Page MenuHomePhabricator

[chronik] Add support for TLS to the electrum server
ClosedPublic

Authored by Fabien on Dec 10 2024, 14:54.

Details

Reviewers
PiRK
tobias_ruck
Group Reviewers
Restricted Project
Maniphest Tasks
Restricted Maniphest Task
Commits
rABC67384414e3f9: [chronik] Add support for TLS to the electrum server
Summary

This diff adds the API to run the Chronik Electrum JSON RPC server over TLS.

Test Plan
# Check it starts with TCP and default port as before
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1
# Check it starts with TCP and port 50001
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001:t
  
# Check it returns a meaningful error
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001:
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001:q # unknown protocol
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001:s # missing cert and key

Generate a self signed certificate with:

openssl req -nodes -new -x509 -keyout server.key -out server.pem

Then

./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001:s -chronikelectrumcert=server.pem # require both cert and key
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001:s -chronikelectrumprivkey=server.key # require both cert and key

# No error, tested ping via a custom ping.py script that uses electrum functions
./src/bitcoind -regtest -chronik -chronikelectrumbind=127.0.0.1:50001:s -chronikelectrumcert=server.pem -chronikelectrumprivkey=server.key

Event Timeline

Fabien requested review of this revision.Dec 10 2024, 14:54
PiRK added inline comments.
chronik/chronik-lib/src/bridge.rs
51 ↗(On Diff #51518)

Those doc line seem very redundant when the error message and the error names are already very descriptive. I wonder if we could somehow disable the linter rule that forces us to add them.

Here you used 3 times the same line with just a minor difference in how you capitalize "electrum".

chronik/chronik-lib/src/bridge.rs
51 ↗(On Diff #51518)

Don't forget that the comment will appear in the doc but not the error string

This revision is now accepted and ready to land.Dec 10 2024, 19:48
tobias_ruck added a subscriber: tobias_ruck.
tobias_ruck added inline comments.
chronik/chronik-http/src/electrum.rs
57–58

this is more a personal style, to make it clear it's a path to a file, not the content of the file (it wasn't immediately clear when I first read it for example)

85
99
140

then you don't have to use all the confusing .0 and .1

145
172

I don't think the clone is necessary (it expects impl AsRef<Path>)

183

dito

chronik/chronik-lib/src/bridge.rs
57

is it possible to use char here consistently? That way it's UTF-8 safe, but more importantly IMO it's more readable since u8 often is more for numbers not for chars

239–242
This revision now requires changes to proceed.Dec 12 2024, 09:05
Fabien marked 9 inline comments as done.Dec 12 2024, 09:45
Fabien added inline comments.
chronik/chronik-http/src/electrum.rs
57–58

fair enough

140

TIL, great

172

Good catch

chronik/chronik-lib/src/bridge.rs
57

I considered this, but really what we want here is a single ascii char, and we need the type to be C++ compatible (because it's parsed from the node options). In the end I found this was simple enough to use u8 for this stuff and it avoids converting to/from char assuming the encoding. It also makes the error show the non printable chars in a readable way.

Fabien marked 4 inline comments as done.

Feedback

The build failed due to an unexpected infrastructure outage. The administrators have been notified to investigate. Sorry for the inconvenience.
tobias_ruck added inline comments.
chronik/chronik-lib/src/bridge.rs
235 ↗(On Diff #51547)

Or maybe swap it

chronik/chronik-lib/src/ffi.rs
53 ↗(On Diff #51547)

Consider adding _path to both for consistency

src/init.cpp
723 ↗(On Diff #51547)
This revision now requires changes to proceed.Dec 12 2024, 10:37

Improve doc, var names and use .min()

This revision is now accepted and ready to land.Dec 12 2024, 11:08
PiRK added a task: Restricted Maniphest Task.Dec 13 2024, 13:34