Merge pull request #221 from wowario/upstream

Upstream and other stuff

.dockerignore

@@ -0,0 +1,5 @@
+!Dockerfile
+/build/*
+*.md
+.git/
+.gitignore

.github/FUNDING.yml

@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: https://dev-funding.webui.wowkira.com

.gitmodules

@@ -12,3 +12,7 @@
 [submodule "external/trezor-common"]
 	path = external/trezor-common
 	url = https://github.com/trezor/trezor-common.git
+[submodule "external/randomwow"]
+	path = external/randomwow
+	url = https://github.com/wownero/RandomWOW
+	branch = master

.travis.yml

@@ -10,16 +10,12 @@ cache:
 env:
   global:
     - MAKEJOBS=-j3
-    - RUN_TESTS=false
-    - BOOST_TEST_RANDOM=1$TRAVIS_BUILD_ID
     - CCACHE_SIZE=100M
     - CCACHE_TEMPDIR=/tmp/.ccache-temp
     - CCACHE_COMPRESS=1
     - CCACHE_DIR=$HOME/.ccache
     - BASE_OUTDIR=$TRAVIS_BUILD_DIR/out
     - SDK_URL=https://bitcoincore.org/depends-sources/sdks
-    - PYTHON_DEBUG=1
-    - WINEDEBUG=fixme-all
     - DOCKER_PACKAGES="build-essential libtool cmake autotools-dev automake pkg-config bsdmainutils curl git ca-certificates ccache"
   matrix:
 # ARM v7
@@ -27,20 +23,20 @@ env:
 # ARM v8
     - HOST=aarch64-linux-gnu PACKAGES="python3 gperf g++-aarch64-linux-gnu"
 # i686 Win
-    - HOST=i686-w64-mingw32 PACKAGES="python3 nsis g++-mingw-w64-i686"
+    - HOST=i686-w64-mingw32 DEP_OPTS="NO_QT=1" PACKAGES="python3 g++-mingw-w64-i686 qttools5-dev-tools"
 # i686 Linux
-    - HOST=i686-pc-linux-gnu PACKAGES="gperf cmake g++-multilib bc python3-zmq" RUN_TESTS=true
+    - HOST=i686-pc-linux-gnu PACKAGES="gperf cmake g++-multilib python3-zmq"
 # Win64
-    - HOST=x86_64-w64-mingw32 PACKAGES="cmake python3 nsis g++-mingw-w64-x86-64 wine-binfmt wine64 bc" RUN_TESTS=true
+    - HOST=x86_64-w64-mingw32 DEP_OPTS="NO_QT=1" PACKAGES="cmake python3 g++-mingw-w64-x86-64 qttools5-dev-tools"
 # x86_64 Linux
-    - HOST=x86_64-unknown-linux-gnu PACKAGES="gperf cmake python3-zmq libdbus-1-dev libharfbuzz-dev" RUN_TESTS=true
+    - HOST=x86_64-unknown-linux-gnu PACKAGES="gperf cmake python3-zmq libdbus-1-dev libharfbuzz-dev"
 # Cross-Mac
     - HOST=x86_64-apple-darwin11 PACKAGES="cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev python3-setuptools-git" OSX_SDK=10.11
 
 before_install:
     - export PATH=$(echo $PATH | tr ':' "\n" | sed '/\/opt\/python/d' | tr "\n" ":" | sed "s|::|:|g")
 install:
-    - env | grep -E '^(CCACHE_|WINEDEBUG|DISPLAY|BOOST_TEST_RANDOM|CONFIG_SHELL)' | tee /tmp/env
+    - env | grep -E '^(CCACHE_|DISPLAY|CONFIG_SHELL)' | tee /tmp/env
     - if [[ $HOST = *-mingw32 ]]; then DOCKER_ADMIN="--cap-add SYS_ADMIN"; fi
     - DOCKER_ID=$(docker run $DOCKER_ADMIN -idt --mount type=bind,src=$TRAVIS_BUILD_DIR,dst=$TRAVIS_BUILD_DIR --mount type=bind,src=$CCACHE_DIR,dst=$CCACHE_DIR -w $TRAVIS_BUILD_DIR --env-file /tmp/env ubuntu:18.04)
     - DOCKER_EXEC="docker exec $DOCKER_ID"

ANONYMITY_NETWORKS.md

@@ -0,0 +1,210 @@
+# Anonymity Networks with Monero
+
+Currently only Tor and I2P have been integrated into Monero. The usage of
+these networks is still considered experimental - there are a few pessimistic
+cases where privacy is leaked. The design is intended to maximize privacy of
+the source of a transaction by broadcasting it over an anonymity network, while
+relying on IPv4 for the remainder of messages to make surrounding node attacks
+(via sybil) more difficult.
+
+
+## Behavior
+
+If _any_ anonymity network is enabled, transactions being broadcast that lack
+a valid "context" (i.e. the transaction did not come from a p2p connection),
+will only be sent to peers on anonymity networks. If an anonymity network is
+enabled but no peers over an anonymity network are available, an error is
+logged and the transaction is kept for future broadcasting over an anonymity
+network. The transaction will not be broadcast unless an anonymity connection
+is made or until `monerod` is shutdown and restarted with only public
+connections enabled.
+
+Anonymity networks can also be used with `monero-wallet-cli` and
+`monero-wallet-rpc` - the wallets will connect to a daemon through a proxy. The
+daemon must provide a hidden service for the RPC itself, which is separate from
+the hidden service for P2P connections.
+
+
+## P2P Commands
+
+Only handshakes, peer timed syncs and transaction broadcast messages are
+supported over anonymity networks. If one `--add-exclusive-node` p2p address
+is specified, then no syncing will take place and only transaction broadcasting
+can occur. It is therefore recommended that `--add-exclusive-node` be combined
+with additional exclusive IPv4 address(es).
+
+
+## Usage
+
+Anonymity networks have no seed nodes (the feature is still considered
+experimental), so a user must specify an address. If configured properly,
+additional peers can be found through typical p2p peerlist sharing.
+
+### Outbound Connections
+
+Connecting to an anonymous address requires the command line option
+`--proxy` which tells `monerod` the ip/port of a socks proxy provided by a
+separate process. On most systems the configuration will look like:
+
+> `--proxy tor,127.0.0.1:9050,10`
+> `--proxy i2p,127.0.0.1:9000`
+
+which tells `monerod` that ".onion" p2p addresses can be forwarded to a socks
+proxy at IP 127.0.0.1 port 9050 with a max of 10 outgoing connections and
+".b32.i2p" p2p addresses can be forwarded to a socks proxy at IP 127.0.0.1 port
+9000 with the default max outgoing connections. Since there are no seed nodes
+for anonymity connections, peers must be manually specified:
+
+> `--add-exclusive-node rveahdfho7wo4b2m.onion:28083`
+> `--add-peer rveahdfho7wo4b2m.onion:28083`
+
+Either option can be listed multiple times, and can specify any mix of Tor,
+I2P, and IPv4 addresses. Using `--add-exclusive-node` will prevent the usage of
+seed nodes on ALL networks, which will typically be undesireable.
+
+### Inbound Connections
+
+Receiving anonymity connections is done through the option
+`--anonymous-inbound`. This option tells `monerod` the inbound address, network
+type, and max connections:
+
+> `--anonymous-inbound rveahdfho7wo4b2m.onion:28083,127.0.0.1:28083,25`
+> `--anonymous-inbound cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p:5000,127.0.0.1:30000`
+
+which tells `monerod` that a max of 25 inbound Tor connections are being
+received at address "rveahdfho7wo4b2m.onion:28083" and forwarded to `monerod`
+localhost port 28083, and a default max I2P connections are being received at
+address "cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p:5000" and
+forwarded to `monerod` localhost port 30000.
+These addresses will be shared with outgoing peers, over the same network type,
+otherwise the peer will not be notified of the peer address by the proxy.
+
+### Wallet RPC
+
+An anonymity network can be configured to forward incoming connections to a
+`monerod` RPC port - which is independent from the configuration for incoming
+P2P anonymity connections. The anonymity network (Tor/i2p) is
+[configured in the same manner](#configuration), except the localhost port
+must be the RPC port (typically 18081 for mainnet) instead of the p2p port:
+
+> HiddenServiceDir /var/lib/tor/data/monero
+> HiddenServicePort 18081 127.0.0.1:18081
+
+Then the wallet will be configured to use a Tor/i2p address:
+> `--proxy 127.0.0.1:9050`
+> `--daemon-address rveahdfho7wo4b2m.onion`
+
+The proxy must match the address type - a Tor proxy will not work properly with
+i2p addresses, etc.
+
+i2p and onion addresses provide the information necessary to authenticate and
+encrypt the connection from end-to-end. If desired, SSL can also be applied to
+the connection with `--daemon-address https://rveahdfho7wo4b2m.onion` which
+requires a server certificate that is signed by a "root" certificate on the
+machine running the wallet. Alternatively, `--daemon-cert-file` can be used to
+specify a certificate to authenticate the server.
+
+Proxies can also be used to connect to "clearnet" (ipv4 addresses or ICANN
+domains), but `--daemon-cert-file` _must_ be used for authentication and
+encryption.
+
+### Network Types
+
+#### Tor & I2P
+
+Options `--add-exclusive-node` and `--add-peer` recognize ".onion" and
+".b32.i2p" addresses, and will properly forward those addresses to the proxy
+provided with `--proxy tor,...` or `--proxy i2p,...`.
+
+Option `--anonymous-inbound` also recognizes ".onion" and ".b32.i2p" addresses,
+and will automatically be sent out to outgoing Tor/I2P connections so the peer
+can distribute the address to its other peers.
+
+##### Configuration
+
+Tor must be configured for hidden services. An example configuration ("torrc")
+might look like:
+
+> HiddenServiceDir /var/lib/tor/data/monero
+> HiddenServicePort 28083 127.0.0.1:28083
+
+This will store key information in `/var/lib/tor/data/monero` and will forward
+"Tor port" 28083 to port 28083 of ip 127.0.0.1. The file
+`/usr/lib/tor/data/monero/hostname` will contain the ".onion" address for use
+with `--anonymous-inbound`.
+
+I2P must be configured with a standard server tunnel. Configuration differs by
+I2P implementation.
+
+## Privacy Limitations
+
+There are currently some techniques that could be used to _possibly_ identify
+the machine that broadcast a transaction over an anonymity network.
+
+### Timestamps
+
+The peer timed sync command sends the current time in the message. This value
+can be used to link an onion address to an IPv4/IPv6 address. If a peer first
+sees a transaction over Tor, it could _assume_ (possibly incorrectly) that the
+transaction originated from the peer. If both the Tor connection and an
+IPv4/IPv6 connection have timestamps that are approximately close in value they
+could be used to link the two connections. This is less likely to happen if the
+system clock is fairly accurate - many peers on the Monero network should have
+similar timestamps.
+
+#### Mitigation
+
+Keep the system clock accurate so that fingerprinting is more difficult. In
+the future a random offset might be applied to anonymity networks so that if
+the system clock is noticeably off (and therefore more fingerprintable),
+linking the public IPv4/IPv6 connections with the anonymity networks will be
+more difficult.
+
+### Bandwidth Usage
+
+An ISP can passively monitor `monerod` connections from a node and observe when
+a transaction is sent over a Tor/I2P connection via timing analysis + size of
+data sent during that timeframe. I2P should provide better protection against
+this attack - its connections are not circuit based. However, if a node is
+only using I2P for broadcasting Monero transactions, the total aggregate of
+I2P data would also leak information.
+
+#### Mitigation
+
+There is no current mitigation for the user right now. This attack is fairly
+sophisticated, and likely requires support from the internet host of a Monero
+user.
+
+In the near future, "whitening" the amount of data sent over anonymity network
+connections will be performed. An attempt will be made to make a transaction
+broadcast indistinguishable from a peer timed sync command.
+
+### Intermittent Monero Syncing
+
+If a user only runs `monerod` to send a transaction then quit, this can also
+be used by an ISP to link a user to a transaction.
+
+#### Mitigation
+
+Run `monerod` as often as possible to conceal when transactions are being sent.
+Future versions will also have peers that first receive a transaction over an
+anonymity network delay the broadcast to public peers by a randomized amount.
+This will not completetely mitigate a user who syncs up sends then quits, in
+part because this rule is not enforceable, so this mitigation strategy is
+simply a best effort attempt.
+
+### Active Bandwidth Shaping
+
+An attacker could attempt to bandwidth shape traffic in an attempt to determine
+the source of a Tor/I2P connection. There isn't great mitigation against
+this, but I2P should provide better protection against this attack since
+the connections are not circuit based.
+
+#### Mitigation
+
+The best mitigiation is to use I2P instead of Tor. However, I2P
+has a smaller set of users (less cover traffic) and academic reviews, so there
+is a tradeoff in potential isses. Also, anyone attempting this strategy really
+wants to uncover a user, it seems unlikely that this would be performed against
+every Tor/I2P user.
+

CMakeLists.txt

@@ -44,6 +44,8 @@ message(STATUS "CMake version ${CMAKE_VERSION}")
 
 project(monero)
 
+enable_language(C ASM)
+
 function (die msg)
   if (NOT WIN32)
     string(ASCII 27 Esc)
@@ -113,6 +115,9 @@ string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER)
 # to identify the target architecture, to direct logic in this cmake script.
 # Since ARCH is a cached variable, it will not be set on first cmake invocation.
 if (NOT ARCH OR ARCH STREQUAL "" OR ARCH STREQUAL "native" OR ARCH STREQUAL "default")
+  if(CMAKE_SYSTEM_PROCESSOR STREQUAL "")
+    set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_HOST_SYSTEM_PROCESSOR})
+  endif()
   set(ARCH_ID "${CMAKE_SYSTEM_PROCESSOR}")
 else()
   set(ARCH_ID "${ARCH}")
@@ -200,6 +205,7 @@ if(NOT MANUAL_SUBMODULES)
     check_submodule(external/unbound)
     check_submodule(external/rapidjson)
     check_submodule(external/trezor-common)
+    check_submodule(external/randomwow)
   endif()
 endif()
 
@@ -684,8 +690,11 @@ else()
     add_cxx_flag_if_supported(-fstack-clash-protection CXX_SECURITY_FLAGS)
   endif()
 
-  add_c_flag_if_supported(-mmitigate-rop C_SECURITY_FLAGS)
-  add_cxx_flag_if_supported(-mmitigate-rop CXX_SECURITY_FLAGS)
+  # Removed in GCC 9.1 (or before ?), but still accepted, so spams the output
+  if (NOT (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))
+    add_c_flag_if_supported(-mmitigate-rop C_SECURITY_FLAGS)
+    add_cxx_flag_if_supported(-mmitigate-rop CXX_SECURITY_FLAGS)
+  endif()
 
   # linker
   if (NOT WIN32)
@@ -704,7 +713,6 @@ else()
   endif()
 
   if(BACKCOMPAT)
-      add_definitions(-DFDELT_TYPE=long\ int)
       add_linker_flag_if_supported(-Wl,--wrap=__divmoddi4 LD_BACKCOMPAT_FLAGS)
       add_linker_flag_if_supported(-Wl,--wrap=glob LD_BACKCOMPAT_FLAGS)
       message(STATUS "Using Lib C back compat flags: ${LD_BACKCOMPAT_FLAGS}")
@@ -891,6 +899,7 @@ set(OLD_LIB_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES})
 if(STATIC)
   if(MINGW)
     set(CMAKE_FIND_LIBRARY_SUFFIXES .a)
+    set(Boost_NO_BOOST_CMAKE ON)
   endif()
 
   set(Boost_USE_STATIC_LIBS ON)
@@ -900,13 +909,19 @@ find_package(Boost 1.58 QUIET REQUIRED COMPONENTS system filesystem thread date_
 
 set(CMAKE_FIND_LIBRARY_SUFFIXES ${OLD_LIB_SUFFIXES})
 if(NOT Boost_FOUND)
-  die("Could not find Boost libraries, please make sure you have installed Boost or libboost-all-dev (1.58) or the equivalent")
+  die("Could not find Boost libraries, please make sure you have installed Boost or libboost-all-dev (>=1.58) or the equivalent")
 elseif(Boost_FOUND)
   message(STATUS "Found Boost Version: ${Boost_VERSION}")
-  if (Boost_VERSION VERSION_LESS 106200 AND NOT (OPENSSL_VERSION VERSION_LESS 1.1))
-      message(FATAL_ERROR "Boost older than 1.62 is too old to link with OpenSSL 1.1 or newer. "
+  if (Boost_VERSION VERSION_LESS 10 AND Boost_VERSION VERSION_LESS 1.62.0 AND NOT (OPENSSL_VERSION VERSION_LESS 1.1))
+    set(BOOST_BEFORE_1_62 true)
+  endif()
+  if (NOT Boost_VERSION VERSION_LESS 10 AND Boost_VERSION VERSION_LESS 106200 AND NOT (OPENSSL_VERSION VERSION_LESS 1.1))
+    set(BOOST_BEFORE_1_62 true)
+  endif()
+  if (BOOST_BEFORE_1_62)
+      message(FATAL_ERROR "Boost ${Boost_VERSION} (older than 1.62) is too old to link with OpenSSL ${OPENSSL_VERSION} (1.1 or newer) found at ${OPENSSL_INCLUDE_DIR} and ${OPENSSL_LIBRARIES}. "
                           "Update Boost or install OpenSSL 1.0 and set path to it when running cmake: "
-                          "cmake -DOPENSSL_ROOT_DIR='/usr/include/openssl-1.0;/usr/lib/openssl-1.0'")
+                          "cmake -DOPENSSL_ROOT_DIR='/usr/include/openssl-1.0'")
   endif()
 endif()
 
@@ -915,7 +930,7 @@ if(MINGW)
   set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -Wa,-mbig-obj")
   set(EXTRA_LIBRARIES mswsock;ws2_32;iphlpapi;crypt32;bcrypt)
   if(DEPENDS)
-    set(ICU_LIBRARIES sicuio sicuin sicuuc sicudt sicutu iconv)
+    set(ICU_LIBRARIES icuio icui18n icuuc icudata icutu iconv)
   else()
     set(ICU_LIBRARIES icuio icuin icuuc icudt icutu iconv)
   endif()
@@ -1035,3 +1050,5 @@ option(INSTALL_VENDORED_LIBUNBOUND "Install libunbound binary built from source
 
 
 CHECK_C_COMPILER_FLAG(-std=c11 HAVE_C11)
+
+find_package(PythonInterp)

CMakeLists_IOS.txt

@@ -1,4 +1,4 @@
-# Portions Copyright (c) 2017-2018, The Monero Project
+# Portions Copyright (c) 2017-2019, The Monero Project
 # This file is based off of the https://code.google.com/archive/p/ios-cmake/
 # It has been altered for Monero iOS development
 #

CONTRIBUTING.md

@@ -88,26 +88,26 @@ C4 is meant to provide a reusable optimal collaboration model for open source so
 
 ### Preliminaries
 
-- The project SHALL use the git distributed revision control system.
-- The project SHALL be hosted on github.com or equivalent, herein called the "Platform".
-- The project SHALL use the Platform issue tracker.
+- The project MUST use the git distributed revision control system.
+- The project MUST be hosted on github.com or equivalent, herein called the "Platform".
+- The project MUST use the Platform issue tracker.
   - Non-GitHub example:
     - "Platform" could be a vanilla git repo and Trac hosted on the same machine/network.
     - The Platform issue tracker would be Trac.
 - The project SHOULD have clearly documented guidelines for code style.
 - A "Contributor" is a person who wishes to provide a patch, being a set of commits that solve some clearly identified problem.
 - A "Maintainer" is a person who merges patches to the project. Maintainers are not developers; their job is to enforce process.
-- Contributors SHALL NOT have commit access to the repository unless they are also Maintainers.
-- Maintainers SHALL have commit access to the repository.
-- Everyone, without distinction or discrimination, SHALL have an equal right to become a Contributor under the terms of this contract.
+- Contributors MUST NOT have commit access to the repository unless they are also Maintainers.
+- Maintainers MUST have commit access to the repository.
+- Everyone, without distinction or discrimination, MUST have an equal right to become a Contributor under the terms of this contract.
 
 ### Licensing and ownership
 
-- The project SHALL use a share-alike license, such as BSD-3, the GPLv3 or a variant thereof (LGPL, AGPL), or the MPLv2.
-- All contributions to the project source code ("patches") SHALL use the same license as the project.
-- All patches are owned by their authors. There SHALL NOT be any copyright assignment process.
-- The copyrights in the project SHALL be owned collectively by all its Contributors.
-- Each Contributor SHALL be responsible for identifying themselves in the project Contributor list.
+- The project MUST use a share-alike license, such as BSD-3, the GPLv3 or a variant thereof (LGPL, AGPL), or the MPLv2.
+- All contributions to the project source code ("patches") MUST use the same license as the project.
+- All patches are owned by their authors. There MUST NOT be any copyright assignment process.
+- The copyrights in the project MUST be owned collectively by all its Contributors.
+- Each Contributor MUST be responsible for identifying themselves in the project Contributor list.
 
 ### Patch requirements
 
@@ -116,27 +116,27 @@ C4 is meant to provide a reusable optimal collaboration model for open source so
 - A patch SHOULD be a minimal and accurate answer to exactly one identified and agreed problem.
 - A patch MUST adhere to the code style guidelines of the project if these are defined.
 - A patch MUST adhere to the "Evolution of Public Contracts" guidelines defined below.
-- A patch SHALL NOT include non-trivial code from other projects unless the Contributor is the original author of that code.
+- A patch MUST NOT include non-trivial code from other projects unless the Contributor is the original author of that code.
 - A patch MUST compile cleanly and pass project self-tests on at least the principle target platform.
 - A patch commit message SHOULD consist of a single short (less than 50 character) line summarizing the change, optionally followed by a blank line and then a more thorough description.
 - A "Correct Patch" is one that satisfies the above requirements.
 
 ### Development process
 
-- Change on the project SHALL be governed by the pattern of accurately identifying problems and applying minimal, accurate solutions to these problems.
+- Change on the project MUST be governed by the pattern of accurately identifying problems and applying minimal, accurate solutions to these problems.
 - To request changes, a user SHOULD log an issue on the project Platform issue tracker.
 - The user or Contributor SHOULD write the issue by describing the problem they face or observe.
 - The user or Contributor SHOULD seek consensus on the accuracy of their observation, and the value of solving the problem.
-- Users SHALL NOT log feature requests, ideas, or suggestions unrelated to Monero code or Monero's dependency code or Monero's potential/future dependency code or research which successfully implements Monero.
-- Users SHALL NOT log any solutions to problems (verifiable or hypothetical) of which are not explicitly documented and/or not provable and/or cannot be reasonably proven.
-- Thus, the release history of the project SHALL be a list of meaningful issues logged and solved.
-- To work on an issue, a Contributor SHALL fork the project repository and then work on their forked repository.
-- To submit a patch, a Contributor SHALL create a Platform pull request back to the project.
-- A Contributor SHALL NOT commit changes directly to the project.
+- Users MUST NOT log feature requests, ideas, or suggestions unrelated to Monero code or Monero's dependency code or Monero's potential/future dependency code or research which successfully implements Monero.
+- Users MUST NOT log any solutions to problems (verifiable or hypothetical) of which are not explicitly documented and/or not provable and/or cannot be reasonably proven.
+- Thus, the release history of the project MUST be a list of meaningful issues logged and solved.
+- To work on an issue, a Contributor MUST fork the project repository and then work on their forked repository.
+- To submit a patch, a Contributor MUST create a Platform pull request back to the project.
+- A Contributor MUST NOT commit changes directly to the project.
 - To discuss a patch, people MAY comment on the Platform pull request, on the commit, or elsewhere.
-- To accept or reject a patch, a Maintainer SHALL use the Platform interface.
+- To accept or reject a patch, a Maintainer MUST use the Platform interface.
 - Maintainers SHOULD NOT merge their own patches except in exceptional cases, such as non-responsiveness from other Maintainers for an extended period (more than 30 days) or unless urgent as defined by the Monero Maintainers Team.
-- Maintainers SHALL NOT make value judgments on correct patches unless the Maintainer (as may happen in rare circumstances) is a core code developer.
+- Maintainers MUST NOT make value judgments on correct patches unless the Maintainer (as may happen in rare circumstances) is a core code developer.
 - Maintainers MUST NOT merge pull requests in less than 168 hours (1 week) unless deemed urgent by at least 2 people from the Monero Maintainer Team.
 - The Contributor MAY tag an issue as "Ready" after making a pull request for the issue.
 - The user who created an issue SHOULD close the issue after checking the patch is successful.
@@ -146,27 +146,27 @@ C4 is meant to provide a reusable optimal collaboration model for open source so
 
 ### Creating stable releases
 
-- The project SHALL have one branch ("master") that always holds the latest in-progress version and SHOULD always build.
-- The project SHALL NOT use topic branches for any reason. Personal forks MAY use topic branches.
-- To make a stable release someone SHALL fork the repository by copying it and thus become maintainer of this repository.
+- The project MUST have one branch ("master") that always holds the latest in-progress version and SHOULD always build.
+- The project MUST NOT use topic branches for any reason. Personal forks MAY use topic branches.
+- To make a stable release someone MUST fork the repository by copying it and thus become maintainer of this repository.
 - Forking a project for stabilization MAY be done unilaterally and without agreement of project maintainers.
-- A patch to a stabilization project declared "stable" SHALL be accompanied by a reproducible test case.
+- A patch to a stabilization project declared "stable" MUST be accompanied by a reproducible test case.
 
 ### Evolution of public contracts
 
-- All Public Contracts (APIs or protocols) SHALL be documented.
+- All Public Contracts (APIs or protocols) MUST be documented.
 - All Public Contracts SHOULD have space for extensibility and experimentation.
 - A patch that modifies a stable Public Contract SHOULD not break existing applications unless there is overriding consensus on the value of doing this.
 - A patch that introduces new features to a Public Contract SHOULD do so using new names.
 - Old names SHOULD be deprecated in a systematic fashion by marking new names as "experimental" until they are stable, then marking the old names as "deprecated".
 - When sufficient time has passed, old deprecated names SHOULD be marked "legacy" and eventually removed.
-- Old names SHALL NOT be reused by new features.
+- Old names MUST NOT be reused by new features.
 - When old names are removed, their implementations MUST provoke an exception (assertion) if used by applications.
 
 ### Project administration
 
-- The project founders SHALL act as Administrators to manage the set of project Maintainers.
-- The Administrators SHALL ensure their own succession over time by promoting the most effective Maintainers.
-- A new Contributor who makes a correct patch SHALL be invited to become a Maintainer.
+- The project founders MUST act as Administrators to manage the set of project Maintainers.
+- The Administrators MUST ensure their own succession over time by promoting the most effective Maintainers.
+- A new Contributor who makes a correct patch MUST be invited to become a Maintainer.
 - Administrators MAY remove Maintainers who are inactive for an extended period of time, or who repeatedly fail to apply this process accurately.
 - Administrators SHOULD block or ban "bad actors" who cause stress and pain to others in the project. This should be done after public discussion, with a chance for all parties to speak. A bad actor is someone who repeatedly ignores the rules and culture of the project, who is needlessly argumentative or hostile, or who is offensive, and who is unable to self-correct their behavior when asked to do so by others.

Dockerfile

@@ -1,18 +1,32 @@
-# Multistage docker build, requires docker 17.05
+FROM debian:stable-slim
 
-# builder stage
-FROM ubuntu:16.04 as builder
+WORKDIR /data
 
-RUN set -ex && \
-    apt-get update && \
-    apt-get --no-install-recommends --yes install \
+RUN echo "\e[33mThis will take some time. Go and get a cup of coffee. We could be here all night.\e[39m"
+
+#su-exec
+ARG SUEXEC_VERSION=v0.2
+ARG SUEXEC_HASH=f85e5bde1afef399021fbc2a99c837cf851ceafa
+#Cmake
+ARG CMAKE_VERSION=3.14.0
+ARG CMAKE_VERSION_DOT=v3.14
+ARG CMAKE_HASH=aa76ba67b3c2af1946701f847073f4652af5cbd9f141f221c97af99127e75502
+## Boost
+ARG BOOST_VERSION=1_69_0
+ARG BOOST_VERSION_DOT=1.69.0
+ARG BOOST_HASH=8f32d4617390d1c2d16f26a27ab60d97807b35440d45891fa340fc2648b04406
+
+ENV CFLAGS '-fPIC -O2 -g'
+ENV CXXFLAGS '-fPIC -O2 -g'
+ENV LDFLAGS '-static-libstdc++'
+
+ENV BASE_DIR /usr/local
+
+RUN apt-get update -qq && apt-get --no-install-recommends -yqq install \
         ca-certificates \
-        cmake \
         g++ \
         make \
         pkg-config \
-        graphviz \
-        doxygen \
         git \
         curl \
         libtool-bin \
@@ -21,180 +35,249 @@ RUN set -ex && \
         bzip2 \
         xsltproc \
         gperf \
-        unzip
-
-WORKDIR /usr/local
-
-#Cmake
-ARG CMAKE_VERSION=3.13.0
-ARG CMAKE_VERSION_DOT=v3.13
-ARG CMAKE_HASH=4058b2f1a53c026564e8936698d56c3b352d90df067b195cb749a97a3d273c90 
-RUN set -ex \
-    && curl -s -O https://cmake.org/files/${CMAKE_VERSION_DOT}/cmake-${CMAKE_VERSION}.tar.gz \
+        unzip > /dev/null \
+        g++-aarch64-linux-gnu \
+        apt-utils \
+    && cd /data || exit 1 \
+    && echo "\e[32mbuilding: su-exec\e[39m" \
+    && git clone --branch ${SUEXEC_VERSION} --single-branch --depth 1 https://github.com/ncopa/su-exec.git su-exec.git > /dev/null \
+    && cd su-exec.git || exit 1 \
+    && test `git rev-parse HEAD` = ${SUEXEC_HASH} || exit 1 \
+    && make > /dev/null \
+    && cp su-exec /data \
+    && cd /data || exit 1 \
+    && rm -rf /data/su-exec.git \
+    && echo "\e[32mbuilding: Cmake\e[39m" \
+    && set -ex \
+    && curl -s -O https://cmake.org/files/${CMAKE_VERSION_DOT}/cmake-${CMAKE_VERSION}.tar.gz > /dev/null \
     && echo "${CMAKE_HASH}  cmake-${CMAKE_VERSION}.tar.gz" | sha256sum -c \
-    && tar -xzf cmake-${CMAKE_VERSION}.tar.gz \
-    && cd cmake-${CMAKE_VERSION} \
-    && ./configure \
-    && make \
-    && make install
-
-## Boost
-ARG BOOST_VERSION=1_68_0
-ARG BOOST_VERSION_DOT=1.68.0
-ARG BOOST_HASH=7f6130bc3cf65f56a618888ce9d5ea704fa10b462be126ad053e80e553d6d8b7
-RUN set -ex \
-    && curl -s -L -o  boost_${BOOST_VERSION}.tar.bz2 https://dl.bintray.com/boostorg/release/${BOOST_VERSION_DOT}/source/boost_${BOOST_VERSION}.tar.bz2 \
+    && tar -xzf cmake-${CMAKE_VERSION}.tar.gz > /dev/null \
+    && cd cmake-${CMAKE_VERSION} || exit 1 \
+    && ./configure --prefix=$BASE_DIR > /dev/null \
+    && make > /dev/null \
+    && make install > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/cmake-${CMAKE_VERSION} \
+    && rm -rf /data/cmake-${CMAKE_VERSION}.tar.gz \
+    && echo "\e[32mbuilding: Boost\e[39m" \
+    && set -ex \
+    && curl -s -L -o  boost_${BOOST_VERSION}.tar.bz2 https://dl.bintray.com/boostorg/release/${BOOST_VERSION_DOT}/source/boost_${BOOST_VERSION}.tar.bz2 > /dev/null \
     && echo "${BOOST_HASH}  boost_${BOOST_VERSION}.tar.bz2" | sha256sum -c \
-    && tar -xvf boost_${BOOST_VERSION}.tar.bz2 \
-    && cd boost_${BOOST_VERSION} \
-    && ./bootstrap.sh \
-    && ./b2 --build-type=minimal link=static runtime-link=static --with-chrono --with-date_time --with-filesystem --with-program_options --with-regex --with-serialization --with-system --with-thread --with-locale threading=multi threadapi=pthread cflags="-fPIC" cxxflags="-fPIC" stage
-ENV BOOST_ROOT /usr/local/boost_${BOOST_VERSION}
+    && tar -xvf boost_${BOOST_VERSION}.tar.bz2 > /dev/null \
+    && cd boost_${BOOST_VERSION} || exit 1 \
+    && ./bootstrap.sh > /dev/null \
+    && ./b2 -a install --prefix=$BASE_DIR --build-type=minimal link=static runtime-link=static --with-chrono --with-date_time --with-filesystem --with-program_options --with-regex --with-serialization --with-system --with-thread --with-locale threading=multi threadapi=pthread cflags="$CFLAGS" cxxflags="$CXXFLAGS" stage > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/boost_${BOOST_VERSION} \
+    && rm -rf /data/boost_${BOOST_VERSION}.tar.bz2
+
+RUN echo "\e[33mDid I ever tell you the story of when my cousin Nicolas boost a lambo in less than 60 seconds?\e[39m"
+
+WORKDIR /data
+
+ENV BASE_DIR /usr/local
 
