Skip to content

rfq: add tls support for price oracles #1775

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

rfq: add tls support for price oracles #1775

wants to merge 7 commits into from

Conversation

jtobin
Copy link
Member

@jtobin jtobin commented Aug 30, 2025
edited
Loading

(Draft, for now, as the test suite still needs a little work.)

Adds TLS support for communication with price oracles, mostly following the suggestions proposed in #1278. Adds configuration options for skipping certificate verification, distrusting the operating system's root CA list, and using a custom certificate.

Resolves #1278.

@jtobin
rfq: introduce, use tls module
166bc8c 
Introduces rfq/tls.go, which contains a basic TLSConfig type and default
value of such. The default value, which for now only indicates that
certificate verification should be skipped, is used in place of the
'dialInsecure' bool when setting up the price oracle RPC.
@jtobin jtobin added security mainnet preparedness Goal issues to be completed before mainnet release RFQ Work relating to TAP channel Request For Quote (RFQ). oracle labels Aug 30, 2025
@coveralls
Copy link

coveralls commented Aug 30, 2025
edited
Loading

Pull Request Test Coverage Report for Build 17361316751

Details

  • 57 of 69 (82.61%) changed or added relevant lines in 5 files are covered.
  • 35 unchanged lines in 9 files lost coverage.
  • Overall coverage increased (+8.1%) to 56.705%
Changes Missing Coverage Covered Lines Changed/Added Lines %
rfq/tls.go 23 25 92.0%
tapcfg/server.go 3 6 50.0%
tapcfg/config.go 26 33 78.79%
Files with Coverage Reduction New Missed Lines %
tapdb/addrs.go 2 78.23%
tapdb/mssmt.go 2 91.36%
tapgarden/custodian.go 2 77.02%
itest/assertions.go 3 89.08%
itest/multisig.go 3 97.91%
proof/verifier.go 3 86.82%
mssmt/compacted_tree.go 4 80.0%
tapdb/assets_store.go 7 79.61%
universe/archive.go 9 80.05%
Totals Coverage Status
Change from base Build 17301129198: 8.1%
Covered Lines: 61073
Relevant Lines: 107703
💛 - Coveralls

@jtobin
rfq: allow os, custom certificates
bf0387b 
Adds both 'TrustSystemRootCAs' and 'CustomCertificates' to the rfq
TLSConfig. The former indicates whether or not to trust the operating
system's root CA list; the latter allows additional certificates (CA or
self-signed) to be trusted.

Also adds a basic unit test skeleton.
jtobin added 4 commits August 31, 2025 10:57
@jtobin
tapcfg: add price oracle TLS config
138eef4 
We don't skip certificate verification by default, and also default to
trusting the operating system's root CA list.
@jtobin
rfq: add tls test cases
ea7c0ca 
Adds some basic test cases for configuring transport credentials.
@jtobin
itest: use insecure connection with oracle harness
a9fcc6c 
Ensures that certificate verification is skipped when constructing a
communication channel with the itest oracle harness.
@jtobin
docs: add release notes
9910220
@jtobin
rfq+tapcfg: disable tls when flag present
f03cb78 
Ensures the price oracle TLS toggle fits the existing pattern of flags
defaulting to false.
@jtobin jtobin requested review from ffranr and GeorgeTsagk August 31, 2025 19:59
@jtobin jtobin marked this pull request as ready for review August 31, 2025 20:00
@jtobin
Copy link
Member Author

jtobin commented Aug 31, 2025

(Changed this from draft; I think the litd tests are failing for an unrelated reason.)

@jtobin
Copy link
Member Author

jtobin commented Sep 3, 2025

(As pointed out by @ZZiigguurraatt, to be more precise: TLS support already existed for price oracles, but certificate verification was skipped entirely.)

jtobin
jtobin commented Sep 3, 2025
View reviewed changes
rfq/cli.go

PriceOracleTLSInsecure bool `long:"priceoracletlsinsecure" description:"Disable price oracle certificate verification."`

PriceOracleTLSNoSystemCAs bool `long:"priceoracletlsnosystemcas" description:"Disable use of the operating system's list of root CA's when verifiying price oracle certificates."`
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: s/verifiying/verifying

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ffranr ffranr Awaiting requested review from ffranr

@GeorgeTsagk GeorgeTsagk Awaiting requested review from GeorgeTsagk

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
mainnet preparedness Goal issues to be completed before mainnet release oracle RFQ Work relating to TAP channel Request For Quote (RFQ). security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[bug]: price oracle TLS/SSL certificate validation missing
2 participants
@jtobin @coveralls