From 45f6bcae43a8a731c1902408701746cb0f87ff7c Mon Sep 17 00:00:00 2001 From: evoskuil Date: Sat, 24 Jan 2026 18:35:27 -0500 Subject: [PATCH 1/2] Add certificate_authority parsing. --- src/parser.cpp | 15 +++++++++++++++ test/settings.cpp | 12 ++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/parser.cpp b/src/parser.cpp index 5489175e..0255541f 100644 --- a/src/parser.cpp +++ b/src/parser.cpp @@ -828,6 +828,11 @@ options_metadata parser::load_settings() THROWS value(&configured.server.web.safes), "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) + ( + "web.certificate_authorities", + value(&configured.server.web.certificate_authorities), + "The certificate authority directory (*.PEM), enables client authentication." + ) ( "web.certificate_path", value(&configured.server.web.certificate_path), @@ -910,6 +915,11 @@ options_metadata parser::load_settings() THROWS value(&configured.server.explore.safes), "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) + ( + "explore.certificate_authorities", + value(&configured.server.explore.certificate_authorities), + "The certificate authority directory (*.PEM), enables client authentication." + ) ( "explore.certificate_path", value(&configured.server.explore.certificate_path), @@ -997,6 +1007,11 @@ options_metadata parser::load_settings() THROWS value(&configured.server.bitcoind.safes), "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) + ( + "bitcoind.certificate_authorities", + value(&configured.server.bitcoind.certificate_authorities), + "The certificate authority directory (*.PEM), enables client authentication." + ) ( "bitcoind.certificate_path", value(&configured.server.bitcoind.certificate_path), diff --git a/test/settings.cpp b/test/settings.cpp index 2853eaa5..2d061122 100644 --- a/test/settings.cpp +++ b/test/settings.cpp @@ -68,7 +68,7 @@ BOOST_AUTO_TEST_CASE(server__html_server__defaults__expected) // tls_server BOOST_REQUIRE(!instance.secure()); BOOST_REQUIRE(instance.safes.empty()); - BOOST_REQUIRE(instance.certificate_authority.empty()); + BOOST_REQUIRE(instance.certificate_authorities.empty()); BOOST_REQUIRE(instance.certificate_path.empty()); BOOST_REQUIRE(instance.key_path.empty()); BOOST_REQUIRE(instance.key_password.empty()); @@ -110,7 +110,7 @@ BOOST_AUTO_TEST_CASE(server__web_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authority.empty()); + BOOST_REQUIRE(server.certificate_authorities.empty()); BOOST_REQUIRE(server.certificate_path.empty()); BOOST_REQUIRE(server.key_path.empty()); BOOST_REQUIRE(server.key_password.empty()); @@ -152,7 +152,7 @@ BOOST_AUTO_TEST_CASE(server__explore_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authority.empty()); + BOOST_REQUIRE(server.certificate_authorities.empty()); BOOST_REQUIRE(server.certificate_path.empty()); BOOST_REQUIRE(server.key_path.empty()); BOOST_REQUIRE(server.key_password.empty()); @@ -195,7 +195,7 @@ BOOST_AUTO_TEST_CASE(server__bitcoind_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authority.empty()); + BOOST_REQUIRE(server.certificate_authorities.empty()); BOOST_REQUIRE(server.certificate_path.empty()); BOOST_REQUIRE(server.key_path.empty()); BOOST_REQUIRE(server.key_password.empty()); @@ -226,7 +226,7 @@ BOOST_AUTO_TEST_CASE(server__electrum_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authority.empty()); + BOOST_REQUIRE(server.certificate_authorities.empty()); BOOST_REQUIRE(server.certificate_path.empty()); BOOST_REQUIRE(server.key_path.empty()); BOOST_REQUIRE(server.key_password.empty()); @@ -252,7 +252,7 @@ BOOST_AUTO_TEST_CASE(server__stratum_v1_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authority.empty()); + BOOST_REQUIRE(server.certificate_authorities.empty()); BOOST_REQUIRE(server.certificate_path.empty()); BOOST_REQUIRE(server.key_path.empty()); BOOST_REQUIRE(server.key_password.empty()); From 675095873d9fb7b6bceb13afdbb3804f3e375b52 Mon Sep 17 00:00:00 2001 From: evoskuil Date: Sun, 25 Jan 2026 02:33:08 -0500 Subject: [PATCH 2/2] Rename tls settings. --- src/parser.cpp | 44 ++++++++++++++++++++++---------------------- test/settings.cpp | 36 ++++++++++++++++++------------------ 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/src/parser.cpp b/src/parser.cpp index 0255541f..5d18c2d9 100644 --- a/src/parser.cpp +++ b/src/parser.cpp @@ -829,13 +829,13 @@ options_metadata parser::load_settings() THROWS "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) ( - "web.certificate_authorities", - value(&configured.server.web.certificate_authorities), + "web.cert_auth", + value(&configured.server.web.cert_auth), "The certificate authority directory (*.PEM), enables client authentication." ) ( - "web.certificate_path", - value(&configured.server.web.certificate_path), + "web.cert_path", + value(&configured.server.web.cert_path), "The path to the server certificate file (.PEM), defaults to unused." ) ( @@ -844,8 +844,8 @@ options_metadata parser::load_settings() THROWS "The path to the server private key file (.PEM), defaults to unused." ) ( - "web.key_password", - value(&configured.server.web.key_password), + "web.key_pass", + value(&configured.server.web.key_pass), "The password to decrypt the server private key file (.PEM), optional." ) ( @@ -916,13 +916,13 @@ options_metadata parser::load_settings() THROWS "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) ( - "explore.certificate_authorities", - value(&configured.server.explore.certificate_authorities), + "explore.cert_auth", + value(&configured.server.explore.cert_auth), "The certificate authority directory (*.PEM), enables client authentication." ) ( - "explore.certificate_path", - value(&configured.server.explore.certificate_path), + "explore.cert_path", + value(&configured.server.explore.cert_path), "The path to the server certificate file (.PEM), defaults to unused." ) ( @@ -931,8 +931,8 @@ options_metadata parser::load_settings() THROWS "The path to the server private key file (.PEM), defaults to unused." ) ( - "explore.key_password", - value(&configured.server.explore.key_password), + "explore.key_pass", + value(&configured.server.explore.key_pass), "The password to decrypt the server private key file (.PEM), optional." ) ( @@ -1008,13 +1008,13 @@ options_metadata parser::load_settings() THROWS "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) ( - "bitcoind.certificate_authorities", - value(&configured.server.bitcoind.certificate_authorities), + "bitcoind.cert_auth", + value(&configured.server.bitcoind.cert_auth), "The certificate authority directory (*.PEM), enables client authentication." ) ( - "bitcoind.certificate_path", - value(&configured.server.bitcoind.certificate_path), + "bitcoind.cert_path", + value(&configured.server.bitcoind.cert_path), "The path to the server certificate file (.PEM), defaults to unused." ) ( @@ -1023,8 +1023,8 @@ options_metadata parser::load_settings() THROWS "The path to the server private key file (.PEM), defaults to unused." ) ( - "bitcoind.key_password", - value(&configured.server.bitcoind.key_password), + "bitcoind.key_pass", + value(&configured.server.bitcoind.key_pass), "The password to decrypt the server private key file (.PEM), optional." ) ( @@ -1085,8 +1085,8 @@ options_metadata parser::load_settings() THROWS "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) ( - "electrum.certificate_path", - value(&configured.server.electrum.certificate_path), + "electrum.cert_path", + value(&configured.server.electrum.cert_path), "The