 # OpenSSL
-ARG OPENSSL_VERSION=1.1.0j
-ARG OPENSSL_HASH=31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246
-RUN set -ex \
-    && curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
-    && echo "${OPENSSL_HASH}  openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \
-    && tar -xzf openssl-${OPENSSL_VERSION}.tar.gz \
-    && cd openssl-${OPENSSL_VERSION} \
-    && ./Configure linux-x86_64 no-shared --static -fPIC \
-    && make build_generated \
-    && make libcrypto.a \
-    && make install
-ENV OPENSSL_ROOT_DIR=/usr/local/openssl-${OPENSSL_VERSION}
-
+ARG OPENSSL_VERSION=1.1.1b
+ARG OPENSSL_HASH=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
 # ZMQ
-ARG ZMQ_VERSION=v4.2.5
-ARG ZMQ_HASH=d062edd8c142384792955796329baf1e5a3377cd
-RUN set -ex \
-    && git clone https://github.com/zeromq/libzmq.git -b ${ZMQ_VERSION} \
-    && cd libzmq \
-    && test `git rev-parse HEAD` = ${ZMQ_HASH} || exit 1 \
-    && ./autogen.sh \
-    && CFLAGS="-fPIC" CXXFLAGS="-fPIC" ./configure --enable-static --disable-shared \
-    && make \
-    && make install \
-    && ldconfig
-
+ARG ZMQ_VERSION=v4.3.1
+ARG ZMQ_HASH=2cb1240db64ce1ea299e00474c646a2453a8435b
 # zmq.hpp
 ARG CPPZMQ_VERSION=v4.3.0
 ARG CPPZMQ_HASH=213da0b04ae3b4d846c9abc46bab87f86bfb9cf4
-RUN set -ex \
-    && git clone https://github.com/zeromq/cppzmq.git -b ${CPPZMQ_VERSION} \
-    && cd cppzmq \
-    && test `git rev-parse HEAD` = ${CPPZMQ_HASH} || exit 1 \
-    && mv *.hpp /usr/local/include
-
 # Readline
-ARG READLINE_VERSION=7.0
-ARG READLINE_HASH=750d437185286f40a369e1e4f4764eda932b9459b5ec9a731628393dd3d32334
-RUN set -ex \
-    && curl -s -O https://ftp.gnu.org/gnu/readline/readline-${READLINE_VERSION}.tar.gz \
-    && echo "${READLINE_HASH}  readline-${READLINE_VERSION}.tar.gz" | sha256sum -c \
-    && tar -xzf readline-${READLINE_VERSION}.tar.gz \
-    && cd readline-${READLINE_VERSION} \
-    && CFLAGS="-fPIC" CXXFLAGS="-fPIC" ./configure \
-    && make \
-    && make install
-
+ARG READLINE_VERSION=8.0
+ARG READLINE_HASH=e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461
 # Sodium
-ARG SODIUM_VERSION=1.0.16
-ARG SODIUM_HASH=675149b9b8b66ff44152553fb3ebf9858128363d
-RUN set -ex \
-    && git clone https://github.com/jedisct1/libsodium.git -b ${SODIUM_VERSION} \
-    && cd libsodium \
+ARG SODIUM_VERSION=1.0.17
+ARG SODIUM_HASH=b732443c442239c2e0184820e9b23cca0de0828c
+
+ENV CFLAGS '-fPIC -O2 -g'
+ENV CXXFLAGS '-fPIC -O2 -g'
+ENV LDFLAGS '-static-libstdc++'
+
+RUN echo "\e[32mbuilding: Openssl\e[39m" \
+    && set -ex \
+    && curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz > /dev/null \
+    && echo "${OPENSSL_HASH}  openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \
+    && tar -xzf openssl-${OPENSSL_VERSION}.tar.gz > /dev/null \
+    && cd openssl-${OPENSSL_VERSION} || exit 1 \
+    && ./Configure --prefix=$BASE_DIR linux-x86_64 no-shared --static "$CFLAGS" > /dev/null \
+    && make build_generated > /dev/null \
+    && make libcrypto.a > /dev/null \
+    && make install > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/openssl-${OPENSSL_VERSION} \
+    && rm -rf /data/openssl-${OPENSSL_VERSION}.tar.gz \
+    && echo "\e[32mbuilding: ZMQ\e[39m" \
+    && set -ex \
+    && git clone --branch ${ZMQ_VERSION} --single-branch --depth 1 https://github.com/zeromq/libzmq.git > /dev/null \
+    && cd libzmq || exit 1 \
+    && test `git rev-parse HEAD` = ${ZMQ_HASH} || exit 1 \
+    && ./autogen.sh > /dev/null \
+    && ./configure --prefix=$BASE_DIR --enable-libunwind=no --enable-static --disable-shared > /dev/null \
+    && make > /dev/null \
+    && make install > /dev/null \
+    && ldconfig > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/libzmq \
+    && echo "\e[32mbuilding: zmq.hpp\e[39m" \
+    && set -ex \
+    && git clone --branch ${CPPZMQ_VERSION} --single-branch --depth 1 https://github.com/zeromq/cppzmq.git > /dev/null \
+    && cd cppzmq || exit 1 \
+    && test `git rev-parse HEAD` = ${CPPZMQ_HASH} || exit 1 \
+    && mv *.hpp $BASE_DIR/include \
+    && cd /data || exit 1 \
+    && rm -rf /data/cppzmq \
+    && echo "\e[32mbuilding: Readline\e[39m" \
+    && set -ex \
+    && curl -s -O https://ftp.gnu.org/gnu/readline/readline-${READLINE_VERSION}.tar.gz > /dev/null \
+    && echo "${READLINE_HASH}  readline-${READLINE_VERSION}.tar.gz" | sha256sum -c \
+    && tar -xzf readline-${READLINE_VERSION}.tar.gz > /dev/null \
+    && cd readline-${READLINE_VERSION} || exit 1 \
+    && ./configure --prefix=$BASE_DIR > /dev/null \
+    && make > /dev/null \
+    && make install > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/readline-${READLINE_VERSION} \
+    && rm -rf readline-${READLINE_VERSION}.tar.gz \
+    && echo "\e[32mbuilding: Sodium\e[39m" \
+    && set -ex \
+    && git clone --branch ${SODIUM_VERSION} --single-branch --depth 1 https://github.com/jedisct1/libsodium.git > /dev/null \
+    && cd libsodium || exit 1 \
     && test `git rev-parse HEAD` = ${SODIUM_HASH} || exit 1 \
     && ./autogen.sh \
-    && CFLAGS="-fPIC" CXXFLAGS="-fPIC" ./configure \
-    && make \
-    && make check \
-    && make install
+    && ./configure --prefix=$BASE_DIR > /dev/null \
+    && make > /dev/null \
+    && make check > /dev/null \
+    && make install > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/libsodium
+
+RUN echo "\e[33mOoh wee, that was close. I thought I broke something.\e[39m"
+
+WORKDIR /data
+
+ENV BASE_DIR /usr/local
 
 # Udev
-ARG UDEV_VERSION=v3.2.6
-ARG UDEV_HASH=0c35b136c08d64064efa55087c54364608e65ed6
-RUN set -ex \
-    && git clone https://github.com/gentoo/eudev -b ${UDEV_VERSION} \
-    && cd eudev \
-    && test `git rev-parse HEAD` = ${UDEV_HASH} || exit 1 \
-    && ./autogen.sh \
-    && CFLAGS="-fPIC" CXXFLAGS="-fPIC" ./configure --disable-gudev --disable-introspection --disable-hwdb --disable-manpages --disable-shared \
-    && make \
-    && make install
-
+ARG UDEV_VERSION=v3.2.7
+ARG UDEV_HASH=4758e346a14126fc3a964de5831e411c27ebe487
 # Libusb
 ARG USB_VERSION=v1.0.22
 ARG USB_HASH=0034b2afdcdb1614e78edaa2a9e22d5936aeae5d
-RUN set -ex \
-    && git clone https://github.com/libusb/libusb.git -b ${USB_VERSION} \
-    && cd libusb \
-    && test `git rev-parse HEAD` = ${USB_HASH} || exit 1 \
-    && ./autogen.sh \
-    && CFLAGS="-fPIC" CXXFLAGS="-fPIC" ./configure --disable-shared \
-    && make \
-    && make install
-
 # Hidapi
 ARG HIDAPI_VERSION=hidapi-0.8.0-rc1
 ARG HIDAPI_HASH=40cf516139b5b61e30d9403a48db23d8f915f52c
-RUN set -ex \
-    && git clone https://github.com/signal11/hidapi -b ${HIDAPI_VERSION} \
-    && cd hidapi \
+# Protobuf
+ARG PROTOBUF_VERSION=v3.7.0
+ARG PROTOBUF_HASH=582743bf40c5d3639a70f98f183914a2c0cd0680
+
+ENV CFLAGS '-fPIC -O2 -g'
+ENV CXXFLAGS '-fPIC -O2 -g'
+ENV LDFLAGS '-static-libstdc++'
+
+RUN echo "\e[32mbuilding: Udev\e[39m" \
+    && set -ex \
+    && git clone --branch ${UDEV_VERSION} --single-branch --depth 1 https://github.com/gentoo/eudev > /dev/null \
+    && cd eudev || exit 1 \
+    && test `git rev-parse HEAD` = ${UDEV_HASH} || exit 1 \
+    && ./autogen.sh \
+    && ./configure --prefix=$BASE_DIR --disable-gudev --disable-introspection --disable-hwdb --disable-manpages --disable-shared > /dev/null \
+    && make > /dev/null \
+    && make install > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/eudev \
+    && echo "\e[32mbuilding: Libusb\e[39m" \
+    && set -ex \
+    && git clone --branch ${USB_VERSION} --single-branch --depth 1 https://github.com/libusb/libusb.git > /dev/null \
+    && cd libusb || exit 1 \
+    && test `git rev-parse HEAD` = ${USB_HASH} || exit 1 \
+    && ./autogen.sh > /dev/null \
+    && ./configure --prefix=$BASE_DIR --disable-shared > /dev/null \
+    && make > /dev/null \
+    && make install > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/libusb \
+    && echo "\e[32mbuilding: Hidapi\e[39m" \
+    && set -ex \
+    && git clone --branch ${HIDAPI_VERSION} --single-branch --depth 1 https://github.com/signal11/hidapi > /dev/null \
+    && cd hidapi || exit 1 \
     && test `git rev-parse HEAD` = ${HIDAPI_HASH} || exit 1 \
     && ./bootstrap \
-    && CFLAGS="-fPIC" CXXFLAGS="-fPIC" ./configure --enable-static --disable-shared \
-    && make \
-    && make install
-
-# Protobuf
-ARG PROTOBUF_VERSION=v3.6.1
-ARG PROTOBUF_HASH=48cb18e5c419ddd23d9badcfe4e9df7bde1979b2
-RUN set -ex \
-    && git clone https://github.com/protocolbuffers/protobuf -b ${PROTOBUF_VERSION} \
-    && cd protobuf \
+    && ./configure --prefix=$BASE_DIR --enable-static --disable-shared > /dev/null \
+    && make > /dev/null \
+    && make install > /dev/null \
+    && cd /data || exit 1 \
+    && rm -rf /data/hidapi \
+    && echo "\e[32mbuilding: Protobuf\e[39m" \
+    && set -ex \
+    && git clone --branch ${PROTOBUF_VERSION}  --single-branch --depth 1 https://github.com/protocolbuffers/protobuf > /dev/null \
+    && cd protobuf || exit 1 \
     && test `git rev-parse HEAD` = ${PROTOBUF_HASH} || exit 1 \
-    && git submodule update --init --recursive \
-    && ./autogen.sh \
-    && CFLAGS="-fPIC" CXXFLAGS="-fPIC" ./configure --enable-static --disable-shared \
-    && make \
-    && make install \
-    && ldconfig
+    && git submodule update --init --recursive > /dev/null \
+    && ./autogen.sh > /dev/null \
+    && ./configure --prefix=$BASE_DIR --enable-static --disable-shared > /dev/null \
+    && make > /dev/null \
+    && make install > /dev/null \
+    && ldconfig \
+    && cd /data || exit 1 \
+    && rm -rf /data/protobuf
 
-WORKDIR /src
-COPY . .
+WORKDIR /data
+# BUILD_PATH:
+# Using 'USE_SINGLE_BUILDDIR=1 make' creates a unified build dir (/wownero.git/build/release/bin)
 
-ENV USE_SINGLE_BUILDDIR=1
-ARG NPROC
-RUN set -ex && \
-    git submodule init && git submodule update && \
-    rm -rf build && \
-    if [ -z "$NPROC" ] ; \
-    then make -j$(nproc) release-static ; \
-    else make -j$NPROC release-static ; \
-    fi
+ARG PROJECT_URL=https://github.com/wownero/wownero.git
+ARG BRANCH=master
+ARG BUILD_PATH=/wownero.git/build/release/bin
 
-# runtime stage
-FROM ubuntu:16.04
+ENV CFLAGS '-fPIC -O1'
+ENV CXXFLAGS '-fPIC -O1'
+ENV LDFLAGS '-static-libstdc++'
 
-RUN set -ex && \
-    apt-get update && \
-    apt-get --no-install-recommends --yes install ca-certificates && \
-    apt-get clean && \
-    rm -rf /var/lib/apt
-COPY --from=builder /src/build/release/bin /usr/local/bin/
+RUN echo "\e[33mNow we're getting somewhere.\e[39m"
 
-# Contains the blockchain
-VOLUME /root/.bitmonero
+RUN echo "\e[32mcloning: $PROJECT_URL on branch: $BRANCH\e[39m" \
+    && git clone --branch "$BRANCH" --single-branch --recursive $PROJECT_URL wownero.git > /dev/null \
+    && cd wownero.git || exit 1 \
+    && echo "\e[32mbuilding static binaries\e[39m" \
+    && apt-get update -qq && apt-get install -yqq --no-install-recommends \
+        libreadline-dev \
+    && USE_SINGLE_BUILDDIR=1 make release-static > /dev/null \
+    && echo "\e[32mcopy and clean up\e[39m" \
+    && mv /data$BUILD_PATH/wownerod /data/ \
+    && chmod +x /data/wownerod \
+    && mv /data$BUILD_PATH/wownero-wallet-rpc /data/ \
+    && chmod +x /data/wownero-wallet-rpc \
+    && mv /data$BUILD_PATH/wownero-wallet-cli /data/ \
+    && chmod +x /data/wownero-wallet-cli \
+    && cp /data/wownerod /usr/local/bin/wownerod \
+    && cp /data/wownero-wallet-rpc /usr/local/bin/wownero-wallet-rpc \
+    && cp /data/wownero-wallet-cli /usr/local/bin/wownero-wallet-cli \
+    && cp /data/su-exec /usr/local/bin/su-exec \
+    && rm /data/su-exec \
+    && cd /data || exit 1 \
+    && apt-get autoremove --purge -yqq > /dev/null \
+    && apt-get clean > /dev/null \
+    && rm -rf /var/tmp/* /tmp/* /var/lib/apt/* > /dev/null
 
-# Generate your wallet via accessing the container and run:
-# cd /wallet
-# monero-wallet-cli
-VOLUME /wallet
+VOLUME ["/data"]
 
-EXPOSE 18080
-EXPOSE 18081
-
-ENTRYPOINT ["monerod", "--p2p-bind-ip=0.0.0.0", "--p2p-bind-port=18080", "--rpc-bind-ip=0.0.0.0", "--rpc-bind-port=18081", "--non-interactive", "--confirm-external-bind"]
+ENV USER_ID 1000
+ENV LOG_LEVEL 0
+ENV DAEMON_HOST 127.0.0.1
+ENV DAEMON_PORT 34568
+ENV RPC_USER ""
+ENV RPC_PASSWD ""
+ENV RPC_LOGIN ""
+ENV WALLET_PASSWD ""
+ENV WALLET_ACCESS ""
+ENV RPC_BIND_IP 0.0.0.0
+ENV RPC_BIND_PORT 34568
+ENV P2P_BIND_IP 0.0.0.0
+ENV P2P_BIND_PORT 34567
 
+RUN wownerod --version
+RUN echo "\e[33mAll done.\e[39m"

LICENSE

@@ -29,3 +29,13 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 Parts of the project are originally copyright (c) 2012-2013 The Cryptonote
 developers
+
+Parts of the project are originally copyright (c) 2014 The Boolberry
+developers, distributed under the MIT licence:
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

Makefile

@@ -63,6 +63,10 @@ debug-test:
 	mkdir -p $(builddir)/debug
 	cd $(builddir)/debug && cmake -D BUILD_TESTS=ON -D CMAKE_BUILD_TYPE=Debug $(topdir) &&  $(MAKE) && $(MAKE) ARGS="-E libwallet_api_tests" test
 
+debug-test-trezor:
+	mkdir -p $(builddir)/debug
+	cd $(builddir)/debug && cmake -D BUILD_TESTS=ON -D TREZOR_DEBUG=ON -D CMAKE_BUILD_TYPE=Debug $(topdir) &&  $(MAKE) && $(MAKE) ARGS="-E libwallet_api_tests" test
+
 debug-all:
 	mkdir -p $(builddir)/debug
 	cd $(builddir)/debug && cmake -D BUILD_TESTS=OFF -D BUILD_SHARED_LIBS=OFF -D CMAKE_BUILD_TYPE=Debug $(topdir) && $(MAKE)

PKGBUILD

@@ -3,25 +3,23 @@
 
 pkgbase=('wownero-git')
 pkgname=('wownero-git')
-_gitbranch='dev-v0.5'
-pkgver=0.5.0.0
+pkgver=v0.6.1.1.r2.9afbcfb7
 pkgrel=1
 pkgdesc="a fairly launched privacy-centric meme coin with no premine and a finite supply"
 license=('custom:Cryptonote')
 arch=('x86_64')
 url="http://wownero.org/"
-depends=('boost-libs' 'zeromq' 'unbound' 'libusb')
+depends=('openssl' 'zeromq' 'libpgm' 'unbound' 'libsodium')
 makedepends=('git' 'cmake' 'boost')
 provides=('wownero-git')
 
-source=("${pkgname}"::"git+https://github.com/wownero/wownero#branch=${_gitbranch}")
+source=("${pkgname}"::"git+https://github.com/wownero/wownero")
 
 sha256sums=('SKIP')
 
 pkgver() {
-  cd "${srcdir}/${pkgname}"
-  printf "$(echo ${pkgver} | sed 's/\.r.*//').r%s.g%s" \
-         "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
+    cd "$srcdir/$pkgname"
+    git describe --long --tags | sed 's/\([^-]*-\)g/r\1/;s/-/./g'
 }
 
 build() {

README.i18n.md

@@ -15,23 +15,33 @@ You do not need anything from Qt in order to use the final translations.
 
 To update ts files after changing source code:
 
-    ./utils/translations/update-translations.sh
+```bash
+./utils/translations/update-translations.sh
+```
 
 To add a new language, eg Spanish (ISO code es):
 
-    cp translations/monero.ts translations/monero_es.ts
+```bash
+cp translations/monero.ts translations/monero_es.ts
+```
 
 To edit translations for Spanish:
 
-    linguist translations/monero_es.ts
+```bash
+linguist translations/monero_es.ts
+```
 
 To build translations after modifying them:
 
-    ./utils/translations/build-translations.sh
+```bash
+./utils/translations/build-translations.sh
+```
 
 To test a translation:
 
-    LANG=es ./build/release/bin/monero-wallet-cli
+```bash
+LANG=es ./build/release/bin/monero-wallet-cli
+```
 
 To add new translatable strings in the source code:
 
@@ -39,6 +49,8 @@ Use the `tr(string)` function if possible. If the code is in a class, and this c
 
 If you're getting messages of the form:
 
-    Class 'cryptonote::simple_wallet' lacks Q_OBJECT macro
+```
+Class 'cryptonote::simple_wallet' lacks Q_OBJECT macro
+```
 
 all is fine, we don't actually need that here.

README.md

@@ -1,6 +1,6 @@
 # ~~Mo~~Wownero -  Such privacy! Many coins! Wow! 🐕
 
-Copyright (c) 2014-2018 The Monero Project.   
+Copyright (c) 2014-2019 The Monero Project.   
 Portions Copyright (c) 2012-2013 The Cryptonote developers.
 
 ## Resources
@@ -21,9 +21,14 @@ Blockchain Explorers
 - https://explore.wownero.com
 - https://explorer.wowkira.com
 - http://explorer.wowne.ro
-- http://wow4edxxxudchgj7.onion
+- http://dr4koizzq4ixyxqkz7qagx7bopt4gnrbtrp7cbqcji2fkp4mnve3wrqd.onion
 - http://wow5eqtzqvsg5jctqzg5g7uk3u62sfqiacj5x6lo4by7bvnj6jkvubyd.onion
 
+Public Nodes
+- node.wowne.ro:34568
+- wowkira.com:34568
+- wow.aluisyo.network:34568
+
 ## Introduction
 
 Wownero is a privacy-centric memecoin that was fairly launched on April 1, 2018 with no pre-mine, stealth-mine or ICO. Wownero has a maximum supply of around 184 million WOW with a slow and steady emission over 50 years. It is a fork of Monero, but with its own genesis block, so there is no degradation of privacy due to ring signatures using different participants for the same tx outputs on opposing forks.
@@ -33,8 +38,6 @@ Wownero is a privacy-centric memecoin that was fairly launched on April 1, 2018
 Wownero uses a fixed-schedule software upgrade (hard fork) mechanism to implement new features. This means that users of Wownero (end users and service providers) should run current versions and upgrade their software on a regular schedule. The required software for these upgrades will be available prior to the scheduled date. Please check the repository prior to this date for the proper Wownero software version. Below is the historical schedule and the projected schedule for the next upgrade.
 Dates are provided in the format YYYY-MM-DD. 
 
-
-
 | Software upgrade block height | Date       | Release Name | Minimum Wownero version | Recommended Wownero version | Details                                                                            |  
 | ------------------------------ | -----------| ----------------- | ---------------------- | -------------------------- | ---------------------------------------------------------------------------------- |
 | 1                              | 2018-04-01 | Awesome Akita                | v0.1.0.0               | v0.1.0.0                  | Cryptonight variant 1, ringsize >= 8, sorted inputs
@@ -42,6 +45,7 @@ Dates are provided in the format YYYY-MM-DD.
 | 53666                          | 2018-10-06 | Cool Cage                | v0.3.0.0               | v0.3.1.3                  | Cryptonight variant 2, LWMA v2, ringsize = 22, MMS
 | 63469                          | 2018-11-11 | Dank Doge               | v0.4.0.0               | v0.4.0.0                  | LWMA v4
 | 81769                          | 2019-02-19 | Erotic EggplantEmoji    | v0.5.0.0               | v0.5.0.2                  | Cryptonight/wow, LWMA v1 with N=144, Updated Bulletproofs, Fee Per Byte, Auto-churn
+| 114969                          | 2019-06-14 | F For Fappening    | v0.6.1.0               | v0.6.1.2                  | RandomWOW, new block weight algorithm, slightly more efficient RingCT format
 
 X's indicate that these details have not been determined as of commit date.
 
@@ -124,13 +128,29 @@ Once node is synced to network, run the CLI wallet by entering:
 
 Type `help` in CLI wallet to see standard commands (for advanced options, type `help_advanced`).
 
+## Tor Anonymity Network
+
+* Install [Tor Browser](https://www.torproject.org/download/)
+* Open `torrc` file in a text editor ([installation directory]/Browser/TorBrowser/Data/Tor/torrc) and add hidden service information as follows:
+
+```
+HiddenServiceDir [installation directory]/Browser/TorBrowser/Data/Tor/wow_node
+HiddenServiceVersion 3
+HiddenServicePort 44469 127.0.0.1:44469
+```
+* Save `torrc` file and restart Tor Browser (keep open)
+* Change directory to the `wow_node` folder, open `hostname` file, and copy your node's ".onion" address
+* Start wownerod with the following parameters:
+
+```
+./wownerod --proxy tor,127.0.0.1:9150,25 --anonymous-inbound YOUR_NODE_ADDRESS.onion,127.0.0.1:44469,25 --add-peer wo5dkrgua62whkitjqmj6wzlp3hnth2w3lau2oj675rmaeexzy2q6cid.onion:44469
+```
+For more information, check out [ANONYMITY_NETWORKS](https://github.com/wownero/wownero/blob/master/ANONYMITY_NETWORKS.md).
+
 ## Wownero Graphical Wallets
 
 * [Wownero-Light-Wallet](https://github.com/wownero/Wownero-Light-Wallet)
 
-![](https://light.wownero.com/wowlight.png)
-
-
 * [Wownerujo Android Wallet](https://github.com/wownero/wownerujo)
 
 ![](https://fossdroid.com/images/screenshots/com.wownero.wownerujo/wownerujo-1.png)
@@ -138,7 +158,7 @@ Type `help` in CLI wallet to see standard commands (for advanced options, type `
 
 ## Donating to Wownero Project
 
-Developers are volunteers doing this mostly for shits and giggles. If you would like to support our shenanigans and stimulant addictions, please consider donating to [WFS proposals](https://funding.wownero.com/proposals) or the [dev slush fund](https://funding.wownero.com/donate).
+Developers are volunteers doing this mostly for shits and giggles. If you would like to support our shenanigans and stimulant addictions, please consider donating to [WFS proposals](https://funding.wownero.com/proposals) or the [dev slush fund](https://dev-funding.webui.wowkira.com).
 
 Donations may also be sent to: 
 

cmake/CheckTrezor.cmake

@@ -1,6 +1,8 @@
-OPTION(USE_DEVICE_TREZOR "Trezor support compilation" OFF)
-OPTION(USE_DEVICE_TREZOR_LIBUSB "Trezor LibUSB compilation" OFF)
+OPTION(USE_DEVICE_TREZOR "Trezor support compilation" ON)
+OPTION(USE_DEVICE_TREZOR_LIBUSB "Trezor LibUSB compilation" ON)
 OPTION(USE_DEVICE_TREZOR_UDP_RELEASE "Trezor UdpTransport in release mode" OFF)
+OPTION(USE_DEVICE_TREZOR_DEBUG "Trezor Debugging enabled" OFF)
+OPTION(TREZOR_DEBUG "Main trezor debugging switch" OFF)
 
 # Helper function to fix cmake < 3.6.0 FindProtobuf variables
 function(_trezor_protobuf_fix_vars)
@@ -53,6 +55,14 @@ if (USE_DEVICE_TREZOR)
         set(Protobuf_FOUND 1)  # override found if all rquired info was provided by variables
     endif()
 
+    if(TREZOR_DEBUG)
+        set(USE_DEVICE_TREZOR_DEBUG 1)
+    endif()
+
+    # Compile debugging support (for tests)
+    if (USE_DEVICE_TREZOR_DEBUG)
+        add_definitions(-DWITH_TREZOR_DEBUGGING=1)
+    endif()
 else()
     message(STATUS "Trezor support disabled by USE_DEVICE_TREZOR")
 endif()
@@ -106,7 +116,12 @@ endif()
 if(Protobuf_FOUND AND USE_DEVICE_TREZOR AND TREZOR_PYTHON AND Protobuf_COMPILE_TEST_PASSED)
     set(ENV{PROTOBUF_INCLUDE_DIRS} "${Protobuf_INCLUDE_DIR}")
     set(ENV{PROTOBUF_PROTOC_EXECUTABLE} "${Protobuf_PROTOC_EXECUTABLE}")
-    execute_process(COMMAND ${TREZOR_PYTHON} tools/build_protob.py WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/../src/device_trezor/trezor RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE ERR)
+    set(TREZOR_PROTOBUF_PARAMS "")
+    if (USE_DEVICE_TREZOR_DEBUG)
+        set(TREZOR_PROTOBUF_PARAMS "--debug")
+    endif()
+    
+    execute_process(COMMAND ${TREZOR_PYTHON} tools/build_protob.py ${TREZOR_PROTOBUF_PARAMS} WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/../src/device_trezor/trezor RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE ERR)
     if(RET)
         message(WARNING "Trezor protobuf messages could not be regenerated (err=${RET}, python ${PYTHON})."
                 "OUT: ${OUT}, ERR: ${ERR}."

cmake/FindBacktrace.cmake

@@ -0,0 +1,98 @@
+# Distributed under the OSI-approved BSD 3-Clause License.  See accompanying
+# file Copyright.txt or https://cmake.org/licensing for details.
+
+#.rst:
+# FindBacktrace
+# -------------
+#
+# Find provider for backtrace(3).
+#
+# Checks if OS supports backtrace(3) via either libc or custom library.
+# This module defines the following variables:
+#
+# ``Backtrace_HEADER``
+#   The header file needed for backtrace(3). Cached.
+#   Could be forcibly set by user.
+# ``Backtrace_INCLUDE_DIRS``
+#   The include directories needed to use backtrace(3) header.
+# ``Backtrace_LIBRARIES``
+#   The libraries (linker flags) needed to use backtrace(3), if any.
+# ``Backtrace_FOUND``
+#   Is set if and only if backtrace(3) support detected.
+#
+# The following cache variables are also available to set or use:
+#
+# ``Backtrace_LIBRARY``
+#   The external library providing backtrace, if any.
+# ``Backtrace_INCLUDE_DIR``
+#   The directory holding the backtrace(3) header.
+#
+# Typical usage is to generate of header file using configure_file() with the
+# contents like the following::
+#
+#  #cmakedefine01 Backtrace_FOUND
+#  #if Backtrace_FOUND
+#  # include <${Backtrace_HEADER}>
+#  #endif
+#
+# And then reference that generated header file in actual source.
+
+include(CMakePushCheckState)
+include(CheckSymbolExists)
+include(FindPackageHandleStandardArgs)
+
+# List of variables to be provided to find_package_handle_standard_args()
+set(_Backtrace_STD_ARGS Backtrace_INCLUDE_DIR)
+
+if(Backtrace_HEADER)
+  set(_Backtrace_HEADER_TRY "${Backtrace_HEADER}")
+else(Backtrace_HEADER)
+  set(_Backtrace_HEADER_TRY "execinfo.h")
+endif(Backtrace_HEADER)
+
+find_path(Backtrace_INCLUDE_DIR "${_Backtrace_HEADER_TRY}")
+set(Backtrace_INCLUDE_DIRS ${Backtrace_INCLUDE_DIR})
+
+if (NOT DEFINED Backtrace_LIBRARY)
+  # First, check if we already have backtrace(), e.g., in libc
+  cmake_push_check_state(RESET)
+  set(CMAKE_REQUIRED_INCLUDES ${Backtrace_INCLUDE_DIRS})
+  set(CMAKE_REQUIRED_QUIET ${Backtrace_FIND_QUIETLY})
+  check_symbol_exists("backtrace" "${_Backtrace_HEADER_TRY}" _Backtrace_SYM_FOUND)
+  cmake_pop_check_state()
+endif()
+
+if(_Backtrace_SYM_FOUND)
+  # Avoid repeating the message() call below each time CMake is run.
+  if(NOT Backtrace_FIND_QUIETLY AND NOT DEFINED Backtrace_LIBRARY)
+    message(STATUS "backtrace facility detected in default set of libraries")
+  endif()
+  set(Backtrace_LIBRARY "" CACHE FILEPATH "Library providing backtrace(3), empty for default set of libraries")
+else()
+  # Check for external library, for non-glibc systems
+  if(Backtrace_INCLUDE_DIR)
+    # OpenBSD has libbacktrace renamed to libexecinfo
+    find_library(Backtrace_LIBRARY "execinfo")
+  elseif()     # respect user wishes
+    set(_Backtrace_HEADER_TRY "backtrace.h")
+    find_path(Backtrace_INCLUDE_DIR ${_Backtrace_HEADER_TRY})
+    find_library(Backtrace_LIBRARY "backtrace")
+  endif()
+
+  # Prepend list with library path as it's more common practice
+  set(_Backtrace_STD_ARGS Backtrace_LIBRARY ${_Backtrace_STD_ARGS})
+endif()
+
+message(STATUS "Backtrace_LIBRARY: ${Backtrace_LIBRARY}")
+if(Backtrace_LIBRARY STREQUAL "NOTFOUND")
+  set(Backtrace_LIBRARY "")
+endif()
+if(Backtrace_LIBRARY STREQUAL "Backtrace_LIBRARY-NOTFOUND")
+  set(Backtrace_LIBRARY "")
+endif()
+
+set(Backtrace_LIBRARIES ${Backtrace_LIBRARY})
+set(Backtrace_HEADER "${_Backtrace_HEADER_TRY}" CACHE STRING "Header providing backtrace(3) facility")
+
+find_package_handle_standard_args(Backtrace FOUND_VAR Backtrace_FOUND REQUIRED_VARS ${_Backtrace_STD_ARGS})
+mark_as_advanced(Backtrace_HEADER Backtrace_INCLUDE_DIR Backtrace_LIBRARY)

cmake/FindLibUSB.cmake

@@ -99,9 +99,18 @@ if ( LibUSB_FOUND )
     check_library_exists ( "${LibUSB_LIBRARIES}" libusb_get_device_list "" LibUSB_VERSION_1.0 )
     check_library_exists ( "${LibUSB_LIBRARIES}" libusb_get_port_numbers "" LibUSB_VERSION_1.0.16 )
 
+    if((STATIC AND UNIX AND NOT APPLE) OR (DEPENDS AND CMAKE_SYSTEM_NAME STREQUAL "Linux"))
+        find_library(LIBUDEV_LIBRARY udev)
+        if(LIBUDEV_LIBRARY)
+            set(LibUSB_LIBRARIES "${LibUSB_LIBRARIES};${LIBUDEV_LIBRARY}")
+        else()
+            message(WARNING "libudev library not found, binaries may fail to link.")
+        endif()
+    endif()
+
     # Library 1.0.16+ compilation test.
     # The check_library_exists does not work well on Apple with shared libs.
-    if (APPLE OR LibUSB_VERSION_1.0.16)
+    if (APPLE OR LibUSB_VERSION_1.0.16 OR STATIC)
         if (APPLE)
             if(DEPENDS)
                 list(APPEND TEST_COMPILE_EXTRA_LIBRARIES "-framework Foundation -framework IOKit")

cmake/GenVersion.cmake

@@ -29,7 +29,7 @@
 # Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
 
 # Check what commit we're on
-execute_process(COMMAND "${GIT}" rev-parse --short HEAD RESULT_VARIABLE RET OUTPUT_VARIABLE COMMIT OUTPUT_STRIP_TRAILING_WHITESPACE)
+execute_process(COMMAND "${GIT}" rev-parse --short=9 HEAD RESULT_VARIABLE RET OUTPUT_VARIABLE COMMIT OUTPUT_STRIP_TRAILING_WHITESPACE)
 
 if(RET)
 	# Something went wrong, set the version tag to -unknown
@@ -38,6 +38,7 @@ if(RET)
     set(VERSIONTAG "unknown")
     configure_file("src/version.cpp.in" "${TO}")
 else()
+	string(SUBSTRING ${COMMIT} 0 9 COMMIT)
 	message(STATUS "You are currently on commit ${COMMIT}")
 	
 	# Get all the tags

contrib/brew/Brewfile

@@ -0,0 +1,34 @@
+# Brewfile for Monero
+# A homebrew Brewfile installs all required dependencies in one shot
+# see https://coderwall.com/p/afmnbq/homebrew-s-new-feature-brewfiles
+#     https://github.com/Homebrew/homebrew-bundle
+# execute brew bundle in the directory containing the Brewfile
+
+tap "homebrew/bundle"
+tap "homebrew/cask"
+tap "homebrew/cask-versions"
+tap "homebrew/core"
+
+brew "autoconf"
+brew "autogen"
+brew "automake"
+brew "binutils"
+brew "coreutils"
+brew "cmake"
+brew "pkg-config"
+brew "boost"
+brew "openssl"
+brew "hidapi"
+brew "zmq"
+brew "libpgm"
+brew "unbound"
+brew "libsodium"
+brew "miniupnpc"
+brew "readline"
+brew "ldns"
+brew "expat"
+brew "doxygen"
+brew "graphviz"
+brew "libunwind-headers"
+brew "xz"
+brew "protobuf"

contrib/depends/Makefile

@@ -22,9 +22,16 @@ host_toolchain:=$(HOST)-
 endif
 
 ifneq ($(DEBUG),)
-release_type=debug
+release_type=Debug
 else
-release_type=release
+release_type=Release
+endif
+
+ifneq ($(TESTS),)
+build_tests=ON
+release_type=Debug
+else
+build_tests=OFF
 endif
 
 base_build_dir=$(BASEDIR)/work/build
@@ -94,8 +101,8 @@ $(host_arch)_$(host_os)_id_string+=$(shell $(host_CXX) --version 2>/dev/null)
 $(host_arch)_$(host_os)_id_string+=$(shell $(host_RANLIB) --version 2>/dev/null)
 $(host_arch)_$(host_os)_id_string+=$(shell $(host_STRIP) --version 2>/dev/null)
 
-
-packages += $($(host_arch)_$(host_os)_packages) $($(host_os)_packages)
+qt_packages_$(NO_QT) = $(qt_packages) 
+packages += $($(host_arch)_$(host_os)_packages) $($(host_os)_packages) $(qt_packages_)
 native_packages += $($(host_arch)_$(host_os)_native_packages) $($(host_os)_native_packages)
 
 all_packages = $(packages) $(native_packages)
@@ -164,6 +171,8 @@ $(host_prefix)/share/toolchain.cmake : toolchain.cmake.in $(host_prefix)/.stamp_
             -e 's|@LDFLAGS@|$(strip $(host_LDFLAGS) $(host_$(release_type)_LDFLAGS))|' \
             -e 's|@allow_host_packages@|$(ALLOW_HOST_PACKAGES)|' \
             -e 's|@debug@|$(DEBUG)|' \
+            -e 's|@release_type@|$(release_type)|' \
+            -e 's|@build_tests@|$(build_tests)|' \
             -e 's|@depends@|$(host_cmake)|' \
             -e 's|@prefix@|$($(host_arch)_$(host_os)_prefix)|'\
             -e 's|@sdk@|$(SDK_PATH)|'\

contrib/depends/README.md

@@ -2,21 +2,29 @@
 
 To build dependencies for the current arch+OS:
 
-    make
+```bash
+make
+```
 
 To build for another arch/OS:
 
-    make HOST=host-platform-triplet
+```bash
+make HOST=host-platform-triplet
+```
 
 For example:
 
-    make HOST=x86_64-w64-mingw32 -j4
+```bash
+make HOST=x86_64-w64-mingw32 -j4
+```
 
 A toolchain will be generated that's suitable for plugging into Monero's
 cmake. In the above example, a dir named x86_64-w64-mingw32 will be
 created. To use it for Monero:
 
-    cmake -DCMAKE_TOOLCHAIN=`pwd`/contrib/depends/x86_64-w64-mingw32
+```bash
+cmake -DCMAKE_TOOLCHAIN=`pwd`/contrib/depends/x86_64-w64-mingw32
+```
 
 Common `host-platform-triplets` for cross compilation are:
 
@@ -31,20 +39,24 @@ No other options are needed, the paths are automatically configured.
 Dependency Options:
 The following can be set when running make: make FOO=bar
 
-    SOURCES_PATH: downloaded sources will be placed here
-    BASE_CACHE: built packages will be placed here
-    SDK_PATH: Path where sdk's can be found (used by OSX)
-    FALLBACK_DOWNLOAD_PATH: If a source file can't be fetched, try here before giving up
-    DEBUG: disable some optimizations and enable more runtime checking
-    HOST_ID_SALT: Optional salt to use when generating host package ids
-    BUILD_ID_SALT: Optional salt to use when generating build package ids
+```
+SOURCES_PATH: downloaded sources will be placed here
+BASE_CACHE: built packages will be placed here
+SDK_PATH: Path where sdk's can be found (used by OSX)
+FALLBACK_DOWNLOAD_PATH: If a source file can't be fetched, try here before giving up
+DEBUG: disable some optimizations and enable more runtime checking
+HOST_ID_SALT: Optional salt to use when generating host package ids
+BUILD_ID_SALT: Optional salt to use when generating build package ids
+```
 
 Additional targets:
 
-    download: run 'make download' to fetch all sources without building them
-    download-osx: run 'make download-osx' to fetch all sources needed for osx builds
-    download-win: run 'make download-win' to fetch all sources needed for win builds
-    download-linux: run 'make download-linux' to fetch all sources needed for linux builds
+```
+download: run 'make download' to fetch all sources without building them
+download-osx: run 'make download-osx' to fetch all sources needed for osx builds
+download-win: run 'make download-win' to fetch all sources needed for win builds
+download-linux: run 'make download-linux' to fetch all sources needed for linux builds
+```
 
 #Darwin (macos) builds:
 

contrib/depends/packages.md

@@ -9,39 +9,43 @@ General tips:
 ## Identifiers
 Each package is required to define at least these variables:
 
-    $(package)_version:
-    Version of the upstream library or program. If there is no version, a
-    placeholder such as 1.0 can be used.
+```
+$(package)_version:
+Version of the upstream library or program. If there is no version, a
+placeholder such as 1.0 can be used.
 
