Mostly to support let's encrypt. It requires to switch from native-tls and friends to rustls and friends, which perhap is a good thing per se, rustls looks more modern and for sure more Rusty.
Alternative would be manually convert pkcs12 certificates to pem, which requires openssl tools to be installed and make transparent integration whith let's encrypt much harder (this is out of the scope for now, perhaps in near future)
* Go back to db for head and header_head
* Use batch consistently for db access
* Pass active txhashset and batch in the ctx
* Only update head in db if total work increases
* Only updated header_head if total work (on header chain) increases
Picks a random defunct peer and marks it healthy again anytime
we're querying peers to find more. Over enough time, any peer will
see another as defunct, leading to peer list atrophy. This
allows us random retries.
In addition, we need to cleanup peers after a while, we quickly
accumulate hundreds of dead peers over time. This should be
tracked by a different issue however.
Related: #1632
* Allow TLS for Wallet APIs
This PR adds an optional support of TLS for wallet APIs. Only PKCS12 format is supported, will address .pem support in next PR and provide some documentation.
Address #1425
According to rfc2616[1], the response from a server to a request with
bad credentials should be a 401 instead of a 403. Grin does not have
the concept of identities so it does not actually recognize a user
request with bad credentials.
[1] https://tools.ietf.org/html/rfc2616#section-10.4.2
* cuck placeholder
* rustfmt
* cuckatoo, early days
* rustfmt
* data structures are in place, siphash key creation is consistent with @tromp
* solver in place, (not yet working)
* cuckatoo test solver working with test nonce
* rustfmt
* update solver to remove adjacency list removals
* verifier functioning
* rustfmt
* Proper error handing in Cuckatoo module, couple of tests
* modify cuckoo/cuckatoo solvers and verifiers to function identically, in advance of trait refactoring
* rustfmt
* refactor PoW context into trait, default to using cuckoo context
* rustfmt
* create macros for integer casting/unwraps
* don't instantiate structs when just verifying, add test validation vector for cuckatoo 29
* rustfmt
* don't init cuckoo structs if just validating
* test fix
* ensure BH hashing for POW is only done within miner/validators
* Add api_secret
* Add to base64 method
* Add basic auth in API
* Add Basic Auth to owner API
* Add flag to enable disable basic auth
* Add .api_secret file
* introduce rewindable_kernel_view
cleanup header in extension
* cleanup and docs/comments
* txhashset does not need to be mutable here
* pull validate_kernel_history out into fn
* automatic binaries release from Travis-CI server
* build both osx and linux binary
* add before_deploy for making tarball and show size
* set file_glob for wildcards
* automatic changelog generator
* remove the --depth flag entirely, travis-ci default depth 50 cause change log auto-generation fail
* note:
- '#' in file name will be converted as '.', replace '#' with '-'
- file_glob wildcards don't support multiple lines of 'file'
We used to launch a thread for API server inside the wallet crate, now we do it inside api crate, so the cmd tool launches API and exit. This fix makes sure that command will wait for API thread.
* Middleware and handler (mw implements the same trait) could be attached to multiple nodes inside the router
* Middleware could be attached to the router (syntactic sugar, it is attached to the root node) as well as to any node
* Handler's call method receives an iterator of handlers and responsible for calling the next handler if needed
* Support TLS in ApiServer
This is ground work to support TLS in Grin APIs (like wallet ot node). Particular API implemention needs to decide if TLS is used or not and pass certificate data etc.
* P12 format support
* New method to start TLS server
* Transparent TLS support in API client (depends on URL scheme http/https)
* Refactoring
* Initial support for graceful shutdown (commentred out int this PR, unstable for now)
* API server tests (TLS server test is disabled by default, hyper client rejects self-signed certificates, so extra step is needed to install local CA (I used mkcert)
* Add a cert file to make test complile
