0ecfc7cb1a
When starting, the code generates a new ephemeral private key and a corresponding certificate to go along with it. This process can take time and, while this is unlikely to matter for normal server operations, it can have a significant impact for unit testing and development. Profiling data suggests that ~20% of the time needed for a unit test run can be attributed to this. This commit does several things: 1. It restructures the code so that a new self-signed certificate and its corresponding private key are only initialized once at startup; this has minimal impact on the operation of a regular server. 2. It provides new default DH parameters. This doesn't impact the security of the connection, but those who compile from scratch can generate new parameters if they so choose. 3. It properly sets the version number in the certificate, fixing issue #4007; thanks to @donovanhide for the report. 4. It uses SHA-256 instead of SHA-1 as the hash algorithm for the certificate and adds some X.509 extensions as well as a random 128-bit serial number. 5. It rounds the certificate's "start of validity" period so that the server's precise startup time cannot be easily deduced and limits the validity period to two years, down from ten years. 6. It removes some CBC-based ciphers from the default cipher list to avoid some potential security issues, such as CVE-2016-2107 and CVE-2013-0169.
rippled Source
Some of these directories come from entire outside repositories brought in
using [git-subtree][]. This means that the source files are inserted directly
into the rippled repository. They can be edited and committed just as if they
were normal files.
[git-subtree]: https://github.com/apenwarr/git-subtree
If you create a commit that contains files both from a subtree, and from the
rippled source tree, please use care when designing the commit message, since
it will appear in the subtree's individual repository when the changes are
pushed back to the upstream. Better yet, do not mix files from subtrees and
ripple in the same commit at all.
Source folders:
| Folder | Upstream Repo | Description |
|---|---|---|
beast |
N/A | legacy utility code that was formerly associated with boost::beast |
ed25519-donna |
https://github.com/floodyberry/ed25519-donna | Ed25519 digital signatures |
ripple |
N/A | Core source code for rippled |
secp256k1 |
https://github.com/bitcoin-core/secp256k1 | ECDSA digital signatures using the secp256k1 curve |
test |
N/A | Unit tests for rippled |
The following dependencies are downloaded and built using ExternalProject (or FetchContent, where possible). Refer to CMakeLists.txt file for details about how these sources are built :
| Name | Upstream Repo | Description |
|---|---|---|
lz4 |
https://github.com/lz4/lz4 | LZ4 lossless compression algorithm |
nudb |
https://github.com/vinniefalco/NuDB | Constant-time insert-only key/value database for SSD drives (Less memory usage than RocksDB.) |
snappy |
https://github.com/google/snappy | "Snappy" lossless compression algorithm. |
soci |
https://github.com/SOCI/soci | Abstraction layer for database access. |
sqlite |
https://www.sqlite.org/src | An embedded database engine that writes to simple files. |
rocksdb |
https://github.com/facebook/rocksdb | Fast key/value database. (Supports rotational disks better than NuDB.) |
protobuf |
https://github.com/google/protobuf | Protocol buffer data interchange format. Only downloaded/built if a suitable version is not found by find_package, or if the local_protobuf option is explicitly set |