-    $(package)_download_path:
-    Location of the upstream source, without the file-name. Usually http or
-    ftp.
+$(package)_download_path:
+Location of the upstream source, without the file-name. Usually http or
+ftp.
 
-    $(package)_file_name:
-    The upstream source filename available at the download path.
+$(package)_file_name:
+The upstream source filename available at the download path.
 
-    $(package)_sha256_hash:
-    The sha256 hash of the upstream file
+$(package)_sha256_hash:
+The sha256 hash of the upstream file
+```
 
 These variables are optional:
 
-    $(package)_build_subdir:
-    cd to this dir before running configure/build/stage commands.
-    
-    $(package)_download_file:
-    The file-name of the upstream source if it differs from how it should be
-    stored locally. This can be used to avoid storing file-names with strange
-    characters.
-    
-    $(package)_dependencies:
-    Names of any other packages that this one depends on.
-    
-    $(package)_patches:
-    Filenames of any patches needed to build the package
+```
+$(package)_build_subdir:
+cd to this dir before running configure/build/stage commands.
 
-    $(package)_extra_sources:
-    Any extra files that will be fetched via $(package)_fetch_cmds. These are
-    specified so that they can be fetched and verified via 'make download'.
+$(package)_download_file:
+The file-name of the upstream source if it differs from how it should be
+stored locally. This can be used to avoid storing file-names with strange
+characters.
+
+$(package)_dependencies:
+Names of any other packages that this one depends on.
+
+$(package)_patches:
+Filenames of any patches needed to build the package
+
+$(package)_extra_sources:
+Any extra files that will be fetched via $(package)_fetch_cmds. These are
+specified so that they can be fetched and verified via 'make download'.
+```
 
 
 ## Build Variables:
@@ -49,47 +53,55 @@ After defining the main identifiers, build variables may be added or customized
 before running the build commands. They should be added to a function called
 $(package)_set_vars. For example:
 
-    define $(package)_set_vars
-    ...
-    endef
+```
+define $(package)_set_vars
+...
+endef
+```
 
 Most variables can be prefixed with the host, architecture, or both, to make
 the modifications specific to that case. For example:
 
-    Universal:     $(package)_cc=gcc
-    Linux only:    $(package)_linux_cc=gcc
-    x86_64 only:       $(package)_x86_64_cc = gcc
-    x86_64 linux only: $(package)_x86_64_linux_cc = gcc
+```
+Universal:     $(package)_cc=gcc
+Linux only:    $(package)_linux_cc=gcc
+x86_64 only:       $(package)_x86_64_cc = gcc
+x86_64 linux only: $(package)_x86_64_linux_cc = gcc
+```
 
 These variables may be set to override or append their default values.
 
-    $(package)_cc
-    $(package)_cxx
-    $(package)_objc
-    $(package)_objcxx
-    $(package)_ar
-    $(package)_ranlib
-    $(package)_libtool
-    $(package)_nm
-    $(package)_cflags
-    $(package)_cxxflags
-    $(package)_ldflags
-    $(package)_cppflags
-    $(package)_config_env
-    $(package)_build_env
-    $(package)_stage_env
-    $(package)_build_opts
-    $(package)_config_opts
+```
+$(package)_cc
+$(package)_cxx
+$(package)_objc
+$(package)_objcxx
+$(package)_ar
+$(package)_ranlib
+$(package)_libtool
+$(package)_nm
+$(package)_cflags
+$(package)_cxxflags
+$(package)_ldflags
+$(package)_cppflags
+$(package)_config_env
+$(package)_build_env
+$(package)_stage_env
+$(package)_build_opts
+$(package)_config_opts
+```
 
-The *_env variables are used to add environment variables to the respective
+The `*_env` variables are used to add environment variables to the respective
 commands.
 
 Many variables respect a debug/release suffix as well, in order to use them for
 only the appropriate build config. For example:
 
-    $(package)_cflags_release = -O3
-    $(package)_cflags_i686_debug = -g
-    $(package)_config_opts_release = --disable-debug
+```
+$(package)_cflags_release = -O3
+$(package)_cflags_i686_debug = -g
+$(package)_config_opts_release = --disable-debug
+```
 
 These will be used in addition to the options that do not specify
 debug/release. All builds are considered to be release unless DEBUG=1 is set by
@@ -97,51 +109,57 @@ the user. Other variables may be defined as needed.
 
 ## Build commands:
 
-  For each build, a unique build dir and staging dir are created. For example,
-  `work/build/mylib/1.0-1adac830f6e` and `work/staging/mylib/1.0-1adac830f6e`.
+For each build, a unique build dir and staging dir are created. For example,
+`work/build/mylib/1.0-1adac830f6e` and `work/staging/mylib/1.0-1adac830f6e`.
 
-  The following build commands are available for each recipe:
+The following build commands are available for each recipe:
 
-    $(package)_fetch_cmds:
-    Runs from: build dir
-    Fetch the source file. If undefined, it will be fetched and verified
-    against its hash.
+```
+$(package)_fetch_cmds:
+Runs from: build dir
+Fetch the source file. If undefined, it will be fetched and verified
+against its hash.
 
-    $(package)_extract_cmds:
-    Runs from: build dir
-    Verify the source file against its hash and extract it. If undefined, the
-    source is assumed to be a tarball.
+$(package)_extract_cmds:
+Runs from: build dir
+Verify the source file against its hash and extract it. If undefined, the
+source is assumed to be a tarball.
 
-    $(package)_preprocess_cmds:
-    Runs from: build dir/$(package)_build_subdir
-    Preprocess the source as necessary. If undefined, does nothing.
+$(package)_preprocess_cmds:
+Runs from: build dir/$(package)_build_subdir
+Preprocess the source as necessary. If undefined, does nothing.
 
-    $(package)_config_cmds:
-    Runs from: build dir/$(package)_build_subdir
-    Configure the source. If undefined, does nothing.
+$(package)_config_cmds:
+Runs from: build dir/$(package)_build_subdir
+Configure the source. If undefined, does nothing.
 
-    $(package)_build_cmds:
-    Runs from: build dir/$(package)_build_subdir
-    Build the source. If undefined, does nothing.
+$(package)_build_cmds:
+Runs from: build dir/$(package)_build_subdir
+Build the source. If undefined, does nothing.
 
-    $(package)_stage_cmds:
-    Runs from: build dir/$(package)_build_subdir
-    Stage the build results. If undefined, does nothing.
+$(package)_stage_cmds:
+Runs from: build dir/$(package)_build_subdir
+Stage the build results. If undefined, does nothing.
+```
 
-  The following variables are available for each recipe:
-    
-    $(1)_staging_dir: package's destination sysroot path
-    $(1)_staging_prefix_dir: prefix path inside of the package's staging dir
-    $(1)_extract_dir: path to the package's extracted sources
-    $(1)_build_dir: path where configure/build/stage commands will be run
-    $(1)_patch_dir: path where the package's patches (if any) are found
+The following variables are available for each recipe:
+
+```    
+$(1)_staging_dir: package's destination sysroot path
+$(1)_staging_prefix_dir: prefix path inside of the package's staging dir
+$(1)_extract_dir: path to the package's extracted sources
+$(1)_build_dir: path where configure/build/stage commands will be run
+$(1)_patch_dir: path where the package's patches (if any) are found
+```
 
 Notes on build commands:
 
-For packages built with autotools, $($(package)_autoconf) can be used in the
+For packages built with autotools, `$($(package)_autoconf)` can be used in the
 configure step to (usually) correctly configure automatically. Any
-$($(package)_config_opts) will be appended.
+`$($(package)_config_opts`) will be appended.
 
 Most autotools projects can be properly staged using:
 
-    $(MAKE) DESTDIR=$($(package)_staging_dir) install
+```bash
+$(MAKE) DESTDIR=$($(package)_staging_dir) install
+```

contrib/depends/packages/cmake/conf/mxe-conf.cmake.in

@@ -1,67 +0,0 @@
-# This file is part of MXE. See LICENSE.md for licensing information.
-
-# https://cmake.org/cmake/help/latest
-
-# Can't set `cmake_minimum_required` or `cmake_policy` in toolchain
-# since toolchain is read before CMakeLists.txt
-# See `target-cmake.in` for CMAKE_POLICY_DEFAULT_CMPNNNN
-
-# Check if we are using mxe supplied version
-#   - toolchain is included multiple times so set a guard in
-#     environment to suppress duplicate messages
-if(NOT ${CMAKE_COMMAND} STREQUAL @PREFIX@/@BUILD@/bin/cmake AND NOT DEFINED ENV{_MXE_CMAKE_TOOLCHAIN_INCLUDED})
-    message(WARNING "
-** Warning: direct use of toolchain file is deprecated
-** Please use prefixed wrapper script instead:
-     @TARGET@-cmake [options] <path-to-source>
-       - uses mxe supplied cmake version @CMAKE_VERSION@
-       - loads toolchain
-       - loads common run results
-       - sets various policy defaults
-    ")
-    set(ENV{_MXE_CMAKE_TOOLCHAIN_INCLUDED} TRUE)
-endif()
-
-## General configuration
-set(CMAKE_SYSTEM_NAME Windows)
-set(MSYS 1)
-set(CMAKE_EXPORT_NO_PACKAGE_REGISTRY ON)
-# Workaround for https://www.cmake.org/Bug/view.php?id=14075
-set(CMAKE_CROSS_COMPILING ON)
-
-
-## Library config
-set(BUILD_SHARED_LIBS @CMAKE_SHARED_BOOL@ CACHE BOOL "BUILD_SHARED_LIBS" FORCE)
-set(BUILD_STATIC_LIBS @CMAKE_STATIC_BOOL@ CACHE BOOL "BUILD_STATIC_LIBS" FORCE)
-set(BUILD_SHARED @CMAKE_SHARED_BOOL@ CACHE BOOL "BUILD_SHARED" FORCE)
-set(BUILD_STATIC @CMAKE_STATIC_BOOL@ CACHE BOOL "BUILD_STATIC" FORCE)
-set(LIBTYPE @LIBTYPE@)
-
-
-## Paths etc.
-set(CMAKE_FIND_ROOT_PATH @PREFIX@/@TARGET@)
-set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
-set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
-set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
-set(CMAKE_PREFIX_PATH @PREFIX@/@TARGET@)
-set(CMAKE_INSTALL_PREFIX @PREFIX@/@TARGET@ CACHE PATH "Installation Prefix")
-# For custom mxe FindPackage scripts
-set(CMAKE_MODULE_PATH "@PREFIX@/share/cmake/modules" ${CMAKE_MODULE_PATH})
-
-
-## Programs
-set(CMAKE_C_COMPILER @PREFIX@/bin/@TARGET@-gcc)
-set(CMAKE_CXX_COMPILER @PREFIX@/bin/@TARGET@-g++)
-set(CMAKE_Fortran_COMPILER @PREFIX@/bin/@TARGET@-gfortran)
-set(CMAKE_RC_COMPILER @PREFIX@/bin/@TARGET@-windres)
-# CMAKE_RC_COMPILE_OBJECT is defined in:
-#     <cmake root>/share/cmake-X.Y/Modules/Platform/Windows-windres.cmake
-set(CPACK_NSIS_EXECUTABLE @TARGET@-makensis)
-
-## Individual package configuration
-file(GLOB mxe_cmake_files
-    "@CMAKE_TOOLCHAIN_DIR@/*.cmake"
-)
-foreach(mxe_cmake_file ${mxe_cmake_files})
-    include(${mxe_cmake_file})
-endforeach()

contrib/depends/packages/cmake/conf/target-cmake.in

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-echo "== Using MXE wrapper: @PREFIX@/bin/@TARGET@-cmake"
-
-# https://cmake.org/cmake/help/latest/manual/cmake-policies.7.html
-# https://cmake.org/cmake/help/latest/variable/CMAKE_POLICY_DEFAULT_CMPNNNN.html
-POLICIES=(0017,0020)
-
-unset NO_MXE_TOOLCHAIN
-if echo -- "$@" | grep -Ewq "(--build|-E|--system-information)" ; then
-    NO_MXE_TOOLCHAIN=1
-fi
-if [[ "$NO_MXE_TOOLCHAIN" == "1" ]]; then
-    echo "== Skip using MXE toolchain: @CMAKE_TOOLCHAIN_FILE@"
-    # see https://github.com/mxe/mxe/issues/932
-    exec "@PREFIX@/@BUILD@/bin/cmake" "$@"
-else
-    echo "     - cmake version @CMAKE_VERSION@"
-    echo "     - warnings for unused CMAKE_POLICY_DEFAULT variables can be ignored"
-    echo "== Using MXE toolchain: @CMAKE_TOOLCHAIN_FILE@"
-    echo "== Using MXE runresult: @CMAKE_RUNRESULT_FILE@"
-    if ! ( echo "$@" | grep --silent "DCMAKE_BUILD_TYPE" ) ; then
-        echo '== Adding "-DCMAKE_BUILD_TYPE=Release"'
-        set -- "-DCMAKE_BUILD_TYPE=Release" "$@"
-    fi
-    exec "@PREFIX@/@BUILD@/bin/cmake" \
-              -DCMAKE_TOOLCHAIN_FILE="@CMAKE_TOOLCHAIN_FILE@" \
-              `eval echo -DCMAKE_POLICY_DEFAULT_CMP{$POLICIES}=NEW` \
-              -C"@CMAKE_RUNRESULT_FILE@" "$@"
-fi

contrib/depends/packages/cmake/test/CMakeLists.txt

@@ -1,18 +0,0 @@
-# This file is part of MXE. See LICENSE.md for licensing information.
-
-# 2.8.9 is Debian Wheezy version
-cmake_minimum_required(VERSION 2.8.9)
-
-# use default C and CXX languages
-project(mxe)
-
-# see cmake --help-policy <cmp> for details
-cmake_policy(SET CMP0017 NEW)
-if (POLICY CMP0020)
-    cmake_policy(SET CMP0020 NEW)
-endif()
-
-# so we can find pkg-test.cmake files to include
-set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/../.. ${CMAKE_MODULE_PATH})
-
-include(${PKG}-test)

contrib/depends/packages/gtest.mk

@@ -0,0 +1,38 @@
+package=gtest
+$(package)_version=1.8.1
+$(package)_download_path=https://github.com/google/googletest/archive/
+$(package)_file_name=release-$($(package)_version).tar.gz
+$(package)_sha256_hash=9bf1fe5182a604b4135edc1a425ae356c9ad15e9b23f9f12a02e80184c3a249c
+$(package)_cxxflags=-std=c++11
+$(package)_cxxflags_linux=-fPIC
+
+define $(package)_config_cmds
+  cd googletest && \
+    CC="$(host_prefix)/native/bin/$($(package)_cc)" \
+    CXX="$(host_prefix)/native/bin/$($(package)_cxx)" \
+    AR="$(host_prefix)/native/bin/$($(package)_ar)" \
+    RANLIB="$(host_prefix)/native/bin/$($(package)_ranlib)" \
+    LIBTOOL="$(host_prefix)/native/bin/$($(package)_libtool)" \
+    CXXFLAGS="$($(package)_cxxflags)" \
+    CCFLAGS="$($(package)_ccflags)" \
+    CPPFLAGS="$($(package)_cppflags)" \
+    CFLAGS="$($(package)_cflags) $($(package)_cppflags)" \
+    LDLAGS="$($(package)_ldflags)" \
+  cmake -DCMAKE_INSTALL_PREFIX=$(build_prefix) \
+    -DTOOLCHAIN_PREFIX=$(host_toolchain) \
+    -DCMAKE_AR="$(host_prefix)/native/bin/$($(package)_ar)" \
+    -DCMAKE_RANLIB="$(host_prefix)/native/bin/$($(package)_ranlib)" \
+    -DCMAKE_CXX_FLAGS_DEBUG=ON
+endef
+# -DCMAKE_TOOLCHAIN_FILE=$(HOST)/share/toolchain.cmake
+
+define $(package)_build_cmds
+  cd googletest && CC="$(host_prefix)/native/bin/$($(package)_cc)" $(MAKE)
+endef
+
+define $(package)_stage_cmds
+  mkdir $($(package)_staging_prefix_dir)/lib $($(package)_staging_prefix_dir)/include &&\
+  cp googletest/libgtest.a $($(package)_staging_prefix_dir)/lib/ &&\
+  cp googletest/libgtest_main.a $($(package)_staging_prefix_dir)/lib/ &&\
+  cp -a googletest/include/* $($(package)_staging_prefix_dir)/include/
+endef

contrib/depends/packages/icu4c.mk

@@ -6,7 +6,7 @@ $(package)_sha256_hash=1f912c54035533fb4268809701d65c7468d00e292efbc31e644490845
 $(package)_patches=icu-001-dont-build-static-dynamic-twice.patch
 
 define $(package)_set_vars
-  $(package)_build_opts=CFLAGS="$($(package)_cflags) $($(package)_cppflags) -DU_USING_ICU_NAMESPACE=0 --std=gnu++0x -DU_STATIC_IMPLEMENTATION -DU_COMBINED_IMPLEMENTATION -fPIC -DENABLE_STATIC=YES -DPGKDATA_MODE=static"
+  $(package)_build_opts=CFLAGS="$($(package)_cflags) $($(package)_cppflags) -DU_USING_ICU_NAMESPACE=0 -DU_STATIC_IMPLEMENTATION -DU_COMBINED_IMPLEMENTATION -fPIC -DENABLE_STATIC=YES -DPGKDATA_MODE=static"
 endef
 
 define $(package)_config_cmds
@@ -17,7 +17,7 @@ define $(package)_config_cmds
   sh ../source/runConfigureICU Linux &&\
   make &&\
   cd ../buildb &&\
-  sh ../source/$($(package)_autoconf) --enable-static=yes --disable-shared --disable-layout --disable-layoutex --disable-tests --disable-samples --prefix=$(host_prefix) --with-cross-build=`pwd`/../builda &&\
+  sh ../source/runConfigureICU MinGW --enable-static=yes --disable-shared --disable-layout --disable-layoutex --disable-tests --disable-samples --prefix=$(host_prefix) --with-cross-build=`pwd`/../builda &&\
   $(MAKE) $($(package)_build_opts)
 endef
 

contrib/depends/packages/native_cctools.mk

@@ -52,6 +52,7 @@ endef
 
 define $(package)_stage_cmds
   $(MAKE) DESTDIR=$($(package)_staging_dir) install && \
+  cp $($(package)_extract_dir)/cctools/misc/install_name_tool $($(package)_staging_prefix_dir)/bin/ &&\
   cd $($(package)_extract_dir)/toolchain && \
   mkdir -p $($(package)_staging_prefix_dir)/lib/clang/$($(package)_clang_version)/include && \
   mkdir -p $($(package)_staging_prefix_dir)/bin $($(package)_staging_prefix_dir)/include && \

contrib/depends/packages/native_cmake-unused.mk

@@ -0,0 +1,23 @@
+package=native_cmake
+$(package)_version=3.14.0
+$(package)_version_dot=v3.14
+$(package)_download_path=https://cmake.org/files/$($(package)_version_dot)/
+$(package)_file_name=cmake-$($(package)_version).tar.gz
+$(package)_sha256_hash=aa76ba67b3c2af1946701f847073f4652af5cbd9f141f221c97af99127e75502
+
+define $(package)_set_vars
+$(package)_config_opts=
+endef
+
+define $(package)_config_cmds
+  ./bootstrap &&\
+  ./configure $($(package)_config_opts)
+endef
+
+define $(package)_build_cmd
+  $(MAKE)
+endef
+
+define $(package)_stage_cmds
+  $(MAKE) DESTDIR=$($(package)_staging_dir) install
+endef

contrib/depends/packages/native_protobuf.mk

@@ -15,12 +15,11 @@ define $(package)_config_cmds
 endef
 
 define $(package)_build_cmds
-  $(MAKE) -C src libprotobuf.la all
+  $(MAKE) -C src
 endef
 
 define $(package)_stage_cmds
-  $(MAKE) DESTDIR=$($(package)_staging_dir) -C src install install-libLTLIBRARIES install-nobase_includeHEADERS &&\
-  $(MAKE) DESTDIR=$($(package)_staging_dir) install-pkgconfigDATA
+  $(MAKE) DESTDIR=$($(package)_staging_dir) -C src install
 endef
 
 define $(package)_postprocess_cmds

contrib/depends/packages/openssl.mk

@@ -1,35 +1,28 @@
 package=openssl
-$(package)_version=1.0.1k
+$(package)_version=1.0.2r
 $(package)_download_path=https://www.openssl.org/source
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c
+$(package)_sha256_hash=ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6
 
 define $(package)_set_vars
 $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
 $(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl
-$(package)_config_opts+=no-camellia
 $(package)_config_opts+=no-capieng
-$(package)_config_opts+=no-cast
-$(package)_config_opts+=no-comp
 $(package)_config_opts+=no-dso
 $(package)_config_opts+=no-dtls1
 $(package)_config_opts+=no-ec_nistp_64_gcc_128
 $(package)_config_opts+=no-gost
 $(package)_config_opts+=no-gmp
 $(package)_config_opts+=no-heartbeats
-$(package)_config_opts+=no-idea
 $(package)_config_opts+=no-jpake
 $(package)_config_opts+=no-krb5
 $(package)_config_opts+=no-libunbound
 $(package)_config_opts+=no-md2
-$(package)_config_opts+=no-mdc2
-$(package)_config_opts+=no-rc4
 $(package)_config_opts+=no-rc5
 $(package)_config_opts+=no-rdrand
 $(package)_config_opts+=no-rfc3779
 $(package)_config_opts+=no-rsax
 $(package)_config_opts+=no-sctp
-$(package)_config_opts+=no-seed
 $(package)_config_opts+=no-sha0
 $(package)_config_opts+=no-shared
 $(package)_config_opts+=no-ssl-trace
@@ -39,7 +32,6 @@ $(package)_config_opts+=no-static_engine
 $(package)_config_opts+=no-store
 $(package)_config_opts+=no-unit-test
 $(package)_config_opts+=no-weak-ssl-ciphers
-$(package)_config_opts+=no-whirlpool
 $(package)_config_opts+=no-zlib
 $(package)_config_opts+=no-zlib-dynamic
 $(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags)

contrib/depends/packages/packages.mk

@@ -1,10 +1,15 @@
-packages:=boost openssl zeromq cppzmq expat ldns cppzmq readline libiconv qt hidapi protobuf libusb
+packages:=boost openssl zeromq cppzmq expat ldns readline libiconv hidapi protobuf libusb
 native_packages := native_ccache native_protobuf
 
 darwin_native_packages = native_biplist native_ds_store native_mac_alias
 darwin_packages = sodium-darwin
 
 linux_packages = eudev
+qt_packages = qt
+
+ifeq ($(build_tests),ON)
+packages += gtest
+endif
 
 ifeq ($(host_os),linux)
 packages += unwind

contrib/depends/packages/readline.mk

@@ -1,9 +1,8 @@
 package=readline
-$(package)_version=6.3
-$(package)_download_path=ftp://ftp.cwru.edu/pub/bash/
+$(package)_version=8.0
+$(package)_download_path=https://ftp.gnu.org/gnu/readline
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43
-$(package)_patches=readline-1.patch
+$(package)_sha256_hash=e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461
 
 define $(package)_set_vars
   $(package)_build_opts=CC="$($(package)_cc)"
@@ -15,7 +14,6 @@ define $(package)_set_vars
 endef
 
 define $(package)_config_cmds
-  patch -p1 < $($(package)_patch_dir)/readline-1.patch &&\
   export bash_cv_have_mbstate_t=yes &&\
   export bash_cv_wcwidth_broken=yes &&\
   ./configure $($(package)_config_opts)
@@ -29,5 +27,3 @@ define $(package)_stage_cmds
   $(MAKE) DESTDIR=$($(package)_staging_dir) install
 endef
 
-define $(package)_postprocess_cmds
-endef

contrib/depends/patches/readline/readline-1.patch

@@ -1,187 +0,0 @@
-From c0572cecbeadc8fe24c70c5c39d49210a39ac719 Mon Sep 17 00:00:00 2001
-From: Timothy Gu <timothygu99@gmail.com>
-Date: Tue, 30 Sep 2014 10:32:33 -0700
-Subject: [PATCH 1/2] signals: safeguard the remaining usage of frequently
- missing signals
-
-diff --git a/input.c b/input.c
-index 117dfe8..465f0b9 100644
---- a/input.c
-+++ b/input.c
-@@ -532,9 +532,17 @@ rl_getc (stream)
- 	 Otherwise (not EINTR), some error occurred, also signifying EOF. */
-       if (errno != EINTR)
- 	return (RL_ISSTATE (RL_STATE_READCMD) ? READERR : EOF);
--      else if (_rl_caught_signal == SIGHUP || _rl_caught_signal == SIGTERM)
-+      else if (_rl_caught_signal == SIGTERM
-+#if defined(SIGHUP)
-+               || _rl_caught_signal == SIGHUP
-+#endif
-+              )
- 	return (RL_ISSTATE (RL_STATE_READCMD) ? READERR : EOF);
--      else if (_rl_caught_signal == SIGINT || _rl_caught_signal == SIGQUIT)
-+      else if (_rl_caught_signal == SIGINT
-+#if defined(SIGQUIT)
-+               || _rl_caught_signal == SIGQUIT
-+#endif
-+              )
-         RL_CHECK_SIGNALS ();
- 
-       if (rl_signal_event_hook)
-diff --git a/signals.c b/signals.c
-index 61f02f9..7c921d6 100644
---- a/signals.c
-+++ b/signals.c
-@@ -216,7 +216,9 @@ _rl_handle_signal (sig)
-       /* FALLTHROUGH */
- 
-     case SIGTERM:
-+#if defined (SIGHUP)
-     case SIGHUP:
-+#endif
- #if defined (SIGTSTP)
-     case SIGTSTP:
-     case SIGTTOU:
-@@ -426,7 +428,9 @@ rl_set_signals ()
- 
-       rl_maybe_set_sighandler (SIGINT, rl_signal_handler, &old_int);
-       rl_maybe_set_sighandler (SIGTERM, rl_signal_handler, &old_term);
-+#if defined (SIGHUP)
-       rl_maybe_set_sighandler (SIGHUP, rl_signal_handler, &old_hup);
-+#endif
- #if defined (SIGQUIT)
-       rl_maybe_set_sighandler (SIGQUIT, rl_signal_handler, &old_quit);
- #endif
-@@ -491,7 +495,9 @@ rl_clear_signals ()
- 	 overhead */
-       rl_maybe_restore_sighandler (SIGINT, &old_int);
-       rl_maybe_restore_sighandler (SIGTERM, &old_term);
-+#if defined (SIGHUP)
-       rl_maybe_restore_sighandler (SIGHUP, &old_hup);
-+#endif
- #if defined (SIGQUIT)
-       rl_maybe_restore_sighandler (SIGQUIT, &old_quit);
- #endif
--- 
-1.8.3.2
-
-
-From 6896ffa4fc85bf0dfae58e69a860d2076c1d9fd2 Mon Sep 17 00:00:00 2001
-From: Timothy Gu <timothygu99@gmail.com>
-Date: Tue, 30 Sep 2014 17:16:32 -0700
-Subject: [PATCH 2/2] Handle missing S_IS* macros more gracefully
-
-diff --git a/colors.c b/colors.c
-index 89d9035..ec19844 100644
---- a/colors.c
-+++ b/colors.c
-@@ -152,14 +152,22 @@ _rl_print_color_indicator (char *f)
-         {
-           colored_filetype = C_FILE;
- 
-+#if defined (S_ISUID)
-           if ((mode & S_ISUID) != 0 && is_colored (C_SETUID))
-             colored_filetype = C_SETUID;
--          else if ((mode & S_ISGID) != 0 && is_colored (C_SETGID))
-+          else
-+#endif
-+#if defined (S_ISGID)
-+          if ((mode & S_ISGID) != 0 && is_colored (C_SETGID))
-             colored_filetype = C_SETGID;
--          else if (is_colored (C_CAP) && 0) //f->has_capability)
-+          else
-+#endif
-+          if (is_colored (C_CAP) && 0) //f->has_capability)
-             colored_filetype = C_CAP;
-+#if defined(S_IXUGO)
-           else if ((mode & S_IXUGO) != 0 && is_colored (C_EXEC))
-             colored_filetype = C_EXEC;
-+#endif
-           else if ((1 < astat.st_nlink) && is_colored (C_MULTIHARDLINK))
-             colored_filetype = C_MULTIHARDLINK;
-         }
-@@ -173,8 +181,10 @@ _rl_print_color_indicator (char *f)
-             colored_filetype = C_STICKY_OTHER_WRITABLE;
-           else
- #endif
-+#if defined (S_IWOTH)
-           if ((mode & S_IWOTH) != 0 && is_colored (C_OTHER_WRITABLE))
-             colored_filetype = C_OTHER_WRITABLE;
-+#endif
- #if defined (S_ISVTX)
-           else if ((mode & S_ISVTX) != 0 && is_colored (C_STICKY))
-             colored_filetype = C_STICKY;
-diff --git a/colors.h b/colors.h
-index fc926e5..e62edd0 100644
---- a/colors.h
-+++ b/colors.h
-@@ -96,7 +96,7 @@ enum indicator_no
-   };
- 
- 
--#if !S_IXUGO
-+#if !S_IXUGO && defined(S_IXUSR) && defined(S_IXGRP) && defined(S_IXOTH)
- # define S_IXUGO (S_IXUSR | S_IXGRP | S_IXOTH)
- #endif
- 
-diff --git a/posixstat.h b/posixstat.h
-index 3eb7f29..854a2c9 100644
---- a/posixstat.h
-+++ b/posixstat.h
-@@ -78,30 +78,44 @@
- 
- #if defined (S_IFBLK) && !defined (S_ISBLK)
- #define	S_ISBLK(m)	(((m)&S_IFMT) == S_IFBLK)	/* block device */
-+#elif !defined (S_IFBLK)
-+#define S_ISBLK(m)	0
- #endif
- 
- #if defined (S_IFCHR) && !defined (S_ISCHR)
- #define	S_ISCHR(m)	(((m)&S_IFMT) == S_IFCHR)	/* character device */
-+#elif !defined (S_IFCHR)
-+#define S_ISCHR(m)	0
- #endif
- 
- #if defined (S_IFDIR) && !defined (S_ISDIR)
- #define	S_ISDIR(m)	(((m)&S_IFMT) == S_IFDIR)	/* directory */
-+#elif !defined (S_IFDIR)
-+#define S_ISDIR(m)	0
- #endif
- 
- #if defined (S_IFREG) && !defined (S_ISREG)
- #define	S_ISREG(m)	(((m)&S_IFMT) == S_IFREG)	/* file */
-+#elif !defined (S_IFREG)
-+#define S_ISREG(m)	0
- #endif
- 
- #if defined (S_IFIFO) && !defined (S_ISFIFO)
- #define	S_ISFIFO(m)	(((m)&S_IFMT) == S_IFIFO)	/* fifo - named pipe */
-+#elif !defined (S_IFIFO)
-+#define S_ISFIFO(m)	0
- #endif
- 
- #if defined (S_IFLNK) && !defined (S_ISLNK)
- #define	S_ISLNK(m)	(((m)&S_IFMT) == S_IFLNK)	/* symbolic link */
-+#elif !defined (S_IFLNK)
-+#define S_ISLNK(m)	0
- #endif
- 
- #if defined (S_IFSOCK) && !defined (S_ISSOCK)
- #define	S_ISSOCK(m)	(((m)&S_IFMT) == S_IFSOCK)	/* socket */
-+#elif !defined (S_IFSOCK)
-+#define S_ISSOCK(m)	0
- #endif
- 
- /*
-@@ -137,6 +151,8 @@
- /* These are non-standard, but are used in builtins.c$symbolic_umask() */
- #define S_IRUGO		(S_IRUSR | S_IRGRP | S_IROTH)
- #define S_IWUGO		(S_IWUSR | S_IWGRP | S_IWOTH)
-+#if defined(S_IXUSR) && defined(S_IXGRP) && defined(S_IXOTH)
- #define S_IXUGO		(S_IXUSR | S_IXGRP | S_IXOTH)
-+#endif
- 
- #endif /* _POSIXSTAT_H_ */
--- 
-1.8.3.2
-

contrib/depends/toolchain.cmake.in

@@ -1,9 +1,17 @@
 # Set the system name, either Darwin, Linux, or Windows
 SET(CMAKE_SYSTEM_NAME @depends@)
-SET(CMAKE_BUILD_TYPE release)
+SET(CMAKE_BUILD_TYPE @release_type@)
 
-SET(STATIC true)
-SET(UNBOUND_STATIC true)
+OPTION(STATIC "Link libraries statically" ON)
+OPTION(TREZOR_DEBUG "Main trezor debugging switch" OFF)
+OPTION(BUILD_TESTS "Build tests." OFF)
+
+SET(STATIC ON)
+SET(UNBOUND_STATIC ON)
+SET(ARCH "default")
+
+SET(BUILD_TESTS @build_tests@)
+SET(TREZOR_DEBUG @build_tests@)
 
 # where is the target environment 
 SET(CMAKE_FIND_ROOT_PATH @prefix@ /usr)
@@ -47,6 +55,8 @@ set (CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) # Find programs on host
 set (CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) # Find libs in target
 set (CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) # Find includes in target
 
+set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_HOST_SYSTEM_PROCESSOR} CACHE STRING "" FORCE)
+
 # specify the cross compiler to be used. Darwin uses clang provided by the SDK.
 if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
   SET(CMAKE_C_COMPILER @prefix@/native/bin/clang)
@@ -88,6 +98,11 @@ endif()
 
 if(ARCHITECTURE STREQUAL "i686" AND CMAKE_SYSTEM_NAME STREQUAL "Linux")
   SET(LINUX_32 ON)
+  SET(ARCH_ID "i386")
+endif()
+
+if(ARCHITECTURE STREQUAL "x86_64" AND CMAKE_SYSTEM_NAME STREQUAL "Linux")
+  SET(ARCH_ID "x86_64")
 endif()
 
 #Create a new global cmake flag that indicates building with depends

contrib/epee/demo/iface/transport_defs.h

@@ -81,7 +81,7 @@ namespace demo
 	{
 		const static int ID = 1000;
 
-		struct request
+		struct request_t
 		{		
       std::string example_string_data;
       some_test_data sub;
@@ -91,9 +91,10 @@ namespace demo
         KV_SERIALIZE(sub)
       END_KV_SERIALIZE_MAP()
 		};
+      typedef epee::misc_utils::struct_init<request_t> request;
 
 
-		struct response
+		struct response_t
 		{
 			bool 	 m_success; 
       std::list<some_test_data> subs;
@@ -104,6 +105,7 @@ namespace demo
       END_KV_SERIALIZE_MAP()
 		};
 	};
+      typedef epee::misc_utils::struct_init<response_t> response;
 
 
 
@@ -111,7 +113,7 @@ namespace demo
 	{
 		const static int ID = 1001;
 
-    struct request
+    struct request_t
     {		
       std::string example_string_data2;
 
@@ -119,8 +121,9 @@ namespace demo
         KV_SERIALIZE(example_string_data2)
       END_KV_SERIALIZE_MAP()
     };
+    typedef epee::misc_utils::struct_init<request_t> request;
 
-    struct response
+    struct response_t
     {
       bool 	 m_success; 
 
@@ -129,6 +132,7 @@ namespace demo
         KV_SERIALIZE(m_success)
       END_KV_SERIALIZE_MAP()
     };
+    typedef epee::misc_utils::struct_init<response_t> response;
 	};
 
 

contrib/epee/include/console_handler.h

@@ -357,6 +357,7 @@ eof:
           if (m_stdin_reader.eos())
           {
             MGINFO("EOF on stdin, exiting");
+            std::cout << std::endl;
             break;
           }
           if (!get_line_ret)

contrib/epee/include/hex.h

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018, The Monero Project
+// Copyright (c) 2017-2019, The Monero Project
 //
 // All rights reserved.
 //
@@ -32,6 +32,7 @@
 #include <cstdint>
 #include <iosfwd>
 #include <string>
+#include <boost/utility/string_ref.hpp>
 
 #include "wipeable_string.h"
 #include "span.h"
@@ -68,4 +69,10 @@ namespace epee
     //! Write `src` bytes as hex to `out`. `out` must be twice the length
     static void buffer_unchecked(char* out, const span<const std::uint8_t> src) noexcept;
   };
+
+  struct from_hex
+  {
+      //! \return An std::vector of unsigned integers from the `src`
+      static std::vector<uint8_t> vector(boost::string_ref src);
+  };
 }

contrib/epee/include/math_helper.h

@@ -32,7 +32,7 @@
 
 #include <list>
 #include <numeric>
-#include <boost/timer.hpp>
+#include <boost/timer/timer.hpp>
 #include <boost/uuid/uuid.hpp>
 #include <boost/uuid/random_generator.hpp>
 
@@ -243,6 +243,7 @@ namespace math_helper
       present = present << 32;
       present |= fileTime.dwLowDateTime;
       present /= 10;  // mic-sec
+      return present;
 #else
       struct timeval tv;
       gettimeofday(&tv, NULL);

contrib/epee/include/memwipe.h

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018, The Monero Project
+// Copyright (c) 2017-2019, The Monero Project
 // 
 // All rights reserved.
 // 

contrib/epee/include/misc_language.h

@@ -159,5 +159,10 @@ namespace misc_utils
     return slc;
   }
 
+  template<typename T> struct struct_init: T
+  {
+    struct_init(): T{} {}
+  };
+
 }
 }

contrib/epee/include/misc_log_ex.h

@@ -85,6 +85,16 @@
 #define MGINFO_MAGENTA(x) MCLOG_MAGENTA(el::Level::Info, "global",x)
 #define MGINFO_CYAN(x) MCLOG_CYAN(el::Level::Info, "global",x)
 
+#define IFLOG(level, cat, type, init, x) \
+  do { \
+    if (ELPP->vRegistry()->allowed(level, cat)) { \
+      init; \
+      el::base::Writer(level, __FILE__, __LINE__, ELPP_FUNC, type).construct(cat) << x; \
+    } \
+  } while(0)
+#define MIDEBUG(init, x) IFLOG(el::Level::Debug, MONERO_DEFAULT_LOG_CATEGORY, el::base::DispatchAction::NormalLog, init, x)
+
+
 #define LOG_ERROR(x) MERROR(x)
 #define LOG_PRINT_L0(x) MWARNING(x)
 #define LOG_PRINT_L1(x) MINFO(x)

contrib/epee/include/net/abstract_tcp_server2.h

@@ -41,10 +41,12 @@
 #include <boost/noncopyable.hpp>
 #include <boost/shared_ptr.hpp>
 #include <atomic>
+#include <cassert>
 #include <map>
 #include <memory>
 
 #include <boost/asio.hpp>
+#include <boost/asio/ssl.hpp>
 #include <boost/array.hpp>
 #include <boost/noncopyable.hpp>
 #include <boost/shared_ptr.hpp>
@@ -87,22 +89,39 @@ namespace net_utils
   {
   public:
     typedef typename t_protocol_handler::connection_context t_connection_context;
+
+    struct shared_state : connection_basic_shared_state
+    {
+      shared_state()
+        : connection_basic_shared_state(), pfilter(nullptr), config(), stop_signal_sent(false)
+      {}
+
+      i_connection_filter* pfilter;
+      typename t_protocol_handler::config_type config;
+      bool stop_signal_sent;
+    };
+
     /// Construct a connection with the given io_service.
-   
     explicit connection( boost::asio::io_service& io_service,
-			typename t_protocol_handler::config_type& config, 
-			std::atomic<long> &ref_sock_count,  // the ++/-- counter 
-			std::atomic<long> &sock_number, // the only increasing ++ number generator
-			i_connection_filter * &pfilter
-			,t_connection_type connection_type);
+                        boost::shared_ptr<shared_state> state,
+			t_connection_type connection_type,
+			epee::net_utils::ssl_support_t ssl_support);
+
+    explicit connection( boost::asio::ip::tcp::socket&& sock,
+			 boost::shared_ptr<shared_state> state,
+			t_connection_type connection_type,
+			epee::net_utils::ssl_support_t ssl_support);
+
+
 
     virtual ~connection() noexcept(false);
-    /// Get the socket associated with the connection.
-    boost::asio::ip::tcp::socket& socket();
 
     /// Start the first asynchronous operation for the connection.
     bool start(bool is_income, bool is_multithreaded);
 
+    // `real_remote` is the actual endpoint (if connection is to proxy, etc.)
+    bool start(bool is_income, bool is_multithreaded, network_address real_remote);
+
     void get_context(t_connection_context& context_){context_ = context;}
 
     void call_back_starter();
@@ -128,6 +147,10 @@ namespace net_utils
     //------------------------------------------------------
     boost::shared_ptr<connection<t_protocol_handler> > safe_shared_from_this();
     bool shutdown();
+    /// Handle completion of a receive operation.
+    void handle_receive(const boost::system::error_code& e,
+      std::size_t bytes_transferred);
+
     /// Handle completion of a read operation.
     void handle_read(const boost::system::error_code& e,
       std::size_t bytes_transferred);
@@ -145,10 +168,9 @@ namespace net_utils
 
     /// Buffer for incoming data.
     boost::array<char, 8192> buffer_;
-    //boost::array<char, 1024> buffer_;
+    size_t buffer_ssl_init_fill;
 
     t_connection_context context;
-    i_connection_filter* &m_pfilter;
 
 	// TODO what do they mean about wait on destructor?? --rfree :
     //this should be the last one, because it could be wait on destructor, while other activities possible on other threads
@@ -185,6 +207,13 @@ namespace net_utils
   class boosted_tcp_server
     : private boost::noncopyable
   {
+    enum try_connect_result_t
+    {
+      CONNECT_SUCCESS,
+      CONNECT_FAILURE,
+      CONNECT_NO_SSL,
+    };
+
   public:
     typedef boost::shared_ptr<connection<t_protocol_handler> > connection_ptr;
     typedef typename t_protocol_handler::connection_context t_connection_context;
@@ -198,8 +227,8 @@ namespace net_utils
     std::map<std::string, t_connection_type> server_type_map;
     void create_server_type_map();
 
-    bool init_server(uint32_t port, const std::string address = "0.0.0.0");
-    bool init_server(const std::string port,  const std::string& address = "0.0.0.0");
+    bool init_server(uint32_t port, const std::string address = "0.0.0.0", ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);
+    bool init_server(const std::string port,  const std::string& address = "0.0.0.0", ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);
 
     /// Run the server's io_service loop.
     bool run_server(size_t threads_count, bool wait = true, const boost::thread::attributes& attrs = boost::thread::attributes());
@@ -210,7 +239,9 @@ namespace net_utils
     /// Stop the server.
     void send_stop_signal();
 
-    bool is_stop_signal_sent();
+    bool is_stop_signal_sent() const noexcept { return m_stop_signal_sent; };
+
+    const std::atomic<bool>& get_stop_signal() const noexcept { return m_stop_signal_sent; }
 
     void set_threads_prefix(const std::string& prefix_name);
 
@@ -220,17 +251,29 @@ namespace net_utils
 
     void set_connection_filter(i_connection_filter* pfilter);
 
-    bool connect(const std::string& adr, const std::string& port, uint32_t conn_timeot, t_connection_context& cn, const std::string& bind_ip = "0.0.0.0");
-    template<class t_callback>
-    bool connect_async(const std::string& adr, const std::string& port, uint32_t conn_timeot, const t_callback &cb, const std::string& bind_ip = "0.0.0.0");
+    void set_default_remote(epee::net_utils::network_address remote)
+    {
+      default_remote = std::move(remote);
+    }
 
-    typename t_protocol_handler::config_type& get_config_object(){return m_config;}
+    bool add_connection(t_connection_context& out, boost::asio::ip::tcp::socket&& sock, network_address real_remote, epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
+    try_connect_result_t try_connect(connection_ptr new_connection_l, const std::string& adr, const std::string& port, boost::asio::ip::tcp::socket &sock_, const boost::asio::ip::tcp::endpoint &remote_endpoint, const std::string &bind_ip, uint32_t conn_timeout, epee::net_utils::ssl_support_t ssl_support);
+    bool connect(const std::string& adr, const std::string& port, uint32_t conn_timeot, t_connection_context& cn, const std::string& bind_ip = "0.0.0.0", epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
+    template<class t_callback>
+    bool connect_async(const std::string& adr, const std::string& port, uint32_t conn_timeot, const t_callback &cb, const std::string& bind_ip = "0.0.0.0", epee::net_utils::ssl_support_t ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_autodetect);
+
+    typename t_protocol_handler::config_type& get_config_object()
+    {
+      assert(m_state != nullptr); // always set in constructor
+      return m_state->config;
+    }
 
     int get_binded_port(){return m_port;}
 
     long get_connections_count() const
     {
-      auto connections_count = (m_sock_count > 0) ? (m_sock_count - 1) : 0; // Socket count minus listening socket
+      assert(m_state != nullptr); // always set in constructor
+      auto connections_count = m_state->sock_count > 0 ? (m_state->sock_count - 1) : 0; // Socket count minus listening socket
       return connections_count;
     }
 
@@ -292,9 +335,6 @@ namespace net_utils
       return true;
     }
 
-  protected:
-    typename t_protocol_handler::config_type m_config;
-
   private:
     /// Run the server's io_service loop.
     bool worker_thread();
@@ -303,21 +343,30 @@ namespace net_utils
 
     bool is_thread_worker();
 
+    const boost::shared_ptr<typename connection<t_protocol_handler>::shared_state> m_state;
+
     /// The io_service used to perform asynchronous operations.
-    std::unique_ptr<boost::asio::io_service> m_io_service_local_instance;
+    struct worker
+    {
+      worker()
+        : io_service(), work(io_service)
+      {}
+
+      boost::asio::io_service io_service;
+      boost::asio::io_service::work work;
+    };
+    std::unique_ptr<worker> m_io_service_local_instance;
     boost::asio::io_service& io_service_;    
 
     /// Acceptor used to listen for incoming connections.
     boost::asio::ip::tcp::acceptor acceptor_;
+    epee::net_utils::network_address default_remote;
 
     std::atomic<bool> m_stop_signal_sent;
     uint32_t m_port;
-	std::atomic<long> m_sock_count;
-	std::atomic<long> m_sock_number;
     std::string m_address;
     std::string m_thread_name_prefix; //TODO: change to enum server_type, now used
     size_t m_threads_count;
-    i_connection_filter* m_pfilter;
     std::vector<boost::shared_ptr<boost::thread> > m_threads;
     boost::thread::id m_main_thread_id;
     critical_section m_threads_lock;
@@ -330,7 +379,6 @@ namespace net_utils
 
     boost::mutex connections_mutex;
     std::set<connection_ptr> connections_;
-
   }; // class <>boosted_tcp_server
 
 

contrib/epee/include/net/abstract_tcp_server2.inl

@@ -40,6 +40,7 @@
 #include <boost/asio/deadline_timer.hpp>
 #include <boost/date_time/posix_time/posix_time.hpp> // TODO
 #include <boost/thread/condition_variable.hpp> // TODO
+#include <boost/make_shared.hpp>
 #include "warnings.h"
 #include "string_tools.h"
 #include "misc_language.h"
@@ -53,15 +54,26 @@
 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "net"
 
+#define AGGRESSIVE_TIMEOUT_THRESHOLD 120 // sockets
+#define NEW_CONNECTION_TIMEOUT_LOCAL 1200000 // 2 minutes
+#define NEW_CONNECTION_TIMEOUT_REMOTE 10000 // 10 seconds
 #define DEFAULT_TIMEOUT_MS_LOCAL 1800000 // 30 minutes
 #define DEFAULT_TIMEOUT_MS_REMOTE 300000 // 5 minutes
 #define TIMEOUT_EXTRA_MS_PER_BYTE 0.2
 
+
 PRAGMA_WARNING_PUSH
 namespace epee
 {
 namespace net_utils
 {
+  template<typename T>
+  T& check_and_get(boost::shared_ptr<T>& ptr)
+  {
+    CHECK_AND_ASSERT_THROW_MES(bool(ptr), "shared_state cannot be null");
+    return *ptr;
+  }
+
   /************************************************************************/
   /*                                                                      */
   /************************************************************************/
@@ -69,25 +81,34 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 
   template<class t_protocol_handler>
   connection<t_protocol_handler>::connection( boost::asio::io_service& io_service,
-  	typename t_protocol_handler::config_type& config, 
-		std::atomic<long> &ref_sock_count,  // the ++/-- counter 
-		std::atomic<long> &sock_number, // the only increasing ++ number generator
-		i_connection_filter* &pfilter
-		,t_connection_type connection_type
+                boost::shared_ptr<shared_state> state,
+		t_connection_type connection_type,
+		ssl_support_t ssl_support
+	)
+	: connection(boost::asio::ip::tcp::socket{io_service}, std::move(state), connection_type, ssl_support)
+  {
+  }
+
+  template<class t_protocol_handler>
+  connection<t_protocol_handler>::connection( boost::asio::ip::tcp::socket&& sock,
+                boost::shared_ptr<shared_state> state,
+		t_connection_type connection_type,
+		ssl_support_t ssl_support
 	)
 	: 
-		connection_basic(io_service, ref_sock_count, sock_number), 
-		m_protocol_handler(this, config, context),
-		m_pfilter( pfilter ),
+		connection_basic(std::move(sock), state, ssl_support),
+		m_protocol_handler(this, check_and_get(state).config, context),
+		buffer_ssl_init_fill(0),
 		m_connection_type( connection_type ),
 		m_throttle_speed_in("speed_in", "throttle_speed_in"),
 		m_throttle_speed_out("speed_out", "throttle_speed_out"),
-		m_timer(io_service),
+		m_timer(GET_IO_SERVICE(socket_)),
 		m_local(false),
 		m_ready_to_close(false)
   {
     MDEBUG("test, connection constructor set m_connection_type="<<m_connection_type);
   }
+
 PRAGMA_WARNING_DISABLE_VS(4355)
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
@@ -95,17 +116,11 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   {
     if(!m_was_shutdown)
     {
-      _dbg3("[sock " << socket_.native_handle() << "] Socket destroyed without shutdown.");
+      _dbg3("[sock " << socket().native_handle() << "] Socket destroyed without shutdown.");
       shutdown();
     }
 
-    _dbg3("[sock " << socket_.native_handle() << "] Socket destroyed");
-  }
-  //---------------------------------------------------------------------------------
-  template<class t_protocol_handler>
-  boost::asio::ip::tcp::socket& connection<t_protocol_handler>::socket()
-  {
-    return socket_;
+    _dbg3("[sock " << socket().native_handle() << "] Socket destroyed");
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
@@ -127,36 +142,47 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   {
     TRY_ENTRY();
 
+    boost::system::error_code ec;
+    auto remote_ep = socket().remote_endpoint(ec);
+    CHECK_AND_NO_ASSERT_MES(!ec, false, "Failed to get remote endpoint: " << ec.message() << ':' << ec.value());
+    CHECK_AND_NO_ASSERT_MES(remote_ep.address().is_v4(), false, "IPv6 not supported here");
+
+    const unsigned long ip_{boost::asio::detail::socket_ops::host_to_network_long(remote_ep.address().to_v4().to_ulong())};
+    return start(is_income, is_multithreaded, ipv4_network_address{uint32_t(ip_), remote_ep.port()});
+    CATCH_ENTRY_L0("connection<t_protocol_handler>::start()", false);
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
+  bool connection<t_protocol_handler>::start(bool is_income, bool is_multithreaded, network_address real_remote)
+  {
+    TRY_ENTRY();
+
     // Use safe_shared_from_this, because of this is public method and it can be called on the object being deleted
     auto self = safe_shared_from_this();
     if(!self)
       return false;
 
     m_is_multithreaded = is_multithreaded;
-
-    boost::system::error_code ec;
-    auto remote_ep = socket_.remote_endpoint(ec);
-    CHECK_AND_NO_ASSERT_MES(!ec, false, "Failed to get remote endpoint: " << ec.message() << ':' << ec.value());
-    CHECK_AND_NO_ASSERT_MES(remote_ep.address().is_v4(), false, "IPv6 not supported here");
-
-    auto local_ep = socket_.local_endpoint(ec);
-    CHECK_AND_NO_ASSERT_MES(!ec, false, "Failed to get local endpoint: " << ec.message() << ':' << ec.value());
-
-    context = boost::value_initialized<t_connection_context>();
-    const unsigned long ip_{boost::asio::detail::socket_ops::host_to_network_long(remote_ep.address().to_v4().to_ulong())};
-    m_local = epee::net_utils::is_ip_loopback(ip_) || epee::net_utils::is_ip_local(ip_);
+    m_local = real_remote.is_loopback() || real_remote.is_local();
 
     // create a random uuid, we don't need crypto strength here
     const boost::uuids::uuid random_uuid = boost::uuids::random_generator()();
 
-    context.set_details(random_uuid, epee::net_utils::ipv4_network_address(ip_, remote_ep.port()), is_income);
+    context = t_connection_context{};
+    bool ssl = m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled;
+    context.set_details(random_uuid, std::move(real_remote), is_income, ssl);
+
+    boost::system::error_code ec;
+    auto local_ep = socket().local_endpoint(ec);
+    CHECK_AND_NO_ASSERT_MES(!ec, false, "Failed to get local endpoint: " << ec.message() << ':' << ec.value());
+
     _dbg3("[sock " << socket_.native_handle() << "] new connection from " << print_connection_context_short(context) <<
       " to " << local_ep.address().to_string() << ':' << local_ep.port() <<
-      ", total sockets objects " << m_ref_sock_count);
+      ", total sockets objects " << get_state().sock_count);
 
-    if(m_pfilter && !m_pfilter->is_remote_host_allowed(context.m_remote_address))
+    if(static_cast<shared_state&>(get_state()).pfilter && !static_cast<shared_state&>(get_state()).pfilter->is_remote_host_allowed(context.m_remote_address))
     {
-      _dbg2("[sock " << socket_.native_handle() << "] host denied " << context.m_remote_address.host_str() << ", shutdowning connection");
+      _dbg2("[sock " << socket().native_handle() << "] host denied " << context.m_remote_address.host_str() << ", shutdowning connection");
       close();
       return false;
     }
@@ -166,13 +192,23 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 
     m_protocol_handler.after_init_connection();
 
-    reset_timer(get_default_timeout(), false);
+    reset_timer(boost::posix_time::milliseconds(m_local ? NEW_CONNECTION_TIMEOUT_LOCAL : NEW_CONNECTION_TIMEOUT_REMOTE), false);
 
-    socket_.async_read_some(boost::asio::buffer(buffer_),
-      strand_.wrap(
-        boost::bind(&connection<t_protocol_handler>::handle_read, self,
-          boost::asio::placeholders::error,
-          boost::asio::placeholders::bytes_transferred)));
+    // first read on the raw socket to detect SSL for the server
+    buffer_ssl_init_fill = 0;
+    if (is_income && m_ssl_support != epee::net_utils::ssl_support_t::e_ssl_support_disabled)
+      socket().async_receive(boost::asio::buffer(buffer_),
+        boost::asio::socket_base::message_peek,
+        strand_.wrap(
+          boost::bind(&connection<t_protocol_handler>::handle_receive, self,
+            boost::asio::placeholders::error,
+            boost::asio::placeholders::bytes_transferred)));
+    else
+      async_read_some(boost::asio::buffer(buffer_),
+        strand_.wrap(
+          boost::bind(&connection<t_protocol_handler>::handle_read, self,
+            boost::asio::placeholders::error,
+            boost::asio::placeholders::bytes_transferred)));
 #if !defined(_WIN32) || !defined(__i686)
 	// not supported before Windows7, too lazy for runtime check
 	// Just exclude for 32bit windows builds
@@ -180,12 +216,12 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 	int tos = get_tos_flag();
 	boost::asio::detail::socket_option::integer< IPPROTO_IP, IP_TOS >
 	optionTos( tos );
-    socket_.set_option( optionTos );
+    socket().set_option( optionTos );
 	//_dbg1("Set ToS flag to " << tos);
 #endif
 	
 	boost::asio::ip::tcp::no_delay noDelayOption(false);
-	socket_.set_option(noDelayOption);
+	socket().set_option(noDelayOption);
 	
     return true;
 
@@ -210,7 +246,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   template<class t_protocol_handler>
   boost::asio::io_service& connection<t_protocol_handler>::get_io_service()
   {
-    return socket_.get_io_service();
+    return GET_IO_SERVICE(socket());
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
@@ -222,9 +258,9 @@ PRAGMA_WARNING_DISABLE_VS(4355)
     auto self = safe_shared_from_this();
     if(!self)
       return false;
-    //_dbg3("[sock " << socket_.native_handle() << "] add_ref, m_peer_number=" << mI->m_peer_number);
+    //_dbg3("[sock " << socket().native_handle() << "] add_ref, m_peer_number=" << mI->m_peer_number);
     CRITICAL_REGION_LOCAL(self->m_self_refs_lock);
-    //_dbg3("[sock " << socket_.native_handle() << "] add_ref 2, m_peer_number=" << mI->m_peer_number);
+    //_dbg3("[sock " << socket().native_handle() << "] add_ref 2, m_peer_number=" << mI->m_peer_number);
     if(m_was_shutdown)
       return false;
     ++m_reference_count;
@@ -238,9 +274,9 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   {
     TRY_ENTRY();
     boost::shared_ptr<connection<t_protocol_handler> >  back_connection_copy;
-    LOG_TRACE_CC(context, "[sock " << socket_.native_handle() << "] release");
+    LOG_TRACE_CC(context, "[sock " << socket().native_handle() << "] release");
     CRITICAL_REGION_BEGIN(m_self_refs_lock);
-    CHECK_AND_ASSERT_MES(m_reference_count, false, "[sock " << socket_.native_handle() << "] m_reference_count already at 0 at connection<t_protocol_handler>::release() call");
+    CHECK_AND_ASSERT_MES(m_reference_count, false, "[sock " << socket().native_handle() << "] m_reference_count already at 0 at connection<t_protocol_handler>::release() call");
     // is this the last reference?
     if (--m_reference_count == 0) {
         // move the held reference to a local variable, keeping the object alive until the function terminates
@@ -266,7 +302,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
     std::string address, port;
     boost::system::error_code e;
 
-    boost::asio::ip::tcp::endpoint endpoint = socket_.remote_endpoint(e);
+    boost::asio::ip::tcp::endpoint endpoint = socket().remote_endpoint(e);
     if (e)
     {
       address = "<not connected>";
@@ -278,8 +314,8 @@ PRAGMA_WARNING_DISABLE_VS(4355)
       port = boost::lexical_cast<std::string>(endpoint.port());
     }
     MDEBUG(" connection type " << to_string( m_connection_type ) << " "
-        << socket_.local_endpoint().address().to_string() << ":" << socket_.local_endpoint().port()
-        << " <--> " << address << ":" << port);
+        << socket().local_endpoint().address().to_string() << ":" << socket().local_endpoint().port()
+        << " <--> " << context.m_remote_address.str() << " (via " << address << ":" << port << ")");
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
@@ -287,7 +323,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
     std::size_t bytes_transferred)
   {
     TRY_ENTRY();
-    //_info("[sock " << socket_.native_handle() << "] Async read calledback.");
+    //_info("[sock " << socket().native_handle() << "] Async read calledback.");
     
     if (!e)
     {
@@ -295,6 +331,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 			CRITICAL_REGION_LOCAL(m_throttle_speed_in_mutex);
 			m_throttle_speed_in.handle_trafic_exact(bytes_transferred);
 			context.m_current_speed_down = m_throttle_speed_in.get_current_speed();
+			context.m_max_speed_down = std::max(context.m_max_speed_down, context.m_current_speed_down);
 		}
     
     {
@@ -322,7 +359,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 			} while(delay > 0);
 		} // any form of sleeping
 		
-      //_info("[sock " << socket_.native_handle() << "] RECV " << bytes_transferred);
+      //_info("[sock " << socket().native_handle() << "] RECV " << bytes_transferred);
       logger_handle_net_read(bytes_transferred);
       context.m_last_recv = time(NULL);
       context.m_recv_cnt += bytes_transferred;
@@ -330,7 +367,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
       bool recv_res = m_protocol_handler.handle_recv(buffer_.data(), bytes_transferred);
       if(!recv_res)
       {  
-        //_info("[sock " << socket_.native_handle() << "] protocol_want_close");
+        //_info("[sock " << socket().native_handle() << "] protocol_want_close");
 
         //some error in protocol, protocol handler ask to close connection
         boost::interprocess::ipcdetail::atomic_write32(&m_want_close_connection, 1);
@@ -344,24 +381,24 @@ PRAGMA_WARNING_DISABLE_VS(4355)
       }else
       {
         reset_timer(get_timeout_from_bytes_read(bytes_transferred), false);
-        socket_.async_read_some(boost::asio::buffer(buffer_),
+        async_read_some(boost::asio::buffer(buffer_),
           strand_.wrap(
             boost::bind(&connection<t_protocol_handler>::handle_read, connection<t_protocol_handler>::shared_from_this(),
               boost::asio::placeholders::error,
               boost::asio::placeholders::bytes_transferred)));
-        //_info("[sock " << socket_.native_handle() << "]Async read requested.");
+        //_info("[sock " << socket().native_handle() << "]Async read requested.");
       }
     }else
     {
-      _dbg3("[sock " << socket_.native_handle() << "] Some not success at read: " << e.message() << ':' << e.value());
+      _dbg3("[sock " << socket().native_handle() << "] Some not success at read: " << e.message() << ':' << e.value());
       if(e.value() != 2)
       {
-        _dbg3("[sock " << socket_.native_handle() << "] Some problems at read: " << e.message() << ':' << e.value());
+        _dbg3("[sock " << socket().native_handle() << "] Some problems at read: " << e.message() << ':' << e.value());
         shutdown();
       }
       else
       {
-        _dbg3("[sock " << socket_.native_handle() << "] peer closed connection");
+        _dbg3("[sock " << socket().native_handle() << "] peer closed connection");
         if (m_ready_to_close)
           shutdown();
       }
@@ -375,13 +412,85 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
+  void connection<t_protocol_handler>::handle_receive(const boost::system::error_code& e,
+    std::size_t bytes_transferred)
+  {
+    TRY_ENTRY();
+    if (e)
+    {
+      // offload the error case
+      handle_read(e, bytes_transferred);
+      return;
+    }
+
+    reset_timer(get_timeout_from_bytes_read(bytes_transferred), false);
+
+    buffer_ssl_init_fill += bytes_transferred;
+    if (buffer_ssl_init_fill <= get_ssl_magic_size())
+    {
+      socket().async_receive(boost::asio::buffer(buffer_.data() + buffer_ssl_init_fill, buffer_.size() - buffer_ssl_init_fill),
+        boost::asio::socket_base::message_peek,
+        strand_.wrap(
+          boost::bind(&connection<t_protocol_handler>::handle_receive, connection<t_protocol_handler>::shared_from_this(),
+            boost::asio::placeholders::error,
+            boost::asio::placeholders::bytes_transferred)));
+      return;
+    }
+
+    // detect SSL
+    if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
+    {
+      if (is_ssl((const unsigned char*)buffer_.data(), buffer_ssl_init_fill))
+      {
+        MDEBUG("That looks like SSL");
+        m_ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_enabled; // read/write to the SSL socket
+      }
+      else
+      {
+        MDEBUG("That does not look like SSL");
+        m_ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_disabled; // read/write to the raw socket
+      }
+    }
+
+    if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled)
+    {
+      // Handshake
+      if (!handshake(boost::asio::ssl::stream_base::server))
+      {
+        MERROR("SSL handshake failed");
+        boost::interprocess::ipcdetail::atomic_write32(&m_want_close_connection, 1);
+        bool do_shutdown = false;
+        CRITICAL_REGION_BEGIN(m_send_que_lock);
+        if(!m_send_que.size())
+          do_shutdown = true;
+        CRITICAL_REGION_END();
+        if(do_shutdown)
+          shutdown();
+        return;
+      }
+    }
+
+    async_read_some(boost::asio::buffer(buffer_),
+      strand_.wrap(
+        boost::bind(&connection<t_protocol_handler>::handle_read, connection<t_protocol_handler>::shared_from_this(),
+          boost::asio::placeholders::error,
+          boost::asio::placeholders::bytes_transferred)));
+
+    // If an error occurs then no new asynchronous operations are started. This
+    // means that all shared_ptr references to the connection object will
+    // disappear and the object will be destroyed automatically after this
+    // handler returns. The connection class's destructor closes the socket.
+    CATCH_ENTRY_L0("connection<t_protocol_handler>::handle_receive", void());
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
   bool connection<t_protocol_handler>::call_run_once_service_io()
   {
     TRY_ENTRY();
     if(!m_is_multithreaded)
     {
       //single thread model, we can wait in blocked call
-      size_t cnt = socket_.get_io_service().run_one();
+      size_t cnt = GET_IO_SERVICE(socket()).run_one();
       if(!cnt)//service is going to quit
         return false;
     }else
@@ -391,7 +500,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
       //if no handlers were called
       //TODO: Maybe we need to have have critical section + event + callback to upper protocol to
       //ask it inside(!) critical region if we still able to go in event wait...
-      size_t cnt = socket_.get_io_service().poll_one();     
+      size_t cnt = GET_IO_SERVICE(socket()).poll_one();
       if(!cnt)
         misc_utils::sleep_no_w(1);
     }
@@ -497,9 +606,10 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 		CRITICAL_REGION_LOCAL(m_throttle_speed_out_mutex);
 		m_throttle_speed_out.handle_trafic_exact(cb);
 		context.m_current_speed_up = m_throttle_speed_out.get_current_speed();
+		context.m_max_speed_up = std::max(context.m_max_speed_up, context.m_current_speed_up);
 	}
 
-    //_info("[sock " << socket_.native_handle() << "] SEND " << cb);
+    //_info("[sock " << socket().native_handle() << "] SEND " << cb);
     context.m_last_send = time(NULL);
     context.m_send_cnt += cb;
     //some data should be wrote to stream
@@ -544,7 +654,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
         MDEBUG("do_send_chunk() NOW just queues: packet="<<size_now<<" B, is added to queue-size="<<m_send_que.size());
         //do_send_handler_delayed( ptr , size_now ); // (((H))) // empty function
       
