Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: mav on July 18, 2012, 04:43:20 AM


Title: SSL RPC with bitcoind
Post by: mav on July 18, 2012, 04:43:20 AM
I have been trying to establish an SSL connection to bitcoind

I followed exactly these instructions

https://en.bitcoin.it/wiki/Enabling_SSL_on_original_client_daemon (https://en.bitcoin.it/wiki/Enabling_SSL_on_original_client_daemon)

I'm running
Code:
bitcoind -testnet
and then checking the ssl connection using

Code:
openssl s_client -connect 127.0.0.1:8332
which gives the response

Code:
CONNECTED(00000003)
140487709226656:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 226 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

This is all from my local machine, not over a network.

My bitcoin.conf is
Code:
rpcuser=bob
rpcpassword=bob

rpcallowip=192.168.*.*

rpcssl=1
#rpcsslciphers=DEFAULT:@STRENGTH

when I have the configuration line
Code:
rpcssl=1
in my bitcoin.conf I cannot use commands such as
Code:
$ bitcoind getinfo
, I get
Code:
error: no response from server

Can someone please help me diagnose why this isn't working? I'm using the latest version of bitcoin - "version" : 60300

Title: Re: SSL RPC with bitcoind
Post by: gweedo on July 18, 2012, 05:30:37 AM
try

Code:
./bitcoind -rpcconnect=127.0.0.1 -rpcport=8332 -rpcssl -rpcuser=YourUsername -rpcpassword=YourPassword getinfo

also add
Code:
server=1
to the bitcoin.conf

Title: Re: SSL RPC with bitcoind
Post by: mav on July 18, 2012, 06:02:13 AM
no gold with adding that setting nor with the extra command options.

I try using curl to ping the server and this is the result

Code:
curl --user bob --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' https://127.0.0.1:8332/

Code:
curl: (35) Unknown SSL protocol error in connection to 127.0.0.1:8332

I tried adding the options below to my config with no effect, still getting a protocol error

Code:
rpcssl=1
rpcsslciphers=TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH
rpcsslcertificatechainfile=server.cert
rpcsslprivatekeyfile=server.pem
rpcsslciphers=DEFAULT:@STRENGTH

Title: Re: SSL RPC with bitcoind
Post by: gweedo on July 18, 2012, 06:06:43 AM
Code:
curl --user bob --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' https://127.0.0.1:8332/
you need the content type as
Code:
application/json
and you need the server=1 in your .conf otherwise bitcoind will not accept JSON RPC commands at all!

also make sure your openssl is correct, search the forums cause if you using it on linux you have to make sure the one pre-installed is the correct version and has the correct algos for bitcoind

Title: Re: SSL RPC with bitcoind
Post by: mav on July 18, 2012, 06:29:54 AM
Found this little gem

http://bitcoin.stackexchange.com/questions/2707/bitcoin-rpc-ssl-error (http://bitcoin.stackexchange.com/questions/2707/bitcoin-rpc-ssl-error)

I copied by server.cert and server.pem to ~/.bitcoin/testnet folder rather than in ~/.bitcoin

Now I have a working ssl rpc connection. Thanks for the help gweedo.

also using curl with a self-signed certificate requires the -k option so I used this command to check it, with success

Code:
curl --user bob --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: application/json;' https://127.0.0.1:8332/ -k

Title: Re: SSL RPC with bitcoind
Post by: gweedo on July 18, 2012, 06:36:59 AM
Your welcome glad to help


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines