diff --git a/jmclient/jmclient/client_protocol.py b/jmclient/jmclient/client_protocol.py index a8e5aa8..4551a44 100644 --- a/jmclient/jmclient/client_protocol.py +++ b/jmclient/jmclient/client_protocol.py @@ -1,7 +1,7 @@ #! /usr/bin/env python from __future__ import print_function from twisted.python.log import startLogging, err -from twisted.internet import protocol, reactor +from twisted.internet import protocol, reactor, ssl from twisted.internet.task import LoopingCall from twisted.internet.error import (ConnectionLost, ConnectionAborted, ConnectionClosed, ConnectionDone) @@ -9,6 +9,7 @@ from twisted.python import failure from twisted.protocols import amp from twisted.internet.protocol import ClientFactory from twisted.internet.endpoints import TCP4ClientEndpoint +from twisted.internet.ssl import ClientContextFactory from jmbase import commands from sys import stdout @@ -248,6 +249,7 @@ class JMTakerClientProtocolFactory(protocol.ClientFactory): def start_reactor(host, port, factory, ish=True, daemon=False): #pragma: no cover #(Cannot start the reactor in tests) + usessl = True if jm_single().config.get("DAEMON", "use_ssl") != 'false' else False if daemon: try: from jmdaemon import JMDaemonServerProtocolFactory @@ -258,7 +260,16 @@ def start_reactor(host, port, factory, ish=True, daemon=False): #pragma: no cove "section of the config. Quitting.") return dfactory = JMDaemonServerProtocolFactory() - reactor.listenTCP(port, dfactory) + if usessl: + reactor.listenSSL(port, dfactory, + ssl.DefaultOpenSSLContextFactory( + "./ssl/key.pem", "./ssl/cert.pem")) + else: + reactor.listenTCP(port, dfactory) - reactor.connectTCP(host, port, factory) + if usessl: + ctx = ClientContextFactory() + reactor.connectSSL(host, port, factory, ctx) + else: + reactor.connectTCP(host, port, factory) reactor.run(installSignalHandlers=ish) diff --git a/jmclient/jmclient/configure.py b/jmclient/jmclient/configure.py index fa6e814..84fa664 100644 --- a/jmclient/jmclient/configure.py +++ b/jmclient/jmclient/configure.py @@ -99,6 +99,9 @@ daemon_port = 27183 #currently, running the daemon on a remote host is #*NOT* supported, so don't change this variable daemon_host = localhost +#by default the client-daemon connection is plaintext, set to 'true' to use TLS; +#for this, you need to have a valid (self-signed) certificate installed +use_ssl = false [BLOCKCHAIN] blockchain_source = blockr diff --git a/scripts/joinmarketd.py b/scripts/joinmarketd.py index 62030d4..c05f4dd 100644 --- a/scripts/joinmarketd.py +++ b/scripts/joinmarketd.py @@ -1,9 +1,9 @@ import sys -from twisted.internet import reactor +from twisted.internet import reactor, ssl from twisted.python.log import startLogging, err import jmdaemon -def startup_joinmarketd(port, finalizer=None, finalizer_args=None): +def startup_joinmarketd(port, usessl, finalizer=None, finalizer_args=None): """Start event loop for joinmarket daemon here. Args: port : port over which to serve the daemon @@ -12,7 +12,11 @@ def startup_joinmarketd(port, finalizer=None, finalizer_args=None): """ startLogging(sys.stdout) factory = jmdaemon.JMDaemonServerProtocolFactory() - reactor.listenTCP(port, factory) + if usessl: + reactor.listenSSL(port, factory, ssl.DefaultOpenSSLContextFactory( + "./ssl/key.pem", "./ssl/cert.pem")) + else: + reactor.listenTCP(port, factory) if finalizer: reactor.addSystemEventTrigger("after", "shutdown", finalizer, finalizer_args) @@ -24,4 +28,8 @@ if __name__ == "__main__": port = 27183 else: port = int(sys.argv[1]) - startup_joinmarketd(port) + usessl = False + if len(sys.argv) > 2: + if int(sys.argv[2]) != 0: + usessl = True + startup_joinmarketd(port, usessl)