-      LOG_TRACE_CC(context, "[sock " << socket_.native_handle() << "] Async send requested " << m_send_que.front().size());
+      LOG_TRACE_CC(context, "[sock " << socket().native_handle() << "] Async send requested " << m_send_que.front().size());
     }
     else
     { // no active operation
@@ -562,14 +672,14 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 
         CHECK_AND_ASSERT_MES( size_now == m_send_que.front().size(), false, "Unexpected queue size");
         reset_timer(get_default_timeout(), false);
-        boost::asio::async_write(socket_, boost::asio::buffer(m_send_que.front().data(), size_now ) ,
-                                 //strand_.wrap(
+            async_write(boost::asio::buffer(m_send_que.front().data(), size_now ) ,
+                                 strand_.wrap(
                                  boost::bind(&connection<t_protocol_handler>::handle_write, self, _1, _2)
-                                 //)
+                                 )
                                  );
         //_dbg3("(chunk): " << size_now);
         //logger_handle_net_write(size_now);
-        //_info("[sock " << socket_.native_handle() << "] Async send requested " << m_send_que.front().size());
+        //_info("[sock " << socket().native_handle() << "] Async send requested " << m_send_que.front().size());
     }
     
     //do_send_handler_stop( ptr , cb ); // empty function
@@ -584,7 +694,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   {
     unsigned count;
     try { count = host_count(m_host); } catch (...) { count = 0; }
-    const unsigned shift = std::min(std::max(count, 1u) - 1, 8u);
+    const unsigned shift = get_state().sock_count > AGGRESSIVE_TIMEOUT_THRESHOLD ? std::min(std::max(count, 1u) - 1, 8u) : 0;
     boost::posix_time::milliseconds timeout(0);
     if (m_local)
       timeout = boost::posix_time::milliseconds(DEFAULT_TIMEOUT_MS_LOCAL >> shift);
@@ -623,8 +733,6 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   template<class t_protocol_handler>
   void connection<t_protocol_handler>::reset_timer(boost::posix_time::milliseconds ms, bool add)
   {
-    if (m_connection_type != e_connection_type_RPC)
-      return;
     MTRACE("Setting " << ms << " expiry");
     auto self = safe_shared_from_this();
     if(!self)
@@ -654,7 +762,13 @@ PRAGMA_WARNING_DISABLE_VS(4355)
     // Initiate graceful connection closure.
     m_timer.cancel();
     boost::system::error_code ignored_ec;
-    socket_.shutdown(boost::asio::ip::tcp::socket::shutdown_both, ignored_ec);
+    if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled)
+    {
+      const shared_state &state = static_cast<const shared_state&>(get_state());
+      if (!state.stop_signal_sent)
+        socket_.shutdown(ignored_ec);
+    }
+    socket().shutdown(boost::asio::ip::tcp::socket::shutdown_both, ignored_ec);
     if (!m_host.empty())
     {
       try { host_count(m_host, -1); } catch (...) { /* ignore */ }
@@ -672,7 +786,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
     auto self = safe_shared_from_this();
     if(!self)
       return false;
-    //_info("[sock " << socket_.native_handle() << "] Que Shutdown called.");
+    //_info("[sock " << socket().native_handle() << "] Que Shutdown called.");
     m_timer.cancel();
     size_t send_que_size = 0;
     CRITICAL_REGION_BEGIN(m_send_que_lock);
@@ -707,11 +821,11 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   void connection<t_protocol_handler>::handle_write(const boost::system::error_code& e, size_t cb)
   {
     TRY_ENTRY();
-    LOG_TRACE_CC(context, "[sock " << socket_.native_handle() << "] Async send calledback " << cb);
+    LOG_TRACE_CC(context, "[sock " << socket().native_handle() << "] Async send calledback " << cb);
 
     if (e)
     {
-      _dbg1("[sock " << socket_.native_handle() << "] Some problems at write: " << e.message() << ':' << e.value());
+      _dbg1("[sock " << socket().native_handle() << "] Some problems at write: " << e.message() << ':' << e.value());
       shutdown();
       return;
     }
@@ -726,7 +840,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
     CRITICAL_REGION_BEGIN(m_send_que_lock);
     if(m_send_que.empty())
     {
-      _erro("[sock " << socket_.native_handle() << "] m_send_que.size() == 0 at handle_write!");
+      _erro("[sock " << socket().native_handle() << "] m_send_que.size() == 0 at handle_write!");
       return;
     }
 
@@ -746,11 +860,11 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 		if (speed_limit_is_enabled())
 			do_send_handler_write_from_queue(e, m_send_que.front().size() , m_send_que.size()); // (((H)))
 		CHECK_AND_ASSERT_MES( size_now == m_send_que.front().size(), void(), "Unexpected queue size");
-		boost::asio::async_write(socket_, boost::asio::buffer(m_send_que.front().data(), size_now) , 
-        // strand_.wrap(
-          boost::bind(&connection<t_protocol_handler>::handle_write, connection<t_protocol_handler>::shared_from_this(), _1, _2)
-				// )
-        );
+		  async_write(boost::asio::buffer(m_send_que.front().data(), size_now) , 
+           strand_.wrap(
+            boost::bind(&connection<t_protocol_handler>::handle_write, connection<t_protocol_handler>::shared_from_this(), _1, _2)
+			  )
+          );
       //_dbg3("(normal)" << size_now);
     }
     CRITICAL_REGION_END();
@@ -782,12 +896,14 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 
   template<class t_protocol_handler>
   boosted_tcp_server<t_protocol_handler>::boosted_tcp_server( t_connection_type connection_type ) :
-    m_io_service_local_instance(new boost::asio::io_service()),
-    io_service_(*m_io_service_local_instance.get()),
+    m_state(boost::make_shared<typename connection<t_protocol_handler>::shared_state>()),
+    m_io_service_local_instance(new worker()),
+    io_service_(m_io_service_local_instance->io_service),
     acceptor_(io_service_),
+    default_remote(),
     m_stop_signal_sent(false), m_port(0), 
-	m_sock_count(0), m_sock_number(0), m_threads_count(0), 
-	m_pfilter(NULL), m_thread_index(0),
+    m_threads_count(0),
+    m_thread_index(0),
 		m_connection_type( connection_type ),
     new_connection_()
   {
@@ -797,11 +913,13 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 
   template<class t_protocol_handler>
   boosted_tcp_server<t_protocol_handler>::boosted_tcp_server(boost::asio::io_service& extarnal_io_service, t_connection_type connection_type) :
+    m_state(boost::make_shared<typename connection<t_protocol_handler>::shared_state>()),
     io_service_(extarnal_io_service),
     acceptor_(io_service_),
-    m_stop_signal_sent(false), m_port(0), 
-		m_sock_count(0), m_sock_number(0), m_threads_count(0), 
-		m_pfilter(NULL), m_thread_index(0),
+    default_remote(),
+    m_stop_signal_sent(false), m_port(0),
+    m_threads_count(0),
+    m_thread_index(0),
 		m_connection_type(connection_type),
     new_connection_()
   {
@@ -825,12 +943,14 @@ PRAGMA_WARNING_DISABLE_VS(4355)
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
-  bool boosted_tcp_server<t_protocol_handler>::init_server(uint32_t port, const std::string address)
+  bool boosted_tcp_server<t_protocol_handler>::init_server(uint32_t port, const std::string address, ssl_options_t ssl_options)
   {
     TRY_ENTRY();
     m_stop_signal_sent = false;
     m_port = port;
     m_address = address;
+    if (ssl_options)
+      m_state->configure_ssl(std::move(ssl_options));
     // Open the acceptor with the option to reuse the address (i.e. SO_REUSEADDR).
     boost::asio::ip::tcp::resolver resolver(io_service_);
     boost::asio::ip::tcp::resolver::query query(address, boost::lexical_cast<std::string>(port), boost::asio::ip::tcp::resolver::query::canonical_name);
@@ -842,7 +962,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
     boost::asio::ip::tcp::endpoint binded_endpoint = acceptor_.local_endpoint();
     m_port = binded_endpoint.port();
     MDEBUG("start accept");
-    new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, m_connection_type));
+    new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, m_state->ssl_options().support));
     acceptor_.async_accept(new_connection_->socket(),
       boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept, this,
       boost::asio::placeholders::error));
@@ -864,7 +984,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 PUSH_WARNINGS
 DISABLE_GCC_WARNING(maybe-uninitialized)
   template<class t_protocol_handler>
-  bool boosted_tcp_server<t_protocol_handler>::init_server(const std::string port, const std::string& address) 
+  bool boosted_tcp_server<t_protocol_handler>::init_server(const std::string port, const std::string& address, ssl_options_t ssl_options)
   {
     uint32_t p = 0;
 
@@ -872,7 +992,7 @@ DISABLE_GCC_WARNING(maybe-uninitialized)
       MERROR("Failed to convert port no = " << port);
       return false;
     }
-    return this->init_server(p, address);
+    return this->init_server(p, address, std::move(ssl_options));
   }
 POP_WARNINGS
   //---------------------------------------------------------------------------------
@@ -889,9 +1009,8 @@ POP_WARNINGS
     {
       try
       {
-        size_t cnt = io_service_.run();
-        if (cnt == 0)
-          misc_utils::sleep_no_w(1);
+        io_service_.run();
+        return true;
       }
       catch(const std::exception& ex)
       {
@@ -920,7 +1039,8 @@ POP_WARNINGS
   template<class t_protocol_handler>
   void boosted_tcp_server<t_protocol_handler>::set_connection_filter(i_connection_filter* pfilter)
   {
-    m_pfilter = pfilter;
+    assert(m_state != nullptr); // always set in constructor
+    m_state->pfilter = pfilter;
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
@@ -1015,6 +1135,8 @@ POP_WARNINGS
   void boosted_tcp_server<t_protocol_handler>::send_stop_signal()
   {
     m_stop_signal_sent = true;
+    typename connection<t_protocol_handler>::shared_state *state = static_cast<typename connection<t_protocol_handler>::shared_state*>(m_state.get());
+    state->stop_signal_sent = true;
     TRY_ENTRY();
     connections_mutex.lock();
     for (auto &c: connections_)
@@ -1028,12 +1150,6 @@ POP_WARNINGS
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
-  bool boosted_tcp_server<t_protocol_handler>::is_stop_signal_sent()
-  {
-    return m_stop_signal_sent;
-  }
-  //---------------------------------------------------------------------------------
-  template<class t_protocol_handler>
   void boosted_tcp_server<t_protocol_handler>::handle_accept(const boost::system::error_code& e)
   {
     MDEBUG("handle_accept");
@@ -1042,11 +1158,18 @@ POP_WARNINGS
     if (!e)
     {
 		if (m_connection_type == e_connection_type_RPC) {
-			MDEBUG("New server for RPC connections");
+			const char *ssl_message = "unknown";
+			switch (new_connection_->get_ssl_support())
+			{
+				case epee::net_utils::ssl_support_t::e_ssl_support_disabled: ssl_message = "disabled"; break;
+				case epee::net_utils::ssl_support_t::e_ssl_support_enabled: ssl_message = "enabled"; break;
+				case epee::net_utils::ssl_support_t::e_ssl_support_autodetect: ssl_message = "autodetection"; break;
+			}
+			MDEBUG("New server for RPC connections, SSL " << ssl_message);
 			new_connection_->setRpcStation(); // hopefully this is not needed actually
 		}
 		connection_ptr conn(std::move(new_connection_));
-      new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, m_connection_type));
+      new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, conn->get_ssl_support()));
       acceptor_.async_accept(new_connection_->socket(),
         boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept, this,
         boost::asio::placeholders::error));
@@ -1054,7 +1177,16 @@ POP_WARNINGS
       boost::asio::socket_base::keep_alive opt(true);
       conn->socket().set_option(opt);
 
-      conn->start(true, 1 < m_threads_count);
+      bool res;
+      if (default_remote.get_type_id() == net_utils::address_type::invalid)
+        res = conn->start(true, 1 < m_threads_count);
+      else
+        res = conn->start(true, 1 < m_threads_count, default_remote);
+      if (!res)
+      {
+        conn->cancel();
+        return;
+      }
       conn->save_dbg_log();
       return;
     }
@@ -1069,43 +1201,40 @@ POP_WARNINGS
     }
 
     // error path, if e or exception
-    _erro("Some problems at accept: " << e.message() << ", connections_count = " << m_sock_count);
+    assert(m_state != nullptr); // always set in constructor
+    _erro("Some problems at accept: " << e.message() << ", connections_count = " << m_state->sock_count);
     misc_utils::sleep_no_w(100);
-    new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, m_connection_type));
+    new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, new_connection_->get_ssl_support()));
     acceptor_.async_accept(new_connection_->socket(),
       boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept, this,
       boost::asio::placeholders::error));
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler>
-  bool boosted_tcp_server<t_protocol_handler>::connect(const std::string& adr, const std::string& port, uint32_t conn_timeout, t_connection_context& conn_context, const std::string& bind_ip)
+  bool boosted_tcp_server<t_protocol_handler>::add_connection(t_connection_context& out, boost::asio::ip::tcp::socket&& sock, network_address real_remote, epee::net_utils::ssl_support_t ssl_support)
+  {
+    if(std::addressof(get_io_service()) == std::addressof(GET_IO_SERVICE(sock)))
+    {
+      connection_ptr conn(new connection<t_protocol_handler>(std::move(sock), m_state, m_connection_type, ssl_support));
+      if(conn->start(false, 1 < m_threads_count, std::move(real_remote)))
+      {
+        conn->get_context(out);
+        conn->save_dbg_log();
+        return true;
+      }
+    }
+    else
+    {
+	MWARNING(out << " was not added, socket/io_service mismatch");
+    }
+    return false;
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
+  typename boosted_tcp_server<t_protocol_handler>::try_connect_result_t boosted_tcp_server<t_protocol_handler>::try_connect(connection_ptr new_connection_l, const std::string& adr, const std::string& port, boost::asio::ip::tcp::socket &sock_, const boost::asio::ip::tcp::endpoint &remote_endpoint, const std::string &bind_ip, uint32_t conn_timeout, epee::net_utils::ssl_support_t ssl_support)
   {
     TRY_ENTRY();
 
-    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, m_connection_type) );
-    connections_mutex.lock();
-    connections_.insert(new_connection_l);
-    MDEBUG("connections_ size now " << connections_.size());
-    connections_mutex.unlock();
-    epee::misc_utils::auto_scope_leave_caller scope_exit_handler = epee::misc_utils::create_scope_leave_handler([&](){ CRITICAL_REGION_LOCAL(connections_mutex); connections_.erase(new_connection_l); });
-    boost::asio::ip::tcp::socket&  sock_ = new_connection_l->socket();
-    
-    //////////////////////////////////////////////////////////////////////////
-    boost::asio::ip::tcp::resolver resolver(io_service_);
-    boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
-    boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);
-    boost::asio::ip::tcp::resolver::iterator end;
-    if(iterator == end)
-    {
-      _erro("Failed to resolve " << adr);
-      return false;
-    }
-    //////////////////////////////////////////////////////////////////////////
-
-
-    //boost::asio::ip::tcp::endpoint remote_endpoint(boost::asio::ip::address::from_string(addr.c_str()), port);
-    boost::asio::ip::tcp::endpoint remote_endpoint(*iterator);
-     
     sock_.open(remote_endpoint.protocol());
     if(bind_ip != "0.0.0.0" && bind_ip != "0" && bind_ip != "" )
     {
@@ -1117,7 +1246,7 @@ POP_WARNINGS
         MERROR("Error binding to " << bind_ip << ": " << ec.message());
         if (sock_.is_open())
           sock_.close();
-        return false;
+        return CONNECT_FAILURE;
       }
     }
 
@@ -1151,14 +1280,14 @@ POP_WARNINGS
       {
         if (sock_.is_open())
           sock_.close();
-        return false;
+        return CONNECT_FAILURE;
       }
       if(local_shared_context->ec == boost::asio::error::would_block && !r)
       {
         //timeout
         sock_.close();
         _dbg3("Failed to connect to " << adr << ":" << port << ", because of timeout (" << conn_timeout << ")");
-        return false;
+        return CONNECT_FAILURE;
       }
     }
     ec = local_shared_context->ec;
@@ -1168,11 +1297,79 @@ POP_WARNINGS
       _dbg3("Some problems at connect, message: " << ec.message());
       if (sock_.is_open())
         sock_.close();
-      return false;
+      return CONNECT_FAILURE;
     }
 
     _dbg3("Connected success to " << adr << ':' << port);
 
+    const ssl_support_t ssl_support = new_connection_l->get_ssl_support();
+    if (ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
+    {
+      // Handshake
+      MDEBUG("Handshaking SSL...");
+      if (!new_connection_l->handshake(boost::asio::ssl::stream_base::client))
+      {
+        if (ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
+        {
+          boost::system::error_code ignored_ec;
+          sock_.shutdown(boost::asio::ip::tcp::socket::shutdown_both, ignored_ec);
+          sock_.close();
+          return CONNECT_NO_SSL;
+        }
+        MERROR("SSL handshake failed");
+        if (sock_.is_open())
+          sock_.close();
+        return CONNECT_FAILURE;
+      }
+    }
+
+    return CONNECT_SUCCESS;
+
+    CATCH_ENTRY_L0("boosted_tcp_server<t_protocol_handler>::try_connect", CONNECT_FAILURE);
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
+  bool boosted_tcp_server<t_protocol_handler>::connect(const std::string& adr, const std::string& port, uint32_t conn_timeout, t_connection_context& conn_context, const std::string& bind_ip, epee::net_utils::ssl_support_t ssl_support)
+  {
+    TRY_ENTRY();
+
+    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, ssl_support) );
+    connections_mutex.lock();
+    connections_.insert(new_connection_l);
+    MDEBUG("connections_ size now " << connections_.size());
+    connections_mutex.unlock();
+    epee::misc_utils::auto_scope_leave_caller scope_exit_handler = epee::misc_utils::create_scope_leave_handler([&](){ CRITICAL_REGION_LOCAL(connections_mutex); connections_.erase(new_connection_l); });
+    boost::asio::ip::tcp::socket&  sock_ = new_connection_l->socket();
+
+    //////////////////////////////////////////////////////////////////////////
+    boost::asio::ip::tcp::resolver resolver(io_service_);
+    boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+    boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);
+    boost::asio::ip::tcp::resolver::iterator end;
+    if(iterator == end)
+    {
+      _erro("Failed to resolve " << adr);
+      return false;
+    }
+    //////////////////////////////////////////////////////////////////////////
+
+
+    //boost::asio::ip::tcp::endpoint remote_endpoint(boost::asio::ip::address::from_string(addr.c_str()), port);
+    boost::asio::ip::tcp::endpoint remote_endpoint(*iterator);
+
+    auto try_connect_result = try_connect(new_connection_l, adr, port, sock_, remote_endpoint, bind_ip, conn_timeout, ssl_support);
+    if (try_connect_result == CONNECT_FAILURE)
+      return false;
+    if (ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect && try_connect_result == CONNECT_NO_SSL)
+    {
+      // we connected, but could not connect with SSL, try without
+      MERROR("SSL handshake failed on an autodetect connection, reconnecting without SSL");
+      new_connection_l->disable_ssl();
+      try_connect_result = try_connect(new_connection_l, adr, port, sock_, remote_endpoint, bind_ip, conn_timeout, epee::net_utils::ssl_support_t::e_ssl_support_disabled);
+      if (try_connect_result != CONNECT_SUCCESS)
+        return false;
+    }
+
     // start adds the connection to the config object's list, so we don't need to have it locally anymore
     connections_mutex.lock();
     connections_.erase(new_connection_l);
@@ -1185,7 +1382,8 @@ POP_WARNINGS
     }
     else
     {
-      _erro("[sock " << new_connection_l->socket().native_handle() << "] Failed to start connection, connections_count = " << m_sock_count);
+      assert(m_state != nullptr); // always set in constructor
+      _erro("[sock " << new_connection_l->socket().native_handle() << "] Failed to start connection, connections_count = " << m_state->sock_count);
     }
     
 	new_connection_l->save_dbg_log();
@@ -1196,10 +1394,10 @@ POP_WARNINGS
   }
   //---------------------------------------------------------------------------------
   template<class t_protocol_handler> template<class t_callback>
-  bool boosted_tcp_server<t_protocol_handler>::connect_async(const std::string& adr, const std::string& port, uint32_t conn_timeout, const t_callback &cb, const std::string& bind_ip)
+  bool boosted_tcp_server<t_protocol_handler>::connect_async(const std::string& adr, const std::string& port, uint32_t conn_timeout, const t_callback &cb, const std::string& bind_ip, epee::net_utils::ssl_support_t ssl_support)
   {
     TRY_ENTRY();    
-    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, m_connection_type) );
+    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, ssl_support) );
     connections_mutex.lock();
     connections_.insert(new_connection_l);
     MDEBUG("connections_ size now " << connections_.size());

contrib/epee/include/net/connection_basic.hpp

@@ -47,8 +47,10 @@
 #include <memory>
 
 #include <boost/asio.hpp>
+#include <boost/asio/ssl.hpp>
 
 #include "net/net_utils_base.h"
+#include "net/net_ssl.h"
 #include "syncobj.h"
 
 namespace epee
@@ -56,6 +58,30 @@ namespace epee
 namespace net_utils
 {
 
+	class connection_basic_shared_state
+	{
+		ssl_options_t ssl_options_;
+	public:
+		boost::asio::ssl::context ssl_context;
+		std::atomic<long> sock_count;
+		std::atomic<long> sock_number;
+
+		connection_basic_shared_state()
+		  : ssl_options_(ssl_support_t::e_ssl_support_disabled),
+		    ssl_context(boost::asio::ssl::context::tlsv12),
+		    sock_count(0),
+		    sock_number(0)
+		{}
+
+		void configure_ssl(ssl_options_t src)
+		{
+			ssl_options_ = std::move(src);
+			ssl_context = ssl_options_.create_context();
+		}
+
+		const ssl_options_t& ssl_options() const noexcept { return ssl_options_; }
+	};
+
   /************************************************************************/
   /*                                                                      */
   /************************************************************************/
@@ -72,7 +98,10 @@ class connection_basic_pimpl; // PIMPL for this class
   std::string to_string(t_connection_type type);
 
 class connection_basic { // not-templated base class for rapid developmet of some code parts
+		// beware of removing const, net_utils::connection is sketchily doing a cast to prevent storing ptr twice
+		const boost::shared_ptr<connection_basic_shared_state> m_state;
 	public:
+
 		std::unique_ptr< connection_basic_pimpl > mI; // my Implementation
 
 		// moved here from orginal connecton<> - common member variables that do not depend on template in connection<>
@@ -84,15 +113,57 @@ class connection_basic { // not-templated base class for rapid developmet of som
     /// Strand to ensure the connection's handlers are not called concurrently.
     boost::asio::io_service::strand strand_;
     /// Socket for the connection.
-    boost::asio::ip::tcp::socket socket_;
+    boost::asio::ssl::stream<boost::asio::ip::tcp::socket> socket_;
+    ssl_support_t m_ssl_support;
 
-		std::atomic<long> &m_ref_sock_count; // reference to external counter of existing sockets that we will ++/--
 	public:
 		// first counter is the ++/-- count of current sockets, the other socket_number is only-increasing ++ number generator
-		connection_basic(boost::asio::io_service& io_service, std::atomic<long> &ref_sock_count, std::atomic<long> &sock_number);
+		connection_basic(boost::asio::ip::tcp::socket&& socket, boost::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
+		connection_basic(boost::asio::io_service &io_service, boost::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
 
 		virtual ~connection_basic() noexcept(false);
 
+                //! \return `shared_state` object passed in construction (ptr never changes).
+		connection_basic_shared_state& get_state() noexcept { return *m_state; /* verified in constructor */ }
+		connection_basic(boost::asio::io_service& io_service, std::atomic<long> &ref_sock_count, std::atomic<long> &sock_number, ssl_support_t ssl);
+
+		boost::asio::ip::tcp::socket& socket() { return socket_.next_layer(); }
+		ssl_support_t get_ssl_support() const { return m_ssl_support; }
+		void disable_ssl() { m_ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_disabled; }
+
+		bool handshake(boost::asio::ssl::stream_base::handshake_type type)
+		{
+			//m_state != nullptr verified in constructor
+			return m_state->ssl_options().handshake(socket_, type);
+		}
+
+		template<typename MutableBufferSequence, typename ReadHandler>
+		void async_read_some(const MutableBufferSequence &buffers, ReadHandler &&handler)
+		{
+			if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled)
+				socket_.async_read_some(buffers, std::forward<ReadHandler>(handler));
+			else
+				socket().async_read_some(buffers, std::forward<ReadHandler>(handler));
+		}
+
+		template<typename ConstBufferSequence, typename WriteHandler>
+		void async_write_some(const ConstBufferSequence &buffers, WriteHandler &&handler)
+		{
+			if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled)
+				socket_.async_write_some(buffers, std::forward<WriteHandler>(handler));
+			else
+				socket().async_write_some(buffers, std::forward<WriteHandler>(handler));
+		}
+
+		template<typename ConstBufferSequence, typename WriteHandler>
+		void async_write(const ConstBufferSequence &buffers, WriteHandler &&handler)
+		{
+			if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled)
+				boost::asio::async_write(socket_, buffers, std::forward<WriteHandler>(handler));
+			else
+				boost::asio::async_write(socket(), buffers, std::forward<WriteHandler>(handler));
+		}
+
 		// various handlers to be called from connection class:
 		void do_send_handler_write(const void * ptr , size_t cb);
 		void do_send_handler_write_from_queue(const boost::system::error_code& e, size_t cb , int q_len); // from handle_write, sending next part

contrib/epee/include/net/enums.h

@@ -0,0 +1,65 @@
+// Copyright (c) 2018, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#pragma once
+
+#include <boost/utility/string_ref.hpp>
+#include <cstdint>
+
+namespace epee
+{
+namespace net_utils
+{
+	enum class address_type : std::uint8_t
+	{
+		// Do not change values, this will break serialization
+		invalid = 0,
+		ipv4 = 1,
+		ipv6 = 2,
+		i2p = 3,
+		tor = 4
+	};
+
+	enum class zone : std::uint8_t
+	{
+		invalid = 0,
+		public_ = 1, // public is keyword
+		i2p = 2,
+		tor = 3
+	};
+
+	// implementations in src/net_utils_base.cpp
+
+	//! \return String name of zone or "invalid" on error.
+	const char* zone_to_string(zone value) noexcept;
+
+	//! \return `zone` enum of `value` or `zone::invalid` on error.
+	zone zone_from_string(boost::string_ref value) noexcept;
+} // net_utils
+} // epee
+

contrib/epee/include/net/http_client.h

@@ -274,8 +274,8 @@ namespace net_utils
 			reciev_machine_state m_state;
 			chunked_state m_chunked_state;
 			std::string m_chunked_cache;
+			bool m_auto_connect;
 			critical_section m_lock;
-			bool m_ssl;
 
 		public:
 			explicit http_simple_client_template()
@@ -292,36 +292,48 @@ namespace net_utils
 				, m_state()
 				, m_chunked_state()
 				, m_chunked_cache()
+				, m_auto_connect(true)
 				, m_lock()
-				, m_ssl(false)
 			{}
 
 			const std::string &get_host() const { return m_host_buff; };
 			const std::string &get_port() const { return m_port; };
 
-			bool set_server(const std::string& address, boost::optional<login> user, bool ssl = false)
+			bool set_server(const std::string& address, boost::optional<login> user, ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect)
 			{
 				http::url_content parsed{};
 				const bool r = parse_url(address, parsed);
 				CHECK_AND_ASSERT_MES(r, false, "failed to parse url: " << address);
-				set_server(std::move(parsed.host), std::to_string(parsed.port), std::move(user), ssl);
+				set_server(std::move(parsed.host), std::to_string(parsed.port), std::move(user), std::move(ssl_options));
 				return true;
 			}
 
-			void set_server(std::string host, std::string port, boost::optional<login> user, bool ssl = false)
+			void set_server(std::string host, std::string port, boost::optional<login> user, ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect)
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
 				disconnect();
 				m_host_buff = std::move(host);
 				m_port = std::move(port);
                                 m_auth = user ? http_client_auth{std::move(*user)} : http_client_auth{};
-				m_ssl = ssl;
+				m_net_client.set_ssl(std::move(ssl_options));
+			}
+
+			void set_auto_connect(bool auto_connect)
+			{
+				m_auto_connect = auto_connect;
+			}
+
+			template<typename F>
+			void set_connector(F connector)
+			{
+				CRITICAL_REGION_LOCAL(m_lock);
+				m_net_client.set_connector(std::move(connector));
 			}
 
       bool connect(std::chrono::milliseconds timeout)
       {
         CRITICAL_REGION_LOCAL(m_lock);
-        return m_net_client.connect(m_host_buff, m_port, timeout, m_ssl);
+        return m_net_client.connect(m_host_buff, m_port, timeout);
       }
 			//---------------------------------------------------------------------------
 			bool disconnect()
@@ -330,10 +342,10 @@ namespace net_utils
 				return m_net_client.disconnect();
 			}
 			//---------------------------------------------------------------------------
-			bool is_connected()
+			bool is_connected(bool *ssl = NULL)
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
-				return m_net_client.is_connected();
+				return m_net_client.is_connected(ssl);
 			}
 			//---------------------------------------------------------------------------
 			virtual bool handle_target_data(std::string& piece_of_transfer)
@@ -362,6 +374,11 @@ namespace net_utils
 				CRITICAL_REGION_LOCAL(m_lock);
 				if(!is_connected())
 				{
+					if (!m_auto_connect)
+					{
+						MWARNING("Auto connect attempt to " << m_host_buff << ":" << m_port << " disabled");
+						return false;
+					}
 					MDEBUG("Reconnecting...");
 					if(!connect(timeout))
 					{
@@ -439,6 +456,16 @@ namespace net_utils
 				return handle_reciev(timeout);
 			}
 			//---------------------------------------------------------------------------
+			uint64_t get_bytes_sent() const
+			{
+				return m_net_client.get_bytes_sent();
+			}
+			//---------------------------------------------------------------------------
+			uint64_t get_bytes_received() const
+			{
+				return m_net_client.get_bytes_received();
+			}
+			//---------------------------------------------------------------------------
 		private: 
 			//---------------------------------------------------------------------------
 			inline bool handle_reciev(std::chrono::milliseconds timeout)
@@ -825,21 +852,21 @@ namespace net_utils
 				const char *ptr = m_header_cache.c_str();
 				CHECK_AND_ASSERT_MES(!memcmp(ptr, "HTTP/", 5), false, "Invalid first response line: " + m_header_cache);
 				ptr += 5;
-				CHECK_AND_ASSERT_MES(isdigit(*ptr), false, "Invalid first response line: " + m_header_cache);
+				CHECK_AND_ASSERT_MES(epee::misc_utils::parse::isdigit(*ptr), false, "Invalid first response line: " + m_header_cache);
 				unsigned long ul;
 				char *end;
 				ul = strtoul(ptr, &end, 10);
 				CHECK_AND_ASSERT_MES(ul <= INT_MAX && *end =='.', false, "Invalid first response line: " + m_header_cache);
 				m_response_info.m_http_ver_hi = ul;
 				ptr = end + 1;
-				CHECK_AND_ASSERT_MES(isdigit(*ptr), false, "Invalid first response line: " + m_header_cache + ", ptr: " << ptr);
+				CHECK_AND_ASSERT_MES(epee::misc_utils::parse::isdigit(*ptr), false, "Invalid first response line: " + m_header_cache + ", ptr: " << ptr);
 				ul = strtoul(ptr, &end, 10);
 				CHECK_AND_ASSERT_MES(ul <= INT_MAX && isblank(*end), false, "Invalid first response line: " + m_header_cache + ", ptr: " << ptr);
 				m_response_info.m_http_ver_lo = ul;
 				ptr = end + 1;
 				while (isblank(*ptr))
 					++ptr;
-				CHECK_AND_ASSERT_MES(isdigit(*ptr), false, "Invalid first response line: " + m_header_cache);
+				CHECK_AND_ASSERT_MES(epee::misc_utils::parse::isdigit(*ptr), false, "Invalid first response line: " + m_header_cache);
 				ul = strtoul(ptr, &end, 10);
 				CHECK_AND_ASSERT_MES(ul >= 100 && ul <= 999 && isspace(*end), false, "Invalid first response line: " + m_header_cache);
 				m_response_info.m_response_code = ul;

contrib/epee/include/net/http_protocol_handler.inl

@@ -677,7 +677,7 @@ namespace net_utils
 
 		//add additional fields, if it is
 		for(fields_list::const_iterator it = response.m_additional_fields.begin(); it!=response.m_additional_fields.end(); it++)
-			buf += it->first + ":" + it->second + "\r\n";
+			buf += it->first + ": " + it->second + "\r\n";
 
 		buf+="\r\n";
 

contrib/epee/include/net/http_server_impl_base.h

@@ -58,7 +58,8 @@ namespace epee
 
     bool init(std::function<void(size_t, uint8_t*)> rng, const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0",
       std::vector<std::string> access_control_origins = std::vector<std::string>(),
-      boost::optional<net_utils::http::login> user = boost::none)
+      boost::optional<net_utils::http::login> user = boost::none,
+      net_utils::ssl_options_t ssl_options = net_utils::ssl_support_t::e_ssl_support_autodetect)
     {
 
       //set self as callback handler
@@ -75,7 +76,7 @@ namespace epee
       m_net_server.get_config_object().m_user = std::move(user);
 
       MGINFO("Binding on " << bind_ip << ":" << bind_port);
-      bool res = m_net_server.init_server(bind_port, bind_ip);
+      bool res = m_net_server.init_server(bind_port, bind_ip, std::move(ssl_options));
       if(!res)
       {
         LOG_ERROR("Failed to bind server");

contrib/epee/include/net/jsonrpc_structs.h

@@ -18,6 +18,8 @@ namespace epee
       epee::serialization::storage_entry id;
       t_param     params;
 
