This is intended to prevent the situation where someone decides they want to expose the RPC server to the web for remote management/access, but forgot they have TLS disabled.
davecgh
added a commit
to davecgh/btcd
that referenced
this pull request
May 19, 2016
* txscript: Add ScriptVerifyLowS to the standard flags We've already been generating lowS sigs for quite a while. This removes the malleability vector. This mimics Bitcoin Core commit 49dd5c629df0a08cf3b1ea8085c03312d1a81696 * txscript: Implement CheckLockTimeVerify (BIP0065) See https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki for more information. This commit mimics Bitcoin Core commit bc60b2b4b401f0adff5b8b9678903ff8feb5867b and includes additional tests from Bitcoin Core commit cb54d17355864fa08826d6511a0d7692b21ef2c9 * wire: Export var length string serialization funcs. This commit exports the ReadVarString and WriteVarString functions so they are available for callers to use. A variable length string is encoded as a variable length integer containing the length of the string followed by the bytes that represent the string itself. * rpcserver: Copy btcwallet fix for verifymessage.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new flag,
--notls, which can be used to disable TLS for the RPC server. However, the flag can only be used when the RPC server is bound to localhost interfaces. This is intended to prevent the situation where someone decides they want to expose the RPC server to the web for remote management/access, but forgot they have TLS disabled.Here is an example of the functionality:
Disallowed
Allowed