path to the server certificate file (.PEM), defaults to unused." ) ( @@ -1132,8 +1132,8 @@ options_metadata parser::load_settings() THROWS "IP address to secure bind, multiple allowed, defaults to empty (disabled)." ) ( - "stratum_v1.certificate_path", - value(&configured.server.stratum_v1.certificate_path), + "stratum_v1.cert_path", + value(&configured.server.stratum_v1.cert_path), "The path to the server certificate file (.PEM), defaults to unused." ) ( diff --git a/test/settings.cpp b/test/settings.cpp index 2d061122..f7b10851 100644 --- a/test/settings.cpp +++ b/test/settings.cpp @@ -68,10 +68,10 @@ BOOST_AUTO_TEST_CASE(server__html_server__defaults__expected) // tls_server BOOST_REQUIRE(!instance.secure()); BOOST_REQUIRE(instance.safes.empty()); - BOOST_REQUIRE(instance.certificate_authorities.empty()); - BOOST_REQUIRE(instance.certificate_path.empty()); + BOOST_REQUIRE(instance.cert_auth.empty()); + BOOST_REQUIRE(instance.cert_path.empty()); BOOST_REQUIRE(instance.key_path.empty()); - BOOST_REQUIRE(instance.key_password.empty()); + BOOST_REQUIRE(instance.key_pass.empty()); // http_server BOOST_REQUIRE_EQUAL(instance.server, BC_HTTP_SERVER_NAME); @@ -110,10 +110,10 @@ BOOST_AUTO_TEST_CASE(server__web_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authorities.empty()); - BOOST_REQUIRE(server.certificate_path.empty()); + BOOST_REQUIRE(server.cert_auth.empty()); + BOOST_REQUIRE(server.cert_path.empty()); BOOST_REQUIRE(server.key_path.empty()); - BOOST_REQUIRE(server.key_password.empty()); + BOOST_REQUIRE(server.key_pass.empty()); // http_server BOOST_REQUIRE_EQUAL(server.server, BC_HTTP_SERVER_NAME); @@ -152,10 +152,10 @@ BOOST_AUTO_TEST_CASE(server__explore_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authorities.empty()); - BOOST_REQUIRE(server.certificate_path.empty()); + BOOST_REQUIRE(server.cert_auth.empty()); + BOOST_REQUIRE(server.cert_path.empty()); BOOST_REQUIRE(server.key_path.empty()); - BOOST_REQUIRE(server.key_password.empty()); + BOOST_REQUIRE(server.key_pass.empty()); // http_server BOOST_REQUIRE_EQUAL(server.server, BC_HTTP_SERVER_NAME); @@ -195,10 +195,10 @@ BOOST_AUTO_TEST_CASE(server__bitcoind_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authorities.empty()); - BOOST_REQUIRE(server.certificate_path.empty()); + BOOST_REQUIRE(server.cert_auth.empty()); + BOOST_REQUIRE(server.cert_path.empty()); BOOST_REQUIRE(server.key_path.empty()); - BOOST_REQUIRE(server.key_password.empty()); + BOOST_REQUIRE(server.key_pass.empty()); // http_server BOOST_REQUIRE_EQUAL(server.server, BC_HTTP_SERVER_NAME); @@ -226,10 +226,10 @@ BOOST_AUTO_TEST_CASE(server__electrum_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authorities.empty()); - BOOST_REQUIRE(server.certificate_path.empty()); + BOOST_REQUIRE(server.cert_auth.empty()); + BOOST_REQUIRE(server.cert_path.empty()); BOOST_REQUIRE(server.key_path.empty()); - BOOST_REQUIRE(server.key_password.empty()); + BOOST_REQUIRE(server.key_pass.empty()); } BOOST_AUTO_TEST_CASE(server__stratum_v1_server__defaults__expected) @@ -252,10 +252,10 @@ BOOST_AUTO_TEST_CASE(server__stratum_v1_server__defaults__expected) // tls_server BOOST_REQUIRE(!server.secure()); BOOST_REQUIRE(server.safes.empty()); - BOOST_REQUIRE(server.certificate_authorities.empty()); - BOOST_REQUIRE(server.certificate_path.empty()); + BOOST_REQUIRE(server.cert_auth.empty()); + BOOST_REQUIRE(server.cert_path.empty()); BOOST_REQUIRE(server.key_path.empty()); - BOOST_REQUIRE(server.key_password.empty()); + BOOST_REQUIRE(server.key_pass.empty()); } BOOST_AUTO_TEST_CASE(server__stratum_v2_server__defaults__expected)