+      request(): id{}, params{} {}
+
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(jsonrpc)
         KV_SERIALIZE(id)
@@ -30,6 +32,9 @@ namespace epee
     {
       int64_t code;
       std::string message;
+
+      error(): code(0) {}
+
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(code)
         KV_SERIALIZE(message)
@@ -55,6 +60,9 @@ namespace epee
       t_param     result;
       epee::serialization::storage_entry id;
       t_error     error;
+
+      response(): result{}, id(), error{} {}
+
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(jsonrpc)
         KV_SERIALIZE(id)
@@ -69,6 +77,9 @@ namespace epee
       std::string jsonrpc;
       t_param     result;
       epee::serialization::storage_entry id;
+
+      response(): result{}, id{} {}
+
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(jsonrpc)
         KV_SERIALIZE(id)
@@ -82,6 +93,9 @@ namespace epee
       std::string jsonrpc;
       t_error     error;
       epee::serialization::storage_entry id;
+
+      response(): error{}, id{} {}
+
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(jsonrpc)
         KV_SERIALIZE(id)

contrib/epee/include/net/levin_protocol_handler_async.h

@@ -99,6 +99,8 @@ public:
   template<class callback_t>
   bool for_connection(const boost::uuids::uuid &connection_id, const callback_t &cb);
   size_t get_connections_count();
+  size_t get_out_connections_count();
+  size_t get_in_connections_count();
   void set_handler(levin_commands_handler<t_connection_context>* handler, void (*destroy)(levin_commands_handler<t_connection_context>*) = NULL);
 
   async_protocol_handler_config():m_pcommands_handler(NULL), m_pcommands_handler_destroy(NULL), m_max_packet_size(LEVIN_DEFAULT_MAX_PACKET_SIZE), m_invoke_timeout(LEVIN_DEFAULT_TIMEOUT_PRECONFIGURED)
@@ -266,7 +268,7 @@ public:
             m_pservice_endpoint(psnd_hndlr), 
             m_config(config), 
             m_connection_context(conn_context), 
-            m_cache_in_buffer(256 * 1024),
+            m_cache_in_buffer(4 * 1024),
             m_state(stream_state_head)
   {
     m_close_called = 0;
@@ -882,6 +884,28 @@ size_t async_protocol_handler_config<t_connection_context>::get_connections_coun
 }
 //------------------------------------------------------------------------------------------
 template<class t_connection_context>
+size_t async_protocol_handler_config<t_connection_context>::get_out_connections_count()
+{
+  CRITICAL_REGION_LOCAL(m_connects_lock);
+  size_t count = 0;
+  for (const auto &c: m_connects)
+    if (!c.second->m_connection_context.m_is_income)
+      ++count;
+  return count;
+}
+//------------------------------------------------------------------------------------------
+template<class t_connection_context>
+size_t async_protocol_handler_config<t_connection_context>::get_in_connections_count()
+{
+  CRITICAL_REGION_LOCAL(m_connects_lock);
+  size_t count = 0;
+  for (const auto &c: m_connects)
+    if (c.second->m_connection_context.m_is_income)
+      ++count;
+  return count;
+}
+//------------------------------------------------------------------------------------------
+template<class t_connection_context>
 void async_protocol_handler_config<t_connection_context>::set_handler(levin_commands_handler<t_connection_context>* handler, void (*destroy)(levin_commands_handler<t_connection_context>*))
 {
   if (m_pcommands_handler && m_pcommands_handler_destroy)

contrib/epee/include/net/net_fwd.h

@@ -0,0 +1,38 @@
+// Copyright (c) 2019, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#pragma once
+
+namespace epee
+{
+  namespace net_utils
+  {
+    struct ssl_authentication_t;
+    class ssl_options_t;
+  }
+}

contrib/epee/include/net/net_helper.h

@@ -33,13 +33,19 @@
 //#include <Ws2tcpip.h>
 #include <string>
 #include <boost/version.hpp>
-#include <boost/asio.hpp>
+#include <boost/asio/io_service.hpp>
+#include <boost/asio/ip/tcp.hpp>
+#include <boost/asio/read.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/asio/steady_timer.hpp>
+#include <boost/thread/future.hpp>
 #include <boost/lambda/bind.hpp>
 #include <boost/lambda/lambda.hpp>
 #include <boost/interprocess/detail/atomic.hpp>
+#include <boost/system/error_code.hpp>
+#include <functional>
 #include "net/net_utils_base.h"
+#include "net/net_ssl.h"
 #include "misc_language.h"
 
 #undef MONERO_DEFAULT_LOG_CATEGORY
@@ -54,9 +60,22 @@ namespace epee
 {
 namespace net_utils
 {
+	struct direct_connect
+	{
+		boost::unique_future<boost::asio::ip::tcp::socket>
+			operator()(const std::string& addr, const std::string& port, boost::asio::steady_timer&) const;
+	};
+
 
   class blocked_mode_client
 	{
+		enum try_connect_result_t
+		{
+			CONNECT_SUCCESS,
+			CONNECT_FAILURE,
+			CONNECT_NO_SSL,
+		};
+
 		
 		
 				struct handler_obj
@@ -77,31 +96,40 @@ namespace net_utils
 						ref_bytes_transferred = bytes_transferred;
 					}
 				};
-		
+
 	public:
 		inline
-			blocked_mode_client():m_initialized(false), 
-                            m_connected(false), 
-                            m_deadline(m_io_service), 
-                            m_shutdowned(0),
-                            m_ssl(false),
-                            m_ctx(boost::asio::ssl::context::sslv23),
-                            m_ssl_socket(m_io_service,m_ctx)
+			blocked_mode_client() :
+				m_io_service(),
+				m_ctx(boost::asio::ssl::context::tlsv12),
+				m_connector(direct_connect{}),
+				m_ssl_socket(new boost::asio::ssl::stream<boost::asio::ip::tcp::socket>(m_io_service, m_ctx)),
+				m_ssl_options(epee::net_utils::ssl_support_t::e_ssl_support_autodetect),
+				m_initialized(true),
+				m_connected(false),
+				m_deadline(m_io_service),
+				m_shutdowned(0),
+				m_bytes_sent(0),
+				m_bytes_received(0)
 		{
-			
-			
-			m_initialized = true;
-
-
-			// No deadline is required until the first socket operation is started. We
-			// set the deadline to positive infinity so that the actor takes no action
-			// until a specific deadline is set.
-			m_deadline.expires_at(std::chrono::steady_clock::time_point::max());
-
-			// Start the persistent actor that checks for deadline expiry.
-			check_deadline();
-
 		}
+
+		/*! The first/second parameters are host/port respectively. The third
+		    parameter is for setting the timeout callback - the timer is
+		    already set by the caller, the callee only needs to set the
+		    behavior.
+
+		    Additional asynchronous operations should be queued using the
+		    `io_service` from the timer. The implementation should assume
+		    multi-threaded I/O processing.
+
+		    If the callee cannot start an asynchronous operation, an exception
+		    should be thrown to signal an immediate failure.
+
+		    The return value is a future to a connected socket. Asynchronous
+		    failures should use the `set_exception` method. */
+		using connect_func = boost::unique_future<boost::asio::ip::tcp::socket>(const std::string&, const std::string&, boost::asio::steady_timer&);
+
 		inline
 			~blocked_mode_client()
 		{
@@ -110,86 +138,98 @@ namespace net_utils
 			catch(...) { /* ignore */ }
 		}
 
+		inline void set_ssl(ssl_options_t ssl_options)
+		{
+			if (ssl_options)
+				m_ctx = ssl_options.create_context();
+			else
+				m_ctx = boost::asio::ssl::context(boost::asio::ssl::context::tlsv12);
+			m_ssl_options = std::move(ssl_options);
+		}
+
     inline
-      bool connect(const std::string& addr, int port, std::chrono::milliseconds timeout, bool ssl = false, const std::string& bind_ip = "0.0.0.0")
+      bool connect(const std::string& addr, int port, std::chrono::milliseconds timeout)
     {
-      return connect(addr, std::to_string(port), timeout, ssl, bind_ip);
+      return connect(addr, std::to_string(port), timeout);
     }
 
     inline
-			bool connect(const std::string& addr, const std::string& port, std::chrono::milliseconds timeout, bool ssl = false, const std::string& bind_ip = "0.0.0.0")
+			try_connect_result_t try_connect(const std::string& addr, const std::string& port, std::chrono::milliseconds timeout, epee::net_utils::ssl_support_t ssl_support)
 		{
-      m_connected = false;
-      m_ssl = ssl;
-			try
-			{
-				m_ssl_socket.next_layer().close();
-
-				// Set SSL options
-				// disable sslv2
-				m_ctx.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2);
-				m_ctx.set_default_verify_paths();
-
-				// Get a list of endpoints corresponding to the server name.
-				
-
-				//////////////////////////////////////////////////////////////////////////
-
-				boost::asio::ip::tcp::resolver resolver(m_io_service);
-				boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), addr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
-				boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);
-				boost::asio::ip::tcp::resolver::iterator end;
-				if(iterator == end)
-				{
-					LOG_ERROR("Failed to resolve " << addr);
-					return false;
-				}
-
-				//////////////////////////////////////////////////////////////////////////
-
-
-				//boost::asio::ip::tcp::endpoint remote_endpoint(boost::asio::ip::address::from_string(addr.c_str()), port);
-				boost::asio::ip::tcp::endpoint remote_endpoint(*iterator);
-
-
-				m_ssl_socket.next_layer().open(remote_endpoint.protocol());
-				if(bind_ip != "0.0.0.0" && bind_ip != "0" && bind_ip != "" )
-				{
-					boost::asio::ip::tcp::endpoint local_endpoint(boost::asio::ip::address::from_string(addr.c_str()), 0);
-					m_ssl_socket.next_layer().bind(local_endpoint);
-				}
-
-				
 				m_deadline.expires_from_now(timeout);
+				boost::unique_future<boost::asio::ip::tcp::socket> connection = m_connector(addr, port, m_deadline);
+				for (;;)
+				{
+					m_io_service.reset();
+					m_io_service.run_one();
 
-
-				boost::system::error_code ec = boost::asio::error::would_block;
-
-				m_ssl_socket.next_layer().async_connect(remote_endpoint, boost::lambda::var(ec) = boost::lambda::_1);
-				while (ec == boost::asio::error::would_block)
-				{	
-					m_io_service.run_one(); 
+					if (connection.is_ready())
+						break;
 				}
-				
-				if (!ec && m_ssl_socket.next_layer().is_open())
+
+				m_ssl_socket->next_layer() = connection.get();
+				m_deadline.cancel();
+				if (m_ssl_socket->next_layer().is_open())
 				{
 					m_connected = true;
 					m_deadline.expires_at(std::chrono::steady_clock::time_point::max());
 					// SSL Options
-					if(m_ssl) {
-						// Disable verification of host certificate
-						m_ssl_socket.set_verify_mode(boost::asio::ssl::verify_peer);
-						// Handshake
-						m_ssl_socket.next_layer().set_option(boost::asio::ip::tcp::no_delay(true));
-						m_ssl_socket.handshake(boost::asio::ssl::stream_base::client);
+					if (ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
+					{
+						if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, addr))
+						{
+							if (ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
+							{
+								boost::system::error_code ignored_ec;
+								m_ssl_socket->next_layer().shutdown(boost::asio::ip::tcp::socket::shutdown_both, ignored_ec);
+								m_ssl_socket->next_layer().close();
+								m_connected = false;
+								return CONNECT_NO_SSL;
+							}
+							else
+							{
+								MWARNING("Failed to establish SSL connection");
+								m_connected = false;
+								return CONNECT_FAILURE;
+							}
+						}
 					}
-					return true;
+					return CONNECT_SUCCESS;
 				}else
 				{
-					MWARNING("Some problems at connect, message: " << ec.message());
-					return false;
+					MWARNING("Some problems at connect, expected open socket");
+					return CONNECT_FAILURE;
 				}
 
+		}
+
+    inline
+			bool connect(const std::string& addr, const std::string& port, std::chrono::milliseconds timeout)
+		{
+			m_connected = false;
+			try
+			{
+				m_ssl_socket->next_layer().close();
+
+				// Set SSL options
+				// disable sslv2
+				m_ssl_socket.reset(new boost::asio::ssl::stream<boost::asio::ip::tcp::socket>(m_io_service, m_ctx));
+
+				// Get a list of endpoints corresponding to the server name.
+
+				try_connect_result_t try_connect_result = try_connect(addr, port, timeout, m_ssl_options.support);
+				if (try_connect_result == CONNECT_FAILURE)
+					return false;
+				if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
+				{
+					if (try_connect_result == CONNECT_NO_SSL)
+					{
+						MERROR("SSL handshake failed on an autodetect connection, reconnecting without SSL");
+						m_ssl_options.support = epee::net_utils::ssl_support_t::e_ssl_support_disabled;
+						if (try_connect(addr, port, timeout, m_ssl_options.support) != CONNECT_SUCCESS)
+							return false;
+					}
+				}
 			}
 			catch(const boost::system::system_error& er)
 			{
@@ -204,6 +244,11 @@ namespace net_utils
 
 			return true;
 		}
+		//! Change the connection routine (proxy, etc.)
+		void set_connector(std::function<connect_func> connector)
+		{
+			m_connector = std::move(connector);
+		}
 
 		inline 
 		bool disconnect()
@@ -213,12 +258,11 @@ namespace net_utils
 				if(m_connected)
 				{
 					m_connected = false;
-					if(m_ssl)
+					if(m_ssl_options)
 						shutdown_ssl();
-					m_ssl_socket.next_layer().shutdown(boost::asio::ip::tcp::socket::shutdown_both);
+					m_ssl_socket->next_layer().shutdown(boost::asio::ip::tcp::socket::shutdown_both);
 				}
 			}
-			
 			catch(const boost::system::system_error& /*er*/)
 			{
 				//LOG_ERROR("Some problems at disconnect, message: " << er.what());
@@ -257,6 +301,7 @@ namespace net_utils
 				// Block until the asynchronous operation has completed.
 				while (ec == boost::asio::error::would_block)
 				{
+					m_io_service.reset();
 					m_io_service.run_one(); 
 				}
 
@@ -268,6 +313,7 @@ namespace net_utils
 				}else
 				{
 					m_deadline.expires_at(std::chrono::steady_clock::time_point::max());
+					m_bytes_sent += buff.size();
 				}
 			}
 
@@ -324,6 +370,7 @@ namespace net_utils
 				}else
 				{
 					m_deadline.expires_at(std::chrono::steady_clock::time_point::max());
+					m_bytes_sent += sz;
 				}
 			}
 
@@ -342,9 +389,13 @@ namespace net_utils
 			return true;
 		}
 
-		bool is_connected()
+		bool is_connected(bool *ssl = NULL)
 		{
-			return m_connected && m_ssl_socket.next_layer().is_open();
+			if (!m_connected || !m_ssl_socket->next_layer().is_open())
+				return false;
+			if (ssl)
+				*ssl = m_ssl_options.support != ssl_support_t::e_ssl_support_disabled;
+			return true;
 		}
 
 		inline 
@@ -375,13 +426,15 @@ namespace net_utils
 			
 				handler_obj hndlr(ec, bytes_transfered);
 
-				char local_buff[10000] = {0};
+				static const size_t max_size = 16384;
+				buff.resize(max_size);
 				
-				async_read(local_buff, sizeof(local_buff), boost::asio::transfer_at_least(1), hndlr);
+				async_read(&buff[0], max_size, boost::asio::transfer_at_least(1), hndlr);
 
 				// Block until the asynchronous operation has completed.
 				while (ec == boost::asio::error::would_block && !boost::interprocess::ipcdetail::atomic_read32(&m_shutdowned))
 				{
+					m_io_service.reset();
 					m_io_service.run_one(); 
 				}
 
@@ -393,6 +446,7 @@ namespace net_utils
                     {
                       MTRACE("Connection err_code eof.");
                       //connection closed there, empty
+                      buff.clear();
                       return true;
                     }
 
@@ -408,7 +462,8 @@ namespace net_utils
 				/*if(!bytes_transfered)
 					return false;*/
 
-				buff.assign(local_buff, bytes_transfered);
+				m_bytes_received += bytes_transfered;
+				buff.resize(bytes_transfered);
 				return true;
 			}
 
@@ -476,6 +531,7 @@ namespace net_utils
 					m_deadline.expires_at(std::chrono::steady_clock::time_point::max());
 				}
 
+				m_bytes_received += bytes_transfered;
 				if(bytes_transfered != buff.size())
 				{
 					LOG_ERROR("Transferred mismatch with transfer_at_least value: m_bytes_transferred=" << bytes_transfered << " at_least value=" << buff.size());
@@ -506,15 +562,15 @@ namespace net_utils
 		{
 			m_deadline.cancel();
 			boost::system::error_code ec;
-			if(m_ssl)
+			if(m_ssl_options.support != ssl_support_t::e_ssl_support_disabled)
 				shutdown_ssl();
-			m_ssl_socket.next_layer().cancel(ec);
+			m_ssl_socket->next_layer().cancel(ec);
 			if(ec)
 				MDEBUG("Problems at cancel: " << ec.message());
-			m_ssl_socket.next_layer().shutdown(boost::asio::ip::tcp::socket::shutdown_both, ec);
+			m_ssl_socket->next_layer().shutdown(boost::asio::ip::tcp::socket::shutdown_both, ec);
 			if(ec)
 				MDEBUG("Problems at shutdown: " << ec.message());
-			m_ssl_socket.next_layer().close(ec);
+			m_ssl_socket->next_layer().close(ec);
 			if(ec)
 				MDEBUG("Problems at close: " << ec.message());
 			boost::interprocess::ipcdetail::atomic_write32(&m_shutdowned, 1);
@@ -522,10 +578,6 @@ namespace net_utils
 			return true;
 		}
 		
-		void set_connected(bool connected)
-		{
-			m_connected = connected;
-		}
 		boost::asio::io_service& get_io_service()
 		{
 			return m_io_service;
@@ -533,9 +585,19 @@ namespace net_utils
 
 		boost::asio::ip::tcp::socket& get_socket()
 		{
-			return m_ssl_socket.next_layer();
+			return m_ssl_socket->next_layer();
 		}
-		
+
+		uint64_t get_bytes_sent() const
+		{
+			return m_bytes_sent;
+		}
+
+		uint64_t get_bytes_received() const
+		{
+			return m_bytes_received;
+		}
+
 	private:
 
 		void check_deadline()
@@ -550,7 +612,7 @@ namespace net_utils
 				// connect(), read_line() or write_line() functions to return.
 				LOG_PRINT_L3("Timed out socket");
         m_connected = false;
-				m_ssl_socket.next_layer().close();
+				m_ssl_socket->next_layer().close();
 
 				// There is no longer an active deadline. The expiry is set to positive
 				// infinity so that the actor takes no action until a new deadline is set.
@@ -565,9 +627,10 @@ namespace net_utils
 			// ssl socket shutdown blocks if server doesn't respond. We close after 2 secs
 			boost::system::error_code ec = boost::asio::error::would_block;
 			m_deadline.expires_from_now(std::chrono::milliseconds(2000));
-			m_ssl_socket.async_shutdown(boost::lambda::var(ec) = boost::lambda::_1);
+			m_ssl_socket->async_shutdown(boost::lambda::var(ec) = boost::lambda::_1);
 			while (ec == boost::asio::error::would_block)
 			{
+				m_io_service.reset();
 				m_io_service.run_one();
 			}
 			// Ignore "short read" error
@@ -586,39 +649,42 @@ namespace net_utils
 		bool write(const void* data, size_t sz, boost::system::error_code& ec)
 		{
 			bool success;
-			if(m_ssl)
-				success = boost::asio::write(m_ssl_socket, boost::asio::buffer(data, sz), ec);
+			if(m_ssl_options.support != ssl_support_t::e_ssl_support_disabled)
+				success = boost::asio::write(*m_ssl_socket, boost::asio::buffer(data, sz), ec);
 			else
-				success = boost::asio::write(m_ssl_socket.next_layer(), boost::asio::buffer(data, sz), ec);
+				success = boost::asio::write(m_ssl_socket->next_layer(), boost::asio::buffer(data, sz), ec);
 			return success;
 		}
 		
 		void async_write(const void* data, size_t sz, boost::system::error_code& ec) 
 		{
-			if(m_ssl)
-				boost::asio::async_write(m_ssl_socket, boost::asio::buffer(data, sz), boost::lambda::var(ec) = boost::lambda::_1);
+			if(m_ssl_options.support != ssl_support_t::e_ssl_support_disabled)
+				boost::asio::async_write(*m_ssl_socket, boost::asio::buffer(data, sz), boost::lambda::var(ec) = boost::lambda::_1);
 			else
-				boost::asio::async_write(m_ssl_socket.next_layer(), boost::asio::buffer(data, sz), boost::lambda::var(ec) = boost::lambda::_1);
+				boost::asio::async_write(m_ssl_socket->next_layer(), boost::asio::buffer(data, sz), boost::lambda::var(ec) = boost::lambda::_1);
 		}
 		
 		void async_read(char* buff, size_t sz, boost::asio::detail::transfer_at_least_t transfer_at_least, handler_obj& hndlr)
 		{
-			if(!m_ssl)
-				boost::asio::async_read(m_ssl_socket.next_layer(), boost::asio::buffer(buff, sz), transfer_at_least, hndlr);
+			if(m_ssl_options.support == ssl_support_t::e_ssl_support_disabled)
+				boost::asio::async_read(m_ssl_socket->next_layer(), boost::asio::buffer(buff, sz), transfer_at_least, hndlr);
 			else
-				boost::asio::async_read(m_ssl_socket, boost::asio::buffer(buff, sz), transfer_at_least, hndlr);
+				boost::asio::async_read(*m_ssl_socket, boost::asio::buffer(buff, sz), transfer_at_least, hndlr);
 			
 		}
 		
 	protected:
 		boost::asio::io_service m_io_service;
 		boost::asio::ssl::context m_ctx;
-		boost::asio::ssl::stream<boost::asio::ip::tcp::socket> m_ssl_socket;
-		bool m_ssl;
+		std::shared_ptr<boost::asio::ssl::stream<boost::asio::ip::tcp::socket>> m_ssl_socket;
+		std::function<connect_func> m_connector;
+		ssl_options_t m_ssl_options;
 		bool m_initialized;
 		bool m_connected;
 		boost::asio::steady_timer m_deadline;
 		volatile uint32_t m_shutdowned;
+		std::atomic<uint64_t> m_bytes_sent;
+		std::atomic<uint64_t> m_bytes_received;
 	};
 
 
@@ -722,7 +788,7 @@ namespace net_utils
 				// asynchronous operations are cancelled. This allows the blocked
 				// connect(), read_line() or write_line() functions to return.
 				LOG_PRINT_L3("Timed out socket");
-				m_ssl_socket.next_layer().close();
+				m_ssl_socket->next_layer().close();
 
 				// There is no longer an active deadline. The expiry is set to positive
 				// infinity so that the actor takes no action until a new deadline is set.
@@ -735,3 +801,4 @@ namespace net_utils
 	};
 }
 }
+

contrib/epee/include/net/net_ssl.h

@@ -0,0 +1,144 @@
+// Copyright (c) 2006-2013, Andrey N. Sabelnikov, www.sabelnikov.net
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the Andrey N. Sabelnikov nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER  BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// 
+
+
+
+#ifndef _NET_SSL_H
+#define _NET_SSL_H
+
+#include <stdint.h>
+#include <string>
+#include <vector>
+#include <boost/utility/string_ref.hpp>
+#include <boost/asio/ip/tcp.hpp>
+#include <boost/asio/ssl.hpp>
+#include <boost/system/error_code.hpp>
+
+#define SSL_FINGERPRINT_SIZE 32
+
+namespace epee
+{
+namespace net_utils
+{
+	enum class ssl_support_t: uint8_t {
+		e_ssl_support_disabled,
+		e_ssl_support_enabled,
+		e_ssl_support_autodetect,
+	};
+
+  enum class ssl_verification_t : uint8_t
+  {
+    none = 0,         //!< Do not verify peer.
+    system_ca,        //!< Verify peer via system ca only (do not inspect user certificates)
+    user_certificates,//!< Verify peer via specific (non-chain) certificate(s) only.
+    user_ca           //!< Verify peer via specific (possibly chain) certificate(s) only.
+  };
+
+  struct ssl_authentication_t
+  {
+    std::string private_key_path; //!< Private key used for authentication
+    std::string certificate_path; //!< Certificate used for authentication to peer.
+
+    //! Load `private_key_path` and `certificate_path` into `ssl_context`.
+    void use_ssl_certificate(boost::asio::ssl::context &ssl_context) const;
+  };
+
+  /*!
+    \note `verification != disabled && support == disabled` is currently
+      "allowed" via public interface but obviously invalid configuation.
+   */
+  class ssl_options_t
+  {
+    // force sorted behavior in private
+    std::vector<std::vector<std::uint8_t>> fingerprints_;
+
+  public:
+    std::string ca_path;
+    ssl_authentication_t auth;
+    ssl_support_t support;
+    ssl_verification_t verification;
+
+    //! Verification is set to system ca unless SSL is disabled.
+    ssl_options_t(ssl_support_t support)
+      : fingerprints_(),
+        ca_path(),
+        auth(),
+        support(support),
+        verification(support == ssl_support_t::e_ssl_support_disabled ? ssl_verification_t::none : ssl_verification_t::system_ca)
+    {}
+
+    //! Provide user fingerprints and/or ca path. Enables SSL and user_certificate verification
+    ssl_options_t(std::vector<std::vector<std::uint8_t>> fingerprints, std::string ca_path);
+
+    ssl_options_t(const ssl_options_t&) = default;
+    ssl_options_t(ssl_options_t&&) = default;
+
+    ssl_options_t& operator=(const ssl_options_t&) = default;
+    ssl_options_t& operator=(ssl_options_t&&) = default;
+
+    //! \return False iff ssl is disabled, otherwise true.
+    explicit operator bool() const noexcept { return support != ssl_support_t::e_ssl_support_disabled; }
+
+    //! \retrurn True if `host` can be verified using `this` configuration WITHOUT system "root" CAs.
+    bool has_strong_verification(boost::string_ref host) const noexcept;
+
+    //! Search against internal fingerprints. Always false if `behavior() != user_certificate_check`.
+    bool has_fingerprint(boost::asio::ssl::verify_context &ctx) const;
+
+    boost::asio::ssl::context create_context() const;
+
+    /*! \note If `this->support == autodetect && this->verification != none`,
+          then the handshake will not fail when peer verification fails. The
+          assumption is that a re-connect will be attempted, so a warning is
+          logged instead of failure.
+
+        \note It is strongly encouraged that clients using `system_ca`
+          verification provide a non-empty `host` for rfc2818 verification.
+
+        \param socket Used in SSL handshake and verification
+        \param type Client or server
+        \param host This parameter is only used when
+          `type == client && !host.empty()`. The value is sent to the server for
+          situations where multiple hostnames are being handled by a server. If
+          `verification == system_ca` the client also does a rfc2818 check to
+          ensure that the server certificate is to the provided hostname.
+
+        \return True if the SSL handshake completes with peer verification
+          settings. */
+    bool handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string& host = {}) const;
+  };
+
+        // https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification
+	constexpr size_t get_ssl_magic_size() { return 9; }
+	bool is_ssl(const unsigned char *data, size_t len);
+	bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s);
+
+	bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);
+	bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);
+}
+}
+
+#endif //_NET_SSL_H

contrib/epee/include/net/net_utils_base.h

@@ -33,6 +33,7 @@
 #include <boost/asio/io_service.hpp>
 #include <typeinfo>
 #include <type_traits>
+#include "enums.h"
 #include "serialization/keyvalue_serialization.h"
 #include "misc_log_ex.h"
 
@@ -43,6 +44,18 @@
 #define MAKE_IP( a1, a2, a3, a4 )	(a1|(a2<<8)|(a3<<16)|(a4<<24))
 #endif
 
+#if BOOST_VERSION >= 107000
+#define GET_IO_SERVICE(s) ((boost::asio::io_context&)(s).get_executor().context())
+#else
+#define GET_IO_SERVICE(s) ((s).get_io_service())
+#endif
+
+namespace net
+{
+	class tor_address;
+	class i2p_address;
+}
+
 namespace epee
 {
 namespace net_utils
@@ -53,6 +66,10 @@ namespace net_utils
 		uint16_t m_port;
 
 	public:
+		constexpr ipv4_network_address() noexcept
+			: ipv4_network_address(0, 0)
+		{}
+
 		constexpr ipv4_network_address(uint32_t ip, uint16_t port) noexcept
 			: m_ip(ip), m_port(port) {}
 
@@ -67,9 +84,10 @@ namespace net_utils
 		std::string host_str() const;
 		bool is_loopback() const;
 		bool is_local() const;
-		static constexpr uint8_t get_type_id() noexcept { return ID; }
+		static constexpr address_type get_type_id() noexcept { return address_type::ipv4; }
+		static constexpr zone get_zone() noexcept { return zone::public_; }
+		static constexpr bool is_blockable() noexcept { return true; }
 
-		static const uint8_t ID = 1;
 		BEGIN_KV_SERIALIZE_MAP()
 			KV_SERIALIZE(m_ip)
 			KV_SERIALIZE(m_port)
@@ -103,7 +121,9 @@ namespace net_utils
 			virtual std::string host_str() const = 0;
 			virtual bool is_loopback() const = 0;
 			virtual bool is_local() const = 0;
-			virtual uint8_t get_type_id() const = 0;
+			virtual address_type get_type_id() const = 0;
+			virtual zone get_zone() const = 0;
+			virtual bool is_blockable() const = 0;
 		};
 
 		template<typename T>
@@ -131,7 +151,9 @@ namespace net_utils
 			virtual std::string host_str() const override { return value.host_str(); }
 			virtual bool is_loopback() const override { return value.is_loopback(); }
 			virtual bool is_local() const override { return value.is_local(); }
-			virtual uint8_t get_type_id() const override { return value.get_type_id(); }
+			virtual address_type get_type_id() const override { return value.get_type_id(); }
+			virtual zone get_zone() const override { return value.get_zone(); }
+			virtual bool is_blockable() const override { return value.is_blockable(); }
 		};
 
 		std::shared_ptr<interface> self;
@@ -146,6 +168,23 @@ namespace net_utils
 				throw std::bad_cast{};
 			return static_cast<implementation<Type_>*>(self_)->value;
 		}
+
+		template<typename T, typename t_storage>
+		bool serialize_addr(std::false_type, t_storage& stg, typename t_storage::hsection hparent)
+		{
+			T addr{};
+			if (!epee::serialization::selector<false>::serialize(addr, stg, hparent, "addr"))
+				return false;
+			*this = std::move(addr);
+			return true;
+		}
+
+		template<typename T, typename t_storage>
+		bool serialize_addr(std::true_type, t_storage& stg, typename t_storage::hsection hparent) const
+		{
+			return epee::serialization::selector<true>::serialize(as<T>(), stg, hparent, "addr");
+		}
+
 	public:
 		network_address() : self(nullptr) {}
 		template<typename T>
@@ -158,43 +197,34 @@ namespace net_utils
 		std::string host_str() const { return self ? self->host_str() : "<none>"; }
 		bool is_loopback() const { return self ? self->is_loopback() : false; }
 		bool is_local() const { return self ? self->is_local() : false; }
-		uint8_t get_type_id() const { return self ? self->get_type_id() : 0; }
+		address_type get_type_id() const { return self ? self->get_type_id() : address_type::invalid; }
+		zone get_zone() const { return self ? self->get_zone() : zone::invalid; }
+		bool is_blockable() const { return self ? self->is_blockable() : false; }
 		template<typename Type> const Type &as() const { return as_mutable<const Type>(); }
 
 		BEGIN_KV_SERIALIZE_MAP()
-			uint8_t type = is_store ? this_ref.get_type_id() : 0;
+			// need to `#include "net/[i2p|tor]_address.h"` when serializing `network_address`
+			static constexpr std::integral_constant<bool, is_store> is_store_{};
+
+			std::uint8_t type = std::uint8_t(is_store ? this_ref.get_type_id() : address_type::invalid);
 			if (!epee::serialization::selector<is_store>::serialize(type, stg, hparent_section, "type"))
 				return false;
-			switch (type)
+
+			switch (address_type(type))
 			{
-				case ipv4_network_address::ID:
-				{
-					if (!is_store)
-					{
-						const_cast<network_address&>(this_ref) = ipv4_network_address{0, 0};
-						auto &addr = this_ref.template as_mutable<ipv4_network_address>();
-						if (epee::serialization::selector<is_store>::serialize(addr, stg, hparent_section, "addr"))
-							MDEBUG("Found as addr: " << this_ref.str());
-						else if (epee::serialization::selector<is_store>::serialize(addr, stg, hparent_section, "template as<ipv4_network_address>()"))
-							MDEBUG("Found as template as<ipv4_network_address>(): " << this_ref.str());
-						else if (epee::serialization::selector<is_store>::serialize(addr, stg, hparent_section, "template as_mutable<ipv4_network_address>()"))
-							MDEBUG("Found as template as_mutable<ipv4_network_address>(): " << this_ref.str());
-						else
-						{
-							MWARNING("Address not found");
-							return false;
-						}
-					}
-					else
-					{
-						auto &addr = this_ref.template as_mutable<ipv4_network_address>();
-						if (!epee::serialization::selector<is_store>::serialize(addr, stg, hparent_section, "addr"))
-							return false;
-					}
+				case address_type::ipv4:
+					return this_ref.template serialize_addr<ipv4_network_address>(is_store_, stg, hparent_section);
+				case address_type::tor:
+					return this_ref.template serialize_addr<net::tor_address>(is_store_, stg, hparent_section);
+				case address_type::i2p:
+					return this_ref.template serialize_addr<net::i2p_address>(is_store_, stg, hparent_section);
+				case address_type::invalid:
+				default:
 					break;
-				}
-				default: MERROR("Unsupported network address type: " << (unsigned)type); return false;
 			}
+
+			MERROR("Unsupported network address type: " << (unsigned)type);
+			return false;
 		END_KV_SERIALIZE_MAP()
 	};
 
@@ -211,8 +241,6 @@ namespace net_utils
 	inline bool operator>=(const network_address& lhs, const network_address& rhs)
 	{ return !lhs.less(rhs); }
 
-	bool create_network_address(network_address &address, const std::string &string, uint16_t default_port = 0);
-
 	/************************************************************************/
 	/*                                                                      */
 	/************************************************************************/
@@ -222,54 +250,68 @@ namespace net_utils
     const network_address m_remote_address;
     const bool     m_is_income;
     const time_t   m_started;
+    const time_t   m_ssl;
     time_t   m_last_recv;
     time_t   m_last_send;
     uint64_t m_recv_cnt;
     uint64_t m_send_cnt;
     double m_current_speed_down;
     double m_current_speed_up;
+    double m_max_speed_down;
+    double m_max_speed_up;
 
     connection_context_base(boost::uuids::uuid connection_id,
-                            const network_address &remote_address, bool is_income,
+                            const network_address &remote_address, bool is_income, bool ssl,
                             time_t last_recv = 0, time_t last_send = 0,
                             uint64_t recv_cnt = 0, uint64_t send_cnt = 0):
                                             m_connection_id(connection_id),
                                             m_remote_address(remote_address),
                                             m_is_income(is_income),
                                             m_started(time(NULL)),
+                                            m_ssl(ssl),
                                             m_last_recv(last_recv),
                                             m_last_send(last_send),
                                             m_recv_cnt(recv_cnt),
                                             m_send_cnt(send_cnt),
                                             m_current_speed_down(0),
-                                            m_current_speed_up(0)
+                                            m_current_speed_up(0),
+                                            m_max_speed_down(0),
+                                            m_max_speed_up(0)
     {}
 
     connection_context_base(): m_connection_id(),
-                               m_remote_address(ipv4_network_address{0,0}),
+                               m_remote_address(),
                                m_is_income(false),
                                m_started(time(NULL)),
+                               m_ssl(false),
                                m_last_recv(0),
                                m_last_send(0),
                                m_recv_cnt(0),
                                m_send_cnt(0),
                                m_current_speed_down(0),
-                               m_current_speed_up(0)
+                               m_current_speed_up(0),
+                               m_max_speed_down(0),
+                               m_max_speed_up(0)
     {}
 
+    connection_context_base(const connection_context_base& a): connection_context_base()
+    {
+      set_details(a.m_connection_id, a.m_remote_address, a.m_is_income, a.m_ssl);
+    }
+
     connection_context_base& operator=(const connection_context_base& a)
     {
-      set_details(a.m_connection_id, a.m_remote_address, a.m_is_income);
+      set_details(a.m_connection_id, a.m_remote_address, a.m_is_income, a.m_ssl);
       return *this;
     }
     
   private:
     template<class t_protocol_handler>
     friend class connection;
-    void set_details(boost::uuids::uuid connection_id, const network_address &remote_address, bool is_income)
+    void set_details(boost::uuids::uuid connection_id, const network_address &remote_address, bool is_income, bool ssl)
     {
       this->~connection_context_base();
-      new(this) connection_context_base(connection_id, remote_address, is_income);
+      new(this) connection_context_base(connection_id, remote_address, is_income, ssl);
     }
 
 	};

contrib/epee/include/net/network_throttle-detail.hpp

@@ -36,6 +36,7 @@
 #ifndef INCLUDED_throttle_detail_hpp
 #define INCLUDED_throttle_detail_hpp
 
+#include <boost/circular_buffer.hpp>
 #include "network_throttle.hpp"
 
 namespace epee
@@ -61,10 +62,12 @@ class network_throttle : public i_network_throttle {
 		network_time_seconds m_slot_size; // the size of one slot. TODO: now hardcoded for 1 second e.g. in time_to_slot()
 		// TODO for big window size, for performance better the substract on change of m_last_sample_time instead of recalculating average of eg >100 elements
 
-		std::vector< packet_info > m_history; // the history of bw usage
+		boost::circular_buffer< packet_info > m_history; // the history of bw usage
 		network_time_seconds m_last_sample_time; // time of last history[0] - so we know when to rotate the buffer
 		network_time_seconds m_start_time; // when we were created
 		bool m_any_packet_yet; // did we yet got any packet to count
+		uint64_t m_total_packets;
+		uint64_t m_total_bytes;
 
 		std::string m_name; // my name for debug and logs
 		std::string m_nameshort; // my name for debug and logs (used in log file name)
@@ -94,6 +97,7 @@ class network_throttle : public i_network_throttle {
 		virtual size_t get_recommended_size_of_planned_transport() const; ///< what should be the size (bytes) of next data block to be transported
 		virtual size_t get_recommended_size_of_planned_transport_window(double force_window) const;  ///< ditto, but for given windows time frame
 		virtual double get_current_speed() const;
+		virtual void get_stats(uint64_t &total_packets, uint64_t &total_bytes) const;
 
 	private:
 		virtual network_time_seconds time_to_slot(network_time_seconds t) const { return std::floor( t ); } // convert exact time eg 13.7 to rounded time for slot number in history 13

contrib/epee/include/net/network_throttle.hpp

@@ -152,7 +152,8 @@ class i_network_throttle {
 		virtual size_t get_recommended_size_of_planned_transport() const =0; // what should be the recommended limit of data size that we can transport over current network_throttle in near future
 
 		virtual double get_time_seconds() const =0; // a timer
-        virtual void logger_handle_net(const std::string &filename, double time, size_t size)=0;
+		virtual void logger_handle_net(const std::string &filename, double time, size_t size)=0;
+		virtual void get_stats(uint64_t &total_packets, uint64_t &total_bytes) const =0;
 
 
 };

contrib/epee/include/rolling_median.h

@@ -0,0 +1,236 @@
+// Copyright (c) 2019, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Adapted from source by AShelly:
+// Copyright (c) 2011 ashelly.myopenid.com, licenced under the MIT licence
+// https://stackoverflow.com/questions/5527437/rolling-median-in-c-turlach-implementation
+// https://stackoverflow.com/questions/1309263/rolling-median-algorithm-in-c
+// https://ideone.com/XPbl6
+
+#pragma once
+
+#include <stdlib.h>
+#include <stdint.h>
+
+namespace epee
+{
+namespace misc_utils
+{
+
+template<typename Item>
+struct rolling_median_t
+{
+private:
+  Item* data;  //circular queue of values
+  int*  pos;   //index into `heap` for each value
+  int*  heap;  //max/median/min heap holding indexes into `data`.
+  int   N;     //allocated size.
+  int   idx;   //position in circular queue
+  int   minCt; //count of items in min heap
+  int   maxCt; //count of items in max heap
+  int   sz;    //count of items in heap
+
+private:
+
+  //returns true if heap[i] < heap[j]
+  bool mmless(int i, int j) const
+  {
+    return data[heap[i]] < data[heap[j]];
+  }
+
+  //swaps items i&j in heap, maintains indexes
+  bool mmexchange(int i, int j)
+  {
+    const int t = heap[i];
+    heap[i] = heap[j];
+    heap[j] = t;
+    pos[heap[i]] = i;
+    pos[heap[j]] = j;
+    return 1;
+  }
+
+  //swaps items i&j if i<j;  returns true if swapped
+  bool mmCmpExch(int i, int j)
+  {
+     return mmless(i, j) && mmexchange(i, j);
+  }
+
+  //maintains minheap property for all items below i.
+  void minSortDown(int i)
+  {
+    for (i *= 2; i <= minCt; i *= 2)
+    {
+       if (i < minCt && mmless(i + 1, i))
+         ++i;
+       if (!mmCmpExch(i, i / 2))
+         break;
+    }
+  }
+
+  //maintains maxheap property for all items below i. (negative indexes)
+  void maxSortDown(int i)
+  {
+    for (i *= 2; i >= -maxCt; i *= 2)
+    {
+      if (i > -maxCt && mmless(i, i - 1))
+        --i;
+      if (!mmCmpExch(i / 2, i))
+        break;
+    }
+  }
+
+  //maintains minheap property for all items above i, including median
+  //returns true if median changed
+  bool minSortUp(int i)
+  {
+    while (i > 0 && mmCmpExch(i, i / 2))
+      i /= 2;
+    return i == 0;
+  }
+
+  //maintains maxheap property for all items above i, including median
+  //returns true if median changed
+  bool maxSortUp(int i)
+  {
+     while (i < 0 && mmCmpExch(i / 2, i))
+       i /= 2;
+     return i == 0;
+  }
+
+protected:
+  rolling_median_t &operator=(const rolling_median_t&) = delete;
+  rolling_median_t(const rolling_median_t&) = delete;
+
+public:
+  //creates new rolling_median_t: to calculate `nItems` running median. 
+  rolling_median_t(size_t N): N(N)
+  {
+    int size = N * (sizeof(Item) + sizeof(int) * 2);
+    data = (Item*)malloc(size);
+    pos = (int*) (data + N);
+    heap = pos + N + (N / 2); //points to middle of storage.
+    clear();
+  }
+
+  rolling_median_t(rolling_median_t &&m)
+  {
+    free(data);
+    memcpy(this, &m, sizeof(rolling_median_t));
+    m.data = NULL;
+  }
+  rolling_median_t &operator=(rolling_median_t &&m)
+  {
+    free(data);
+    memcpy(this, &m, sizeof(rolling_median_t));
+    m.data = NULL;
+    return *this;
+  }
+
+  ~rolling_median_t()
+  {
+    free(data);
+  }
+
+  void clear()
+  {
+    idx = 0;
+    minCt = 0;
+    maxCt = 0;
+    sz = 0;
+    int nItems = N;
+    while (nItems--)  //set up initial heap fill pattern: median,max,min,max,...
+    {
+      pos[nItems] = ((nItems + 1) / 2) * ((nItems & 1) ? -1 : 1);
+      heap[pos[nItems]] = nItems;
+    }
+  }
+
+  int size() const
+  {
+    return sz;
+  }
+
+  //Inserts item, maintains median in O(lg nItems)
+  void insert(Item v)
+  {
+    int p = pos[idx];
+    Item old = data[idx];
+    data[idx] = v;
+    idx = (idx + 1) % N;
+    sz = std::min<int>(sz + 1, N);
+    if (p > 0)         //new item is in minHeap
+    {
+      if (minCt < (N - 1) / 2)
+      {
+        ++minCt;
+      }
+      else if (v > old)
+      {
+        minSortDown(p);
+        return;
+      }
+      if (minSortUp(p) && mmCmpExch(0, -1))
+        maxSortDown(-1);
+    }
+    else if (p < 0)   //new item is in maxheap
+    {
+      if (maxCt < N / 2)
+      {
+        ++maxCt;
+      }
+      else if (v < old)
+      {
+        maxSortDown(p);
+        return;
+      }
+      if (maxSortUp(p) && minCt && mmCmpExch(1, 0))
+        minSortDown(1);
+    }
+    else //new item is at median
+    {
+      if (maxCt && maxSortUp(-1))
+        maxSortDown(-1);
+      if (minCt && minSortUp(1))
+        minSortDown(1);
+    }
+  }
+
+  //returns median item (or average of 2 when item count is even)
+  Item median() const
+  {
+    Item v = data[heap[0]];
+    if (minCt < maxCt)
+    {
+      v = (v + data[heap[-1]]) / 2;
+    }
+    return v;
+  }
+};
+
+}
+}

contrib/epee/include/serialization/keyvalue_serialization.h

@@ -32,6 +32,9 @@
 #include "enableable.h"
 #include "keyvalue_serialization_overloads.h"
 
+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "serialization"
+
 namespace epee
 {
   /************************************************************************/

contrib/epee/include/serialization/keyvalue_serialization_overloads.h

@@ -33,6 +33,9 @@
 #include <boost/mpl/vector.hpp>
 #include <boost/mpl/contains_fwd.hpp>
 
+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "serialization"
+
 namespace epee
 {
   namespace

contrib/epee/include/span.h

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018, The Monero Project
+// Copyright (c) 2017-2019, The Monero Project
 //
 // All rights reserved.
 //
@@ -31,6 +31,7 @@
 #include <algorithm>
 #include <cstdint>
 #include <memory>
+#include <string>
 #include <type_traits>
 
 namespace epee

contrib/epee/include/stats.h

@@ -0,0 +1,58 @@
+#pragma once
+
+#include <vector>
+
+template<typename T, typename Tpod = T>
+class Stats
+{
+public:
+  Stats(const std::vector<T> &v): values(v), cached(0) {}
+  ~Stats() {}
+
+  size_t get_size() const;
+  Tpod get_min() const;
+  Tpod get_max() const;
+  Tpod get_median() const;
+  double get_mean() const;
+  double get_confidence_interval_95() const;
+  double get_confidence_interval_99() const;
+  double get_standard_deviation() const;
+  double get_standard_error() const;
+  double get_variance() const;
+  double get_kurtosis() const;
+  double get_non_parametric_skew() const;
+  double get_t_test(T t) const;
+  double get_t_test(size_t npoints, double mean, double stddev) const;
+  double get_t_test(const Stats<T> &other) const;
+  double get_z_test(const Stats<T> &other) const;
+  double get_test(const Stats<T> &other) const;
+  std::vector<Tpod> get_quantiles(unsigned int quantiles) const;
+  std::vector<size_t> get_bins(unsigned int bins) const;
+  bool is_same_distribution_95(size_t npoints, double mean, double stddev) const;
+  bool is_same_distribution_95(const Stats<T> &other) const;
+  bool is_same_distribution_99(size_t npoints, double mean, double stddev) const;
+  bool is_same_distribution_99(const Stats<T> &other) const;
+
+  double get_cdf95(size_t df) const;
+  double get_cdf95(const Stats<T> &other) const;
+  double get_cdf99(size_t df) const;
+  double get_cdf99(const Stats<T> &other) const;
+
+private:
+  inline bool is_cached(int bit) const;
+  inline void set_cached(int bit) const;
+
+  const std::vector<T> &values;
+
+  mutable uint64_t cached;
+  mutable Tpod min;
+  mutable Tpod max;
+  mutable Tpod median;
+  mutable double mean;
+  mutable double standard_deviation;
+  mutable double standard_error;
+  mutable double variance;
+  mutable double kurtosis;
+};
+
+#include "stats.inl"

contrib/epee/include/stats.inl

@@ -0,0 +1,359 @@
+#include <math.h>
+#include <limits>
+#include <algorithm>
+#include "stats.h"
+
+enum
+{
+  bit_min = 0,
+  bit_max,
+  bit_median,
+  bit_mean,
+  bit_standard_deviation,
+  bit_standard_error,
+  bit_variance,
+  bit_kurtosis,
+};
+
+static inline double square(double x)
+{
+  return x * x;
+}
+
+template<typename T>
+static inline double interpolate(T v, T v0, double i0, T v1, double i1)
+{
+  return i0 + (i1 - i0) * (v - v0) / (v1 - v0);
+}
+
+template<typename T, typename Tpod>
+inline bool Stats<T, Tpod>::is_cached(int bit) const
+{
+  return cached & (1<<bit);
+}
+
+template<typename T, typename Tpod>
+inline void Stats<T, Tpod>::set_cached(int bit) const
+{
+  cached |= 1<<bit;
+}
+
+template<typename T, typename Tpod>
+size_t Stats<T, Tpod>::get_size() const
+{
+  return values.size();
+}
+
+template<typename T, typename Tpod>
+Tpod Stats<T, Tpod>::get_min() const
+{
+  if (!is_cached(bit_min))
+  {
+    min = std::numeric_limits<Tpod>::max();
+    for (const T &v: values)
+      min = std::min<Tpod>(min, v);
+    set_cached(bit_min);
+  }
+  return min;
+}
+
+template<typename T, typename Tpod>
+Tpod Stats<T, Tpod>::get_max() const
+{
+  if (!is_cached(bit_max))
+  {
+    max = std::numeric_limits<Tpod>::min();
+    for (const T &v: values)
+      max = std::max<Tpod>(max, v);
+    set_cached(bit_max);
+  }
+  return max;
+}
+
+template<typename T, typename Tpod>
+Tpod Stats<T, Tpod>::get_median() const
+{
+  if (!is_cached(bit_median))
+  {
+    std::vector<Tpod> sorted;
+    sorted.reserve(values.size());
+    for (const T &v: values)
+      sorted.push_back(v);
+    std::sort(sorted.begin(), sorted.end());
+    if (sorted.size() & 1)
+    {
+      median = sorted[sorted.size() / 2];
+    }
+    else
+    {
+      median = (sorted[(sorted.size() - 1) / 2] + sorted[sorted.size() / 2]) / 2;
+    }
+    set_cached(bit_median);
+  }
+  return median;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_mean() const
+{
+  if (values.empty())
+    return 0.0;
+  if (!is_cached(bit_mean))
+  {
+    mean = 0.0;
+    for (const T &v: values)
+      mean += v;
+    mean /= values.size();
+    set_cached(bit_mean);
+  }
+  return mean;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_cdf95(size_t df) const
+{
+  static const double p[101] = {
+    -1, 12.706, 4.3027, 3.1824, 2.7765, 2.5706, 2.4469, 2.3646, 2.3060, 2.2622, 2.2281, 2.2010, 2.1788, 2.1604, 2.1448, 2.1315,
+    2.1199, 2.1098, 2.1009, 2.0930, 2.0860, 2.0796, 2.0739, 2.0687, 2.0639, 2.0595, 2.0555, 2.0518, 2.0484, 2.0452, 2.0423, 2.0395,
+    2.0369, 2.0345, 2.0322, 2.0301, 2.0281, 2.0262, 2.0244, 2.0227, 2.0211, 2.0195, 2.0181, 2.0167, 2.0154, 2.0141, 2.0129, 2.0117,
+    2.0106, 2.0096, 2.0086, 2.0076, 2.0066, 2.0057, 2.0049, 2.0040, 2.0032, 2.0025, 2.0017, 2.0010, 2.0003, 1.9996, 1.9990, 1.9983,
+    1.9977, 1.9971, 1.9966, 1.9960, 1.9955, 1.9949, 1.9944, 1.9939, 1.9935, 1.9930, 1.9925, 1.9921, 1.9917, 1.9913, 1.9908, 1.9905,
+    1.9901, 1.9897, 1.9893, 1.9890, 1.9886, 1.9883, 1.9879, 1.9876, 1.9873, 1.9870, 1.9867, 1.9864, 1.9861, 1.9858, 1.9855, 1.9852,
+    1.9850, 1.9847, 1.9845, 1.9842, 1.9840,
+  };
+  if (df <= 100)
+    return p[df];
+  if (df <= 120)
+    return interpolate<size_t>(df, 100, 1.9840, 120, 1.98);
+  return 1.96;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_cdf95(const Stats<T> &other) const
+{
+  return get_cdf95(get_size() + other.get_size() - 2);
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_cdf99(size_t df) const
+{
+  static const double p[101] = {
+    -1, 9.9250, 5.8408, 4.6041, 4.0321, 3.7074, 3.4995, 3.3554, 3.2498, 3.1693, 3.1058, 3.0545, 3.0123, 2.9768, 2.9467, 2.9208, 2.8982,
+     2.8784, 2.8609, 2.8453, 2.8314, 2.8188, 2.8073, 2.7970, 2.7874, 2.7787, 2.7707, 2.7633, 2.7564, 2.7500, 2.7440, 2.7385, 2.7333,
+     2.7284, 2.7238, 2.7195, 2.7154, 2.7116, 2.7079, 2.7045, 2.7012, 2.6981, 2.6951, 2.6923, 2.6896, 2.6870, 2.6846, 2.6822, 2.6800,
+     2.6778, 2.6757, 2.6737, 2.6718, 2.6700, 2.6682, 2.6665, 2.6649, 2.6633, 2.6618, 2.6603, 2.6589, 2.6575, 2.6561, 2.6549, 2.6536,
+     2.6524, 2.6512, 2.6501, 2.6490, 2.6479, 2.6469, 2.6458, 2.6449, 2.6439, 2.6430, 2.6421, 2.6412, 2.6403, 2.6395, 2.6387, 2.6379,
+     2.6371, 2.6364, 2.6356, 2.6349, 2.6342, 2.6335, 2.6329, 2.6322, 2.6316, 2.6309, 2.6303, 2.6297, 2.6291, 2.6286, 2.6280, 2.6275,
+     2.6269, 2.6264, 2.6259,
+  };
+  if (df <= 100)
+    return p[df];
+  if (df <= 120)
+    return interpolate<size_t>(df, 100, 2.6529, 120, 2.617);
+  return 2.576;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_cdf99(const Stats<T> &other) const
+{
+  return get_cdf99(get_size() + other.get_size() - 2);
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_confidence_interval_95() const
+{
+  const size_t df = get_size() - 1;
+  return get_standard_error() * get_cdf95(df);
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_confidence_interval_99() const
+{
+  const size_t df = get_size() - 1;
+  return get_standard_error() * get_cdf99(df);
+}
+
+template<typename T, typename Tpod>
+bool Stats<T, Tpod>::is_same_distribution_95(size_t npoints, double mean, double stddev) const
+{
+  return fabs(get_t_test(npoints, mean, stddev)) < get_cdf95(get_size() + npoints - 2);
+}
+
+template<typename T, typename Tpod>
+bool Stats<T, Tpod>::is_same_distribution_95(const Stats<T> &other) const
+{
+  return fabs(get_t_test(other)) < get_cdf95(other);
+}
+
+template<typename T, typename Tpod>
+bool Stats<T, Tpod>::is_same_distribution_99(size_t npoints, double mean, double stddev) const
+{
+  return fabs(get_t_test(npoints, mean, stddev)) < get_cdf99(get_size() + npoints - 2);
+}
+
+template<typename T, typename Tpod>
+bool Stats<T, Tpod>::is_same_distribution_99(const Stats<T> &other) const
+{
+  return fabs(get_t_test(other)) < get_cdf99(other);
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_standard_deviation() const
+{
+  if (values.size() <= 1)
+    return 0.0;
+  if (!is_cached(bit_standard_deviation))
+  {
+    Tpod m = get_mean(), t = 0;
+    for (const T &v: values)
+      t += ((T)v - m) * ((T)v - m);
+    standard_deviation = sqrt(t / ((double)values.size() - 1));
+    set_cached(bit_standard_deviation);
+  }
+  return standard_deviation;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_standard_error() const
+{
+  if (!is_cached(bit_standard_error))
+  {
+    standard_error = get_standard_deviation() / sqrt(get_size());
+    set_cached(bit_standard_error);
+  }
+  return standard_error;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_variance() const
+{
+  if (!is_cached(bit_variance))
+  {
+    double stddev = get_standard_deviation();
+    variance = stddev * stddev;
+    set_cached(bit_variance);
+  }
+  return variance;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_kurtosis() const
+{
+  if (values.empty())
+    return 0.0;
+  if (!is_cached(bit_kurtosis))
+  {
+    double m = get_mean();
+    double n = 0, d = 0;
+    for (const T &v: values)
+    {
+      T p2 = (v - m) * (v - m);
+      T p4 = p2 * p2;
+      n += p4;
+      d += p2;
+    }
+    n /= values.size();
+    d /= values.size();
+    d *= d;
+    kurtosis = n / d;
+    set_cached(bit_kurtosis);
+  }
+  return kurtosis;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_non_parametric_skew() const
+{
+  return (get_mean() - get_median()) / get_standard_deviation();
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_t_test(T t) const
+{
+  const double n = get_mean() - t;
+  const double d = get_standard_deviation() / sqrt(get_size());
+  return n / d;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_t_test(size_t npoints, double mean, double stddev) const
+{
+  const double n = get_mean() - mean;
+  const double d = sqrt(get_variance() / get_size() + square(stddev) / npoints);
+  return n / d;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_t_test(const Stats<T> &other) const
+{
+  const double n = get_mean() - other.get_mean();
+  const double d = sqrt(get_variance() / get_size() + other.get_variance() / other.get_size());
+  return n / d;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_z_test(const Stats<T> &other) const
+{
+  const double m0 = get_mean();
+  const double m1 = other.get_mean();
+  const double sd0 = get_standard_deviation();
+  const double sd1 = other.get_standard_deviation();
+  const size_t s0 = get_size();
+  const size_t s1 = other.get_size();
+
+  const double n = m0 - m1;
+  const double d = sqrt(square(sd0 / sqrt(s0)) + square(sd1 / sqrt(s1)));
+
+  return n / d;
+}
+
+template<typename T, typename Tpod>
+double Stats<T, Tpod>::get_test(const Stats<T> &other) const
+{
+  if (get_size() >= 30 && other.get_size() >= 30)
+    return get_z_test(other);
+  else
+    return get_t_test(other);
+}
+
+template<typename T, typename Tpod>
+std::vector<Tpod> Stats<T, Tpod>::get_quantiles(unsigned int quantiles) const
+{
+  std::vector<Tpod> sorted;
+  sorted.reserve(values.size());
+  for (const T &v: values)
+    sorted.push_back(v);
+  std::sort(sorted.begin(), sorted.end());
+  std::vector<Tpod> q(quantiles + 1, 0);
+  for (unsigned int i = 1; i <= quantiles; ++i)
+  {
+    unsigned idx = (unsigned)ceil(values.size() * i / (double)quantiles);
+    q[i] = sorted[idx - 1];
+  }
+  if (!is_cached(bit_min))
+  {
+    min = sorted.front();
+    set_cached(bit_min);
+  }
+  q[0] = min;
+  if (!is_cached(bit_max))
+  {
+    max = sorted.back();
+    set_cached(bit_max);
+  }
+  return q;
+}
+
+template<typename T, typename Tpod>
+std::vector<size_t> Stats<T, Tpod>::get_bins(unsigned int bins) const
+{
+  std::vector<size_t> b(bins, 0);
+  const double scale = 1.0 / (get_max() - get_min());
+  const T base = get_min();
+  for (const T &v: values)
+  {
+    unsigned int idx = (v - base) * scale;
+    ++b[idx];
+  }
+  return b;
+}

contrib/epee/include/storages/parserse_base_utils.h

@@ -42,13 +42,14 @@ namespace misc_utils
     // 4: alpha
     // 8: whitespace
     // 16: allowed in float but doesn't necessarily mean it's a float
+    // 32: \ and " (end of verbatim string)
     static const constexpr uint8_t lut[256]={
       0, 0, 0, 0, 0, 0, 0, 0, 0, 8, 8, 8, 8, 8, 0, 0, // 16
       0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 32
-      8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16, 0, 16, 18, 0, // 48
+      8, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 16, 0, 16, 18, 0, // 48
       17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 0, 0, 0, 0, 0, 0, // 64
       0, 4, 4, 4, 4, 22, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, // 80
-      4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 0, 0, 0, 0, 0, // 96
+      4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 0, 32, 0, 0, 0, // 96
       0, 4, 4, 4, 4, 22, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, // 112
       4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 0, 0, 0, 0, 0, // 128
       0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -130,7 +131,7 @@ namespace misc_utils
         std::string::const_iterator it = star_end_string;
         ++it;
         std::string::const_iterator fi = it;
-        while (fi != buf_end && *fi != '\\' && *fi != '\"')
+        while (fi != buf_end && ((lut[(uint8_t)*fi] & 32)) == 0)
           ++fi;
         val.assign(it, fi);
         val.reserve(std::distance(star_end_string, buf_end));

contrib/epee/include/storages/portable_storage_base.h

@@ -82,6 +82,7 @@ namespace epee
     struct array_entry_t
     {
       array_entry_t():m_it(m_array.end()){}        
+      array_entry_t(const array_entry_t& other):m_array(other.m_array), m_it(m_array.end()){}
 
       const t_entry_type* get_first_val() const 
       {

contrib/epee/include/storages/portable_storage_from_bin.h

@@ -136,6 +136,7 @@ namespace epee
       //for pod types
       array_entry_t<type_name> sa;
       size_t size = read_varint();
+      CHECK_AND_ASSERT_THROW_MES(size <= m_count, "Size sanity check failed");
       sa.reserve(size);
       //TODO: add some optimization here later
       while(size--)

contrib/epee/include/storages/portable_storage_val_converters.h

@@ -144,7 +144,7 @@ POP_WARNINGS
       {
         MTRACE("Converting std::string to uint64_t. Source: " << from);
         // String only contains digits
-        if(std::all_of(from.begin(), from.end(), ::isdigit))
+        if(std::all_of(from.begin(), from.end(), epee::misc_utils::parse::isdigit))
           to = boost::lexical_cast<uint64_t>(from);
         // MyMonero ISO 8061 timestamp (2017-05-06T16:27:06Z)
         else if (boost::regex_match (from, boost::regex("\\d{4}-[01]\\d-[0-3]\\dT[0-2]\\d:[0-5]\\d:[0-5]\\dZ")))

contrib/epee/include/string_tools.h

@@ -42,6 +42,8 @@
 #include <type_traits>
 #include <boost/lexical_cast.hpp>
 #include <boost/algorithm/string/predicate.hpp>
+#include "misc_log_ex.h"
+#include "storages/parserse_base_utils.h"
 #include "hex.h"
 #include "memwipe.h"
 #include "mlocker.h"
@@ -126,7 +128,7 @@ DISABLE_GCC_WARNING(maybe-uninitialized)
     {
       for (char c : str_id)
       {
-        if (!std::isdigit(c))
+        if (!epee::misc_utils::parse::isdigit(c))
           return false;
       }
     }
@@ -206,6 +208,15 @@ POP_WARNINGS
 		return boost::lexical_cast<std::string>(val);
 	}
 	//----------------------------------------------------------------------------
+	inline std::string to_string_hex(uint32_t val)
+	{
+		std::stringstream ss;
+		ss << std::hex << val;
+		std::string s;
+		ss >> s;
+		return s;
+	}
+	//----------------------------------------------------------------------------
 	
 	inline bool compare_no_case(const std::string& str1, const std::string& str2)
 	{

contrib/epee/include/wipeable_string.h

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018, The Monero Project
+// Copyright (c) 2017-2019, The Monero Project
 // 
 // All rights reserved.
 // 

contrib/epee/src/CMakeLists.txt

@@ -26,8 +26,9 @@
 # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-add_library(epee STATIC hex.cpp http_auth.cpp mlog.cpp net_utils_base.cpp string_tools.cpp wipeable_string.cpp memwipe.c
-    connection_basic.cpp network_throttle.cpp network_throttle-detail.cpp mlocker.cpp buffer.cpp)
+add_library(epee STATIC hex.cpp http_auth.cpp mlog.cpp net_helper.cpp net_utils_base.cpp string_tools.cpp wipeable_string.cpp memwipe.c
+    connection_basic.cpp network_throttle.cpp network_throttle-detail.cpp mlocker.cpp buffer.cpp net_ssl.cpp)
+
 if (USE_READLINE AND GNU_READLINE_FOUND)
   add_library(epee_readline STATIC readline_buffer.cpp)
 endif()

contrib/epee/src/buffer.cpp

@@ -64,7 +64,8 @@ void buffer::append(const void *data, size_t sz)
       size_t reserve = (((size() + sz) * 3 / 2) + 4095) & ~4095;
       new_storage.reserve(reserve);
       new_storage.resize(size());
-      memcpy(new_storage.data(), storage.data() + offset, storage.size() - offset);
+      if (size() > 0)
+        memcpy(new_storage.data(), storage.data() + offset, storage.size() - offset);
       offset = 0;
       std::swap(storage, new_storage);
     }

contrib/epee/src/connection_basic.cpp

@@ -47,8 +47,14 @@
 // TODO:
 #include "net/network_throttle-detail.hpp"
 
+#if BOOST_VERSION >= 107000
+#define GET_IO_SERVICE(s) ((boost::asio::io_context&)(s).get_executor().context())
+#else
+#define GET_IO_SERVICE(s) ((s).get_io_service())
+#endif
+
 #undef MONERO_DEFAULT_LOG_CATEGORY
-#define MONERO_DEFAULT_LOG_CATEGORY "net.p2p"
+#define MONERO_DEFAULT_LOG_CATEGORY "net.conn"
 
 // ################################################################################################
 // local (TU local) headers
@@ -59,6 +65,15 @@ namespace epee
 namespace net_utils
 {
 
+namespace
+{
+	boost::asio::ssl::context& get_context(connection_basic_shared_state* state)
+	{
+		CHECK_AND_ASSERT_THROW_MES(state != nullptr, "state shared_ptr cannot be null");
+		return state->ssl_context;
+	}
+}
+
   std::string to_string(t_connection_type type)
   {
 	  if (type == e_connection_type_NET)
@@ -103,7 +118,7 @@ namespace net_utils
 // connection_basic_pimpl
 // ================================================================================================
 	
-connection_basic_pimpl::connection_basic_pimpl(const std::string &name) : m_throttle(name) { }
+connection_basic_pimpl::connection_basic_pimpl(const std::string &name) : m_throttle(name), m_peer_number(0) { }
 
 // ================================================================================================
 // connection_basic
@@ -113,29 +128,58 @@ connection_basic_pimpl::connection_basic_pimpl(const std::string &name) : m_thro
 int connection_basic_pimpl::m_default_tos;
 
 // methods:
-connection_basic::connection_basic(boost::asio::io_service& io_service, std::atomic<long> &ref_sock_count, std::atomic<long> &sock_number)
-	: 
+connection_basic::connection_basic(boost::asio::ip::tcp::socket&& sock, boost::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support)
+	:
+	m_state(std::move(state)),
 	mI( new connection_basic_pimpl("peer") ),
-	strand_(io_service),
-	socket_(io_service),
-	m_want_close_connection(false), 
+	strand_(GET_IO_SERVICE(sock)),
+	socket_(GET_IO_SERVICE(sock), get_context(m_state.get())),
+	m_want_close_connection(false),
 	m_was_shutdown(false),
-	m_ref_sock_count(ref_sock_count)
-{ 
-	++ref_sock_count; // increase the global counter
-	mI->m_peer_number = sock_number.fetch_add(1); // use, and increase the generated number
+	m_ssl_support(ssl_support)
+{
+	// add nullptr checks if removed
+	assert(m_state != nullptr); // release runtime check in get_context
+
+        socket_.next_layer() = std::move(sock);
+
+	++(m_state->sock_count); // increase the global counter
+	mI->m_peer_number = m_state->sock_number.fetch_add(1); // use, and increase the generated number
 
 	std::string remote_addr_str = "?";
-	try { boost::system::error_code e; remote_addr_str = socket_.remote_endpoint(e).address().to_string(); } catch(...){} ;
+	try { boost::system::error_code e; remote_addr_str = socket().remote_endpoint(e).address().to_string(); } catch(...){} ;
 
-	_note("Spawned connection p2p#"<<mI->m_peer_number<<" to " << remote_addr_str << " currently we have sockets count:" << m_ref_sock_count);
+	_note("Spawned connection #"<<mI->m_peer_number<<" to " << remote_addr_str << " currently we have sockets count:" << m_state->sock_count);
+}
+
+connection_basic::connection_basic(boost::asio::io_service &io_service, boost::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support)
+	:
+	m_state(std::move(state)),
+	mI( new connection_basic_pimpl("peer") ),
+	strand_(io_service),
+	socket_(io_service, get_context(m_state.get())),
+	m_want_close_connection(false),
+	m_was_shutdown(false),
+	m_ssl_support(ssl_support)
+{
+	// add nullptr checks if removed
+	assert(m_state != nullptr); // release runtime check in get_context
+
+	++(m_state->sock_count); // increase the global counter
+	mI->m_peer_number = m_state->sock_number.fetch_add(1); // use, and increase the generated number
+
+	std::string remote_addr_str = "?";
+	try { boost::system::error_code e; remote_addr_str = socket().remote_endpoint(e).address().to_string(); } catch(...){} ;
+
+	_note("Spawned connection #"<<mI->m_peer_number<<" to " << remote_addr_str << " currently we have sockets count:" << m_state->sock_count);
 }
 
 connection_basic::~connection_basic() noexcept(false) {
+	--(m_state->sock_count);
+
 	std::string remote_addr_str = "?";
-	m_ref_sock_count--;
-	try { boost::system::error_code e; remote_addr_str = socket_.remote_endpoint(e).address().to_string(); } catch(...){} ;
-	_note("Destructing connection p2p#"<<mI->m_peer_number << " to " << remote_addr_str);
+	try { boost::system::error_code e; remote_addr_str = socket().remote_endpoint(e).address().to_string(); } catch(...){} ;
+	_note("Destructing connection #"<<mI->m_peer_number << " to " << remote_addr_str);
 }
 
 void connection_basic::set_rate_up_limit(uint64_t limit) {

contrib/epee/src/hex.cpp

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018, The Monero Project
+// Copyright (c) 2017-2019, The Monero Project
 //
 // All rights reserved.
 //
@@ -83,4 +83,67 @@ namespace epee
   {
     return write_hex(out, src);
   }
+
+  std::vector<uint8_t> from_hex::vector(boost::string_ref src)
+  {
+    // should we include a specific character
+    auto include = [](char input) {
+        // we ignore spaces and colons
+        return !std::isspace(input) && input != ':';
+    };
+
+    // the number of relevant characters to decode
+    auto count = std::count_if(src.begin(), src.end(), include);
+
+    // this must be a multiple of two, otherwise we have a truncated input
+    if (count % 2) {
+      throw std::length_error{ "Invalid hexadecimal input length" };
+    }
+
+    std::vector<uint8_t> result;
+    result.reserve(count / 2);
+
+    // the data to work with (std::string is always null-terminated)
+    auto data = src.data();
+
+    // convert a single hex character to an unsigned integer
+    auto char_to_int = [](const char *input) {
+      switch (std::tolower(*input)) {
+        case '0': return  0;
+        case '1': return  1;
+        case '2': return  2;
+        case '3': return  3;
+        case '4': return  4;
+        case '5': return  5;
+        case '6': return  6;
+        case '7': return  7;
+        case '8': return  8;
+        case '9': return  9;
+        case 'a': return 10;
+        case 'b': return 11;
+        case 'c': return 12;
+        case 'd': return 13;
+        case 'e': return 14;
+        case 'f': return 15;
+        default:  throw std::range_error{ "Invalid hexadecimal input" };
+      }
+    };
+
+    // keep going until we reach the end
+    while (data[0] != '\0') {
+      // skip unwanted characters
+      if (!include(data[0])) {
+        ++data;
+        continue;
+      }
+
+      // convert two matching characters to int
+      auto high = char_to_int(data++);
+      auto low  = char_to_int(data++);
+
+      result.push_back(high << 4 | low);
+    }
+
+    return result;
+  }
 }

contrib/epee/src/memwipe.c

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018, The Monero Project
+// Copyright (c) 2017-2019, The Monero Project
 // 
 // All rights reserved.
 // 

contrib/epee/src/mlog.cpp

@@ -100,7 +100,7 @@ static const char *get_default_categories(int level)
   switch (level)
   {
     case 0:
-      categories = "*:WARNING,net:FATAL,net.http:FATAL,net.p2p:FATAL,net.cn:FATAL,global:INFO,verify:FATAL,stacktrace:INFO,logging:INFO,msgwriter:INFO";
+      categories = "*:WARNING,net:FATAL,net.http:FATAL,net.ssl:FATAL,net.p2p:FATAL,net.cn:FATAL,global:INFO,verify:FATAL,serialization:FATAL,stacktrace:INFO,logging:INFO,msgwriter:INFO";
       break;
     case 1:
       categories = "*:INFO,global:INFO,stacktrace:INFO,logging:INFO,msgwriter:INFO,perf.*:DEBUG";

contrib/epee/src/net_helper.cpp

@@ -0,0 +1,54 @@
+#include "net/net_helper.h"
+
+namespace epee
+{
+namespace net_utils
+{
+	boost::unique_future<boost::asio::ip::tcp::socket>
+	direct_connect::operator()(const std::string& addr, const std::string& port, boost::asio::steady_timer& timeout) const
+	{
+		// Get a list of endpoints corresponding to the server name.
+		//////////////////////////////////////////////////////////////////////////
+		boost::asio::ip::tcp::resolver resolver(GET_IO_SERVICE(timeout));
+		boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), addr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+		boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);
+		boost::asio::ip::tcp::resolver::iterator end;
+		if(iterator == end) // Documentation states that successful call is guaranteed to be non-empty
+			throw boost::system::system_error{boost::asio::error::fault, "Failed to resolve " + addr};
+
+		//////////////////////////////////////////////////////////////////////////
+
+		struct new_connection
+		{
+			boost::promise<boost::asio::ip::tcp::socket> result_;
+			boost::asio::ip::tcp::socket socket_;
+
+			explicit new_connection(boost::asio::io_service& io_service)
+			  : result_(), socket_(io_service)
+			{}
+		};
+
+		const auto shared = std::make_shared<new_connection>(GET_IO_SERVICE(timeout));
+		timeout.async_wait([shared] (boost::system::error_code error)
+		{
+			if (error != boost::system::errc::operation_canceled && shared && shared->socket_.is_open())
+			{
+				shared->socket_.shutdown(boost::asio::ip::tcp::socket::shutdown_both);
+				shared->socket_.close();
+			}
+		});
+		shared->socket_.async_connect(*iterator, [shared] (boost::system::error_code error)
+		{
+			if (shared)
+			{
+				if (error)
+					shared->result_.set_exception(boost::system::system_error{error});
+				else
+					shared->result_.set_value(std::move(shared->socket_));
+			}
+		});
+		return shared->result_.get_future();
+	}
+}
+}
+

contrib/epee/src/net_ssl.cpp

@@ -0,0 +1,531 @@
+// Copyright (c) 2018, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <string.h>
+#include <boost/asio/ssl.hpp>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
+#include "misc_log_ex.h"
+#include "net/net_ssl.h"
+
+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "net.ssl"
+
+// openssl genrsa -out /tmp/KEY 4096
+// openssl req -new -key /tmp/KEY -out /tmp/REQ
+// openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
+
+namespace
+{
+  struct openssl_bio_free
+  {
+    void operator()(BIO* ptr) const noexcept
+    {
+      BIO_free(ptr);
+    }
+  };
+  using openssl_bio = std::unique_ptr<BIO, openssl_bio_free>;
+
+  struct openssl_pkey_free
+  {
+    void operator()(EVP_PKEY* ptr) const noexcept
+    {
+      EVP_PKEY_free(ptr);
+    }
+  };
+  using openssl_pkey = std::unique_ptr<EVP_PKEY, openssl_pkey_free>;
+
+  struct openssl_rsa_free
+  {
+    void operator()(RSA* ptr) const noexcept
+    {
+      RSA_free(ptr);
+    }
+  };
+  using openssl_rsa = std::unique_ptr<RSA, openssl_rsa_free>;
+
+  struct openssl_bignum_free
+  {
+    void operator()(BIGNUM* ptr) const noexcept
+    {
+      BN_free(ptr);
+    }
+  };
+  using openssl_bignum = std::unique_ptr<BIGNUM, openssl_bignum_free>;
+
+  struct openssl_ec_key_free
+  {
+    void operator()(EC_KEY* ptr) const noexcept
+    {
+      EC_KEY_free(ptr);
+    }
+  };
+  using openssl_ec_key = std::unique_ptr<EC_KEY, openssl_ec_key_free>;
+
+  struct openssl_group_free
+  {
+    void operator()(EC_GROUP* ptr) const noexcept
+    {
+      EC_GROUP_free(ptr);
+    }
+  };
+  using openssl_group = std::unique_ptr<EC_GROUP, openssl_group_free>;
+
+  boost::system::error_code load_ca_file(boost::asio::ssl::context& ctx, const std::string& path)
+  {
+    SSL_CTX* const ssl_ctx = ctx.native_handle(); // could be moved from context
+    if (ssl_ctx == nullptr)
+      return {boost::asio::error::invalid_argument};
+
+    if (!SSL_CTX_load_verify_locations(ssl_ctx, path.c_str(), nullptr))
+    {
+      return boost::system::error_code{
+        int(::ERR_get_error()), boost::asio::error::get_ssl_category()
+      };
+    }
+    return boost::system::error_code{};
+  }
+}
+
+namespace epee
+{
+namespace net_utils
+{
+
+
+// https://stackoverflow.com/questions/256405/programmatically-create-x509-certificate-using-openssl
+bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)
+{
+  MGINFO("Generating SSL certificate");
+  pkey = EVP_PKEY_new();
+  if (!pkey)
+  {
+    MERROR("Failed to create new private key");
+    return false;
+  }
+
+  openssl_pkey pkey_deleter{pkey};
+  openssl_rsa rsa{RSA_new()};
+  if (!rsa)
+  {
+    MERROR("Error allocating RSA private key");
+    return false;
+  }
+
+  openssl_bignum exponent{BN_new()};
+  if (!exponent)
+  {
+    MERROR("Error allocating exponent");
+    return false;
+  }
+
+  BN_set_word(exponent.get(), RSA_F4);
+
+  if (RSA_generate_key_ex(rsa.get(), 4096, exponent.get(), nullptr) != 1)
+  {
+    MERROR("Error generating RSA private key");
+    return false;
+  }
+
+  if (EVP_PKEY_assign_RSA(pkey, rsa.get()) <= 0)
+  {
+    MERROR("Error assigning RSA private key");
+    return false;
+  }
+
+  // the RSA key is now managed by the EVP_PKEY structure
+  (void)rsa.release();
+
+  cert = X509_new();
+  if (!cert)
+  {
+    MERROR("Failed to create new X509 certificate");
+    return false;
+  }
+  ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
+  X509_gmtime_adj(X509_get_notBefore(cert), 0);
+  X509_gmtime_adj(X509_get_notAfter(cert), 3600 * 24 * 182); // half a year
+  if (!X509_set_pubkey(cert, pkey))
+  {
+    MERROR("Error setting pubkey on certificate");
+    X509_free(cert);
+    return false;
+  }
+  X509_NAME *name = X509_get_subject_name(cert);
+  X509_set_issuer_name(cert, name);
+
+  if (X509_sign(cert, pkey, EVP_sha256()) == 0)
+  {
+    MERROR("Error signing certificate");
+    X509_free(cert);
+    return false;
+  }
+  (void)pkey_deleter.release();
+  return true;
+}
+
+bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert, int type)
+{
+  MGINFO("Generating SSL certificate");
+  pkey = EVP_PKEY_new();
+  if (!pkey)
+  {
+    MERROR("Failed to create new private key");
+    return false;
+  }
+
+  openssl_pkey pkey_deleter{pkey};
+  openssl_ec_key ec_key{EC_KEY_new()};
+  if (!ec_key)
+  {
+    MERROR("Error allocating EC private key");
+    return false;
+  }
+
+  EC_GROUP *group = EC_GROUP_new_by_curve_name(type);
+  if (!group)
+  {
+    MERROR("Error getting EC group " << type);
+    return false;
+  }
+  openssl_group group_deleter{group};
+
+  EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); 
+  EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
+
+  if (!EC_GROUP_check(group, NULL))
+  {
+    MERROR("Group failed check: " << ERR_reason_error_string(ERR_get_error()));
+    return false;
+  }
+  if (EC_KEY_set_group(ec_key.get(), group) != 1)
+  {
+    MERROR("Error setting EC group");
+    return false;
+  }
+  if (EC_KEY_generate_key(ec_key.get()) != 1)
+  {
+    MERROR("Error generating EC private key");
+    return false;
+  }
+  if (EVP_PKEY_assign_EC_KEY(pkey, ec_key.get()) <= 0)
+  {
+    MERROR("Error assigning EC private key");
+    return false;
+  }
+
+  // the key is now managed by the EVP_PKEY structure
+  (void)ec_key.release();
+
+  cert = X509_new();
+  if (!cert)
+  {
+    MERROR("Failed to create new X509 certificate");
+    return false;
+  }
+  ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
+  X509_gmtime_adj(X509_get_notBefore(cert), 0);
+  X509_gmtime_adj(X509_get_notAfter(cert), 3600 * 24 * 182); // half a year
+  if (!X509_set_pubkey(cert, pkey))
+  {
+    MERROR("Error setting pubkey on certificate");
+    X509_free(cert);
+    return false;
+  }
+  X509_NAME *name = X509_get_subject_name(cert);
+  X509_set_issuer_name(cert, name);
+
+  if (X509_sign(cert, pkey, EVP_sha256()) == 0)
+  {
+    MERROR("Error signing certificate");
+    X509_free(cert);
+    return false;
+  }
+  (void)pkey_deleter.release();
+  return true;
+}
+
+ssl_options_t::ssl_options_t(std::vector<std::vector<std::uint8_t>> fingerprints, std::string ca_path)
+  : fingerprints_(std::move(fingerprints)),
+    ca_path(std::move(ca_path)),
+    auth(),
+    support(ssl_support_t::e_ssl_support_enabled),
+    verification(ssl_verification_t::user_certificates)
+{
+  std::sort(fingerprints_.begin(), fingerprints_.end());
+}
+
+boost::asio::ssl::context ssl_options_t::create_context() const
+{
+  boost::asio::ssl::context ssl_context{boost::asio::ssl::context::tlsv12};
+  if (!bool(*this))
+    return ssl_context;
+
+  // only allow tls v1.2 and up
+  ssl_context.set_options(boost::asio::ssl::context::default_workarounds);
+  ssl_context.set_options(boost::asio::ssl::context::no_sslv2);
+  ssl_context.set_options(boost::asio::ssl::context::no_sslv3);
+  ssl_context.set_options(boost::asio::ssl::context::no_tlsv1);
+  ssl_context.set_options(boost::asio::ssl::context::no_tlsv1_1);
+
+  // only allow a select handful of tls v1.3 and v1.2 ciphers to be used
+  SSL_CTX_set_cipher_list(ssl_context.native_handle(), "ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256");
+
+  // set options on the SSL context for added security
+  SSL_CTX *ctx = ssl_context.native_handle();
+  CHECK_AND_ASSERT_THROW_MES(ctx, "Failed to get SSL context");
+  SSL_CTX_clear_options(ctx, SSL_OP_LEGACY_SERVER_CONNECT); // SSL_CTX_SET_OPTIONS(3)
+  SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); // https://stackoverflow.com/questions/22378442
+#ifdef SSL_OP_NO_TICKET
+  SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); // https://stackoverflow.com/questions/22378442
+#endif
+#ifdef SSL_OP_NO_RENEGOTIATION
+  SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
+#endif
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+  SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
+  SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
+#endif
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+  SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+#endif
+  SSL_CTX_set_ecdh_auto(ctx, 1);
+
+  switch (verification)
+  {
+    case ssl_verification_t::system_ca:
+      ssl_context.set_default_verify_paths();
+      break;
+    case ssl_verification_t::user_certificates:
+      ssl_context.set_verify_depth(0);
+      /* fallthrough */
+    case ssl_verification_t::user_ca:
+      if (!ca_path.empty())
+      {
+        const boost::system::error_code err = load_ca_file(ssl_context, ca_path);
+        if (err)
+          throw boost::system::system_error{err, "Failed to load user CA file at " + ca_path};
+      }
+      break;
+    default:
+      break;
+  }
+
+  CHECK_AND_ASSERT_THROW_MES(auth.private_key_path.empty() == auth.certificate_path.empty(), "private key and certificate must be either both given or both empty");
+  if (auth.private_key_path.empty())
+  {
+    EVP_PKEY *pkey;
+    X509 *cert;
+    bool ok = false;
+
+#ifdef USE_EXTRA_EC_CERT
+    CHECK_AND_ASSERT_THROW_MES(create_ec_ssl_certificate(pkey, cert, NID_secp256k1), "Failed to create certificate");
+    CHECK_AND_ASSERT_THROW_MES(SSL_CTX_use_certificate(ctx, cert), "Failed to use generated certificate");
+    if (!SSL_CTX_use_PrivateKey(ctx, pkey))
+      MERROR("Failed to use generated EC private key for " << NID_secp256k1);
+    else
+      ok = true;
+    X509_free(cert);
+    EVP_PKEY_free(pkey);
+#endif
+
+    CHECK_AND_ASSERT_THROW_MES(create_rsa_ssl_certificate(pkey, cert), "Failed to create certificate");
+    CHECK_AND_ASSERT_THROW_MES(SSL_CTX_use_certificate(ctx, cert), "Failed to use generated certificate");
+    if (!SSL_CTX_use_PrivateKey(ctx, pkey))
+      MERROR("Failed to use generated RSA private key for RSA");
+    else
+      ok = true;
+    X509_free(cert);
+    EVP_PKEY_free(pkey);
+
+    CHECK_AND_ASSERT_THROW_MES(ok, "Failed to use any generated certificate");
+  }
+  else
+    auth.use_ssl_certificate(ssl_context);
+
+  return ssl_context;
+}
+
+void ssl_authentication_t::use_ssl_certificate(boost::asio::ssl::context &ssl_context) const
+{
+  ssl_context.use_private_key_file(private_key_path, boost::asio::ssl::context::pem);
+  ssl_context.use_certificate_chain_file(certificate_path);
+}
+
+bool is_ssl(const unsigned char *data, size_t len)
+{
+  if (len < get_ssl_magic_size())
+    return false;
+
+  // https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification
+  MDEBUG("SSL detection buffer, " << len << " bytes: "
+    << (unsigned)(unsigned char)data[0] << " " << (unsigned)(unsigned char)data[1] << " "
+    << (unsigned)(unsigned char)data[2] << " " << (unsigned)(unsigned char)data[3] << " "
+    << (unsigned)(unsigned char)data[4] << " " << (unsigned)(unsigned char)data[5] << " "
+    << (unsigned)(unsigned char)data[6] << " " << (unsigned)(unsigned char)data[7] << " "
+    << (unsigned)(unsigned char)data[8]);
+  if (data[0] == 0x16) // record
+  if (data[1] == 3) // major version
+  if (data[5] == 1) // ClientHello
+  if (data[6] == 0 && data[3]*256 + data[4] == data[7]*256 + data[8] + 4) // length check
+    return true;
+  return false;
+}
+
+bool ssl_options_t::has_strong_verification(boost::string_ref host) const noexcept
+{
+  // onion and i2p addresses contain information about the server cert
+  // which both authenticates and encrypts
+  if (host.ends_with(".onion") || host.ends_with(".i2p"))
+    return true;
+  switch (verification)
+  {
+    default:
+    case ssl_verification_t::none:
+    case ssl_verification_t::system_ca:
+      return false;
+    case ssl_verification_t::user_certificates:
+    case ssl_verification_t::user_ca:
+      break;
+  }
+  return true;
+}
+
+bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
+{
+  // can we check the certificate against a list of fingerprints?
+  if (!fingerprints_.empty()) {
+    X509_STORE_CTX *sctx = ctx.native_handle();
+    if (!sctx)
+    {
+      MERROR("Error getting verify_context handle");
+      return false;
+    }
+
+    X509* cert = nullptr;
+    const STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(sctx);
+    if (!chain || sk_X509_num(chain) < 1 || !(cert = sk_X509_value(chain, 0)))
+    {
+      MERROR("No certificate found in verify_context");
+      return false;
+    }
+
+    // buffer for the certificate digest and the size of the result
+    std::vector<uint8_t> digest(EVP_MAX_MD_SIZE);
+    unsigned int size{ 0 };
+
+    // create the digest from the certificate
+    if (!X509_digest(cert, EVP_sha256(), digest.data(), &size)) {
+      MERROR("Failed to create certificate fingerprint");
+      return false;
+    }
+
+    // strip unnecessary bytes from the digest
+    digest.resize(size);
+
+    return std::binary_search(fingerprints_.begin(), fingerprints_.end(), digest);
+  }
+
+  return false;
+}
+
+bool ssl_options_t::handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string& host) const
+{
+  socket.next_layer().set_option(boost::asio::ip::tcp::no_delay(true));
+
+  /* Using system-wide CA store for client verification is funky - there is
+     no expected hostname for server to verify against. If server doesn't have
+     specific whitelisted certificates for client, don't require client to
+     send certificate at all. */
+  const bool no_verification = verification == ssl_verification_t::none ||
+    (type == boost::asio::ssl::stream_base::server && fingerprints_.empty() && ca_path.empty());
+
+  /* According to OpenSSL documentation (and SSL specifications), server must
+     always send certificate unless "anonymous" cipher mode is used which are
+     disabled by default. Either way, the certificate is never inspected. */
+  if (no_verification)
+    socket.set_verify_mode(boost::asio::ssl::verify_none);
+  else
+  {
+    socket.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);
+
+    // in case server is doing "virtual" domains, set hostname
+    SSL* const ssl_ctx = socket.native_handle();
+    if (type == boost::asio::ssl::stream_base::client && !host.empty() && ssl_ctx)
+      SSL_set_tlsext_host_name(ssl_ctx, host.c_str());
+
+    socket.set_verify_callback([&](const bool preverified, boost::asio::ssl::verify_context &ctx)
+    {
+      // preverified means it passed system or user CA check. System CA is never loaded
+      // when fingerprints are whitelisted.
+      const bool verified = preverified &&
+        (verification != ssl_verification_t::system_ca || host.empty() || boost::asio::ssl::rfc2818_verification(host)(preverified, ctx));
+
+      if (!verified && !has_fingerprint(ctx))
+      {
+        // autodetect will reconnect without SSL - warn and keep connection encrypted
+        if (support != ssl_support_t::e_ssl_support_autodetect)
+        {
+          MERROR("SSL certificate is not in the allowed list, connection droppped");
+          return false;
+        }
+        MWARNING("SSL peer has not been verified");
+      }
+      return true;
+    });
+  }
+
+  boost::system::error_code ec;
+  socket.handshake(type, ec);
+  if (ec)
+  {
+    MERROR("SSL handshake failed, connection dropped: " << ec.message());
+    return false;
+  }
+  MDEBUG("SSL handshake success");
+  return true;
+}
+
+bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s)
+{
+  if (s == "enabled")
+    ssl = epee::net_utils::ssl_support_t::e_ssl_support_enabled;
+  else if (s == "disabled")
+    ssl = epee::net_utils::ssl_support_t::e_ssl_support_disabled;
+  else if (s == "autodetect")
+    ssl = epee::net_utils::ssl_support_t::e_ssl_support_autodetect;
+  else
+    return false;
+  return true;
+}
+
+} // namespace
+} // namespace
+

contrib/epee/src/net_utils_base.cpp

@@ -8,8 +8,6 @@
 
 namespace epee { namespace net_utils
 {
-	const uint8_t ipv4_network_address::ID;
-
 	bool ipv4_network_address::equal(const ipv4_network_address& other) const noexcept
 	{ return is_same_host(other) && port() == other.port(); }
 
@@ -58,20 +56,6 @@ namespace epee { namespace net_utils
 		return self_->is_same_host(*other_self);
 	}
 
-	bool create_network_address(network_address &address, const std::string &string, uint16_t default_port)
-	{
-		uint32_t ip;
-		uint16_t port;
-		if (epee::string_tools::parse_peer_from_string(ip, port, string))
-		{
-			if (default_port && !port)
-				port = default_port;
-			address = ipv4_network_address{ip, port};
-			return true;
-		}
-		return false;
-	}
-
   std::string print_connection_context(const connection_context_base& ctx)
   {
     std::stringstream ss;
@@ -86,5 +70,31 @@ namespace epee { namespace net_utils
     return ss.str();
   }
 
+  const char* zone_to_string(zone value) noexcept
+  {
+    switch (value)
+    {
+    case zone::public_:
+      return "public";
+    case zone::i2p:
+      return "i2p";
+    case zone::tor:
+      return "tor";
+    default:
+      break;
+    }
+    return "invalid";
+  }
+
+  zone zone_from_string(const boost::string_ref value) noexcept
+  {
+    if (value == "public")
+      return zone::public_;
+    if (value == "i2p")
+      return zone::i2p;
+    if (value == "tor")
+      return zone::tor;
+    return zone::invalid;
+  }
 }}
 

contrib/epee/src/network_throttle-detail.cpp

@@ -135,6 +135,9 @@ network_throttle::network_throttle(const std::string &nameshort, const std::stri
 	m_slot_size = 1.0; // hard coded in few places
 	m_target_speed = 16 * 1024; // other defaults are probably defined in the command-line parsing code when this class is used e.g. as main global throttle
 	m_last_sample_time = 0;
+	m_history.resize(m_window_size);
+	m_total_packets = 0;
+	m_total_bytes = 0;
 }
 
 void network_throttle::set_name(const std::string &name) 
@@ -168,8 +171,7 @@ void network_throttle::tick()
 	{
 		_dbg3("Moving counter buffer by 1 second " << last_sample_time_slot << " < " << current_sample_time_slot << " (last time " << m_last_sample_time<<")");
 		// rotate buffer 
-		for (size_t i=m_history.size()-1; i>=1; --i) m_history[i] = m_history[i-1];
-		m_history[0] = packet_info();
+		m_history.push_front(packet_info());
 		if (! m_any_packet_yet) 
 		{
 			m_last_sample_time = time_now;	
@@ -191,7 +193,9 @@ void network_throttle::_handle_trafic_exact(size_t packet_size, size_t orginal_s
 
 	calculate_times_struct cts ;  calculate_times(packet_size, cts , false, -1);
 	calculate_times_struct cts2;  calculate_times(packet_size, cts2, false, 5);
-	m_history[0].m_size += packet_size;
+	m_history.front().m_size += packet_size;
+	m_total_packets++;
+	m_total_bytes += packet_size;
 
 	std::ostringstream oss; oss << "["; 	for (auto sample: m_history) oss << sample.m_size << " ";	 oss << "]" << std::ends;
 	std::string history_str = oss.str();
@@ -352,6 +356,12 @@ double network_throttle::get_current_speed() const {
 	return bytes_transferred / ((m_history.size() - 1) * m_slot_size);
 }
 
+void network_throttle::get_stats(uint64_t &total_packets, uint64_t &total_bytes) const {
+	total_packets = m_total_packets;
+	total_bytes = m_total_bytes;
+}
+
+
 } // namespace
 } // namespace
 

contrib/epee/src/wipeable_string.cpp

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018, The Monero Project
+// Copyright (c) 2017-2019, The Monero Project
 // 
 // All rights reserved.
 // 
@@ -62,13 +62,15 @@ wipeable_string::wipeable_string(wipeable_string &&other)
 wipeable_string::wipeable_string(const std::string &other)
 {
   grow(other.size());
-  memcpy(buffer.data(), other.c_str(), size());
+  if (size() > 0)
+    memcpy(buffer.data(), other.c_str(), size());
 }
 
 wipeable_string::wipeable_string(std::string &&other)
 {
   grow(other.size());
-  memcpy(buffer.data(), other.c_str(), size());
+  if (size() > 0)
+    memcpy(buffer.data(), other.c_str(), size());
   if (!other.empty())
   {
     memwipe(&other[0], other.size()); // we're kinda left with this again aren't we
@@ -79,7 +81,8 @@ wipeable_string::wipeable_string(std::string &&other)
 wipeable_string::wipeable_string(const char *s)
 {
   grow(strlen(s));
-  memcpy(buffer.data(), s, size());
+  if (size() > 0)
+    memcpy(buffer.data(), s, size());
 }
 
 wipeable_string::wipeable_string(const char *s, size_t len)
@@ -112,14 +115,18 @@ void wipeable_string::grow(size_t sz, size_t reserved)
   }
   size_t old_sz = buffer.size();
   std::unique_ptr<char[]> tmp{new char[old_sz]};
-  memcpy(tmp.get(), buffer.data(), old_sz * sizeof(char));
   if (old_sz > 0)
+  {
+    memcpy(tmp.get(), buffer.data(), old_sz * sizeof(char));
     memwipe(buffer.data(), old_sz * sizeof(char));
+  }
   buffer.reserve(reserved);
   buffer.resize(sz);
-  memcpy(buffer.data(), tmp.get(), old_sz * sizeof(char));
   if (old_sz > 0)
+  {
+    memcpy(buffer.data(), tmp.get(), old_sz * sizeof(char));
     memwipe(tmp.get(), old_sz * sizeof(char));
+  }
 }
 
 void wipeable_string::push_back(char c)

contrib/epee/tests/src/net/test_net.h

@@ -62,7 +62,7 @@ namespace tests
   {
     const static int ID = 1000;
 
-    struct request
+    struct request_t
     {		
 
       std::string example_string_data;
@@ -75,9 +75,9 @@ namespace tests
         SERIALIZE_T(sub)
       END_NAMED_SERIALIZE_MAP()
     };
+    typedef epee::misc_utils::struct_init<request_t> request;
 
-
-    struct response
+    struct response_t
     {
       bool 	 m_success; 
       uint64_t example_id_data;
@@ -89,13 +89,14 @@ namespace tests
         SERIALIZE_STL_CONTAINER_T(subs)
       END_NAMED_SERIALIZE_MAP()
     };
+    typedef epee::misc_utils::struct_init<response_t> response;
   };
 
   struct COMMAND_EXAMPLE_2
   {
     const static int ID = 1001;
 
-    struct request
+    struct request_t
     {		
       std::string example_string_data2;
       uint64_t example_id_data;
@@ -105,8 +106,9 @@ namespace tests
         SERIALIZE_STL_ANSI_STRING(example_string_data2)
       END_NAMED_SERIALIZE_MAP()
     };
+    typedef epee::misc_utils::struct_init<request_t> request;
 
-    struct response
+    struct response_t
     {
       bool m_success; 
       uint64_t example_id_data;
@@ -116,6 +118,7 @@ namespace tests
         SERIALIZE_POD(m_success)
       END_NAMED_SERIALIZE_MAP()
     };
+    typedef epee::misc_utils::struct_init<response_t> response;
   };
   typedef boost::uuids::uuid uuid;
 

contrib/gitian/README.md

@@ -1,7 +1,7 @@
 Gitian building
 ================
 
-*Setup instructions for a Gitian build of Monero using a VM or physical system.*
+*Setup instructions for a Gitian build of Monero.*
 
 Gitian is the deterministic build process that is used to build the Monero CLI
 executables. It provides a way to be reasonably sure that the
@@ -13,6 +13,10 @@ Multiple developers build the source code by following a specific descriptor
 These results are compared and only if they match, the build is accepted and provided
 for download.
 
+Gitian runs compilation steps in an isolated container. It is flexible and gives you full
+control over the build environment, while still ensuring reproducibility and consistent output
+formats.
+
 More independent Gitian builders are needed, which is why this guide exists.
 It is preferred you follow these steps yourself instead of using someone else's
 VM image to avoid 'contaminating' the build.
@@ -22,11 +26,17 @@ Preparing the Gitian builder host
 
 The first step is to prepare the host environment that will be used to perform the Gitian builds.
 This guide explains how to set up the environment, and how to start the builds.
+Gitian offers to build with either `kvm`, `docker` or `lxc`. The default build
+path chosen is `lxc`, but its setup is more complicated. You need to be logged in as the `gitianuser`. 
+If this user does not exist yet on your system, create it. Gitian can use
+either kvm, lxc or docker as a host environment. This documentation will show
+how to build with lxc and docker. While the docker setup is easy, the lxc setup
+is more involved.
 
-Gitian builds are for now executed on Ubuntu 18.04 "Bionic Beaver". A solution is being worked on to run 
-it in docker in the future. Please run Ubuntu in either a VM, or on your physical machine.
-You need to be logged in as the `gitianuser` in order to build gitian builds. If this user does not exist yet on your system, 
-create it. 
+LXC
+---
+
+LXC builds should be run on Ubuntu 18.04 "Bionic Beaver".
 
 Note that a version of `lxc-execute` higher or equal to 2.1.1 is required.
 You can check the version with `lxc-execute --version`.
@@ -63,15 +73,28 @@ reboot
 
 This setup is required to enable networking in the container.
 
+Docker
+------
+
+Building in docker does not require much setup. Install docker on your host, then type the following:
+
+```bash
+sudo apt-get install git make curl
+sudo usermod -aG docker gitianuser
+```
+
 
 Manual and Building
 -------------------
-The instructions below use the automated script [gitian-build.py](https://github.com/betcoin/bitcoin/blob/master/contrib/gitian-build.py) which only works in Ubuntu. 
-It calls all available descriptors. Help for the build steps taken can be accessed with `./gitian-build.py --help`.
+
+The instructions below use the automated script [gitian-build.py](gitian-build.py) which only works in Ubuntu. 
+It calls all available .yml descriptors, which in turn pass the build configurations for different platforms to gitian.
+Help for the build steps taken can be accessed with `./gitian-build.py --help`.
 
 Initial Gitian Setup
 --------------------
-The `gitian-build.py` script will checkout different release tags, so it's best to copy it:
+
+The `gitian-build.py` script will checkout different release tags, so it's best to copy it to the top level directory:
 
 ```bash
 cp monero/contrib/gitian/gitian-build.py .
@@ -79,11 +102,16 @@ cp monero/contrib/gitian/gitian-build.py .
 
 Setup the required environment, you only need to do this once:
 
-```
+```bash
 ./gitian-build.py --setup fluffypony v0.14.0
 ```
 
-Where `fluffypony` is your Github name and `v0.14.0` is the version tag you want to build.
+Where `fluffypony` is your Github name and `v0.14.0` is the version tag you want to build. 
+If you are using docker, run it with:
+
+```bash
+./gitian-build.py --setup --docker fluffypony v0.14.0
+```
 
 While gitian and this build script does provide a way for you to sign the build directly, it is recommended to sign in a seperate step. 
 This script is only there for convenience. Seperate steps for building can still be taken.
@@ -91,16 +119,18 @@ In order to sign gitian builds on your host machine, which has your PGP key,
 fork the gitian.sigs repository and clone it on your host machine, 
 or pass the signed assert file back to your build machine.
 
-```
+```bash
 git clone git@github.com:monero-project/gitian.sigs.git
 git remote add fluffypony git@github.com:fluffypony/gitian.sigs.git
 ```
 
 Build Binaries
 -----------------------------
-To build the most recent tag:
+To build the most recent tag (pass in `--docker` after setting up with docker):
 
- `./gitian-build.py --detach-sign --no-commit -b fluffypony v0.14.0`
+```bash
+./gitian-build.py --detach-sign --no-commit -b fluffypony v0.14.0
+```
 
 To speed up the build, use `-j 5 -m 5000` as the first arguments, where `5` is the number of CPU's you allocated to the VM plus one, and 5000 is a little bit less than then the MB's of RAM you allocated. If there is memory corruption on your machine, try to tweak these values.
 
@@ -108,7 +138,7 @@ If all went well, this produces a number of (uncommited) `.assert` files in the
 
 If you do detached, offline signing, you need to copy these uncommited changes to your host machine, where you can sign them. For example:
 
-```
+```bash
 export NAME=fluffypony
 export VERSION=v0.14.0
 gpg --output $VERSION-linux/$NAME/monero-linux-$VERSION-build.assert.sig --detach-sign $VERSION-linux/$NAME/monero-linux-$VERSION-build.assert
@@ -119,15 +149,31 @@ gpg --output $VERSION-win-unsigned/$NAME/monero-win-$VERSION-build.assert.sig --
 Make a pull request (both the `.assert` and `.assert.sig` files) to the
 [monero-project/gitian.sigs](https://github.com/monero-project/gitian.sigs/) repository:
 
-```
+```bash
 git checkout -b v0.14.0
 git commit -S -a -m "Add $NAME v0.14.0"
 git push --set-upstream $NAME v0.14.0
 ```
 
 ```bash
-    gpg --detach-sign ${VERSION}-linux/${SIGNER}/monero-linux-*-build.assert
-    gpg --detach-sign ${VERSION}-win-unsigned/${SIGNER}/monero-win-*-build.assert
-    gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/monero-osx-*-build.assert
+gpg --detach-sign ${VERSION}-linux/${SIGNER}/monero-linux-*-build.assert
+gpg --detach-sign ${VERSION}-win-unsigned/${SIGNER}/monero-win-*-build.assert
+gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/monero-osx-*-build.assert
+```
+
+More Build Options
+------------------
+
+You can choose your own remote and commit hash by running for example:
+```bash
+./gitian-build.py --detach-sign --no-commit --url https://github.com/moneromooo-monero/bitmonero -b moneromooo 1f5680c8db8f4cc7acc04a04c724b832003440fd
+```
+
+Note that you won't be able to build commits authored before the gitian scripts
+were added. Gitian clones the source files from the given url, be sure to push
+to the remote you provide before building.
+To get all build options run:
+```bash
+./gitian-build.py --help
 ```
 

contrib/gitian/gitian-build.py

@@ -116,7 +116,7 @@ def main():
     parser.add_argument('-D', '--detach-sign', action='store_true', dest='detach_sign', help='Create the assert file for detached signing. Will not commit anything.')
     parser.add_argument('-n', '--no-commit', action='store_false', dest='commit_files', help='Do not commit anything to git')
     parser.add_argument('signer', help='GPG signer to sign each build assert file')
-    parser.add_argument('version', help='Version number, commit, or branch to build. If building a commit or branch, the -c option must be specified')
+    parser.add_argument('version', help='Version number, commit, or branch to build.')
 
     args = parser.parse_args()
     workdir = os.getcwd()

contrib/gitian/gitian-linux.yml

@@ -129,6 +129,7 @@ script: |
   chmod +x ${WRAP_DIR}/${prog}
   done
 
+  git config --global core.abbrev 9
   cd monero
   BASEPREFIX=`pwd`/contrib/depends
   # Build dependencies for each host
@@ -137,7 +138,7 @@ script: |
     if [ -d "$EXTRA_INCLUDES" ]; then
       export HOST_ID_SALT="$EXTRA_INCLUDES"
     fi
-    make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" -j 4 V=1
+    make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" V=1
     unset HOST_ID_SALT
   done
 
@@ -153,7 +154,7 @@ script: |
     export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
     mkdir build && cd build
     cmake .. -DCMAKE_TOOLCHAIN_FILE=${BASEPREFIX}/${i}/share/toolchain.cmake -DBACKCOMPAT=ON
-    make
+    make ${MAKEOPTS}
     DISTNAME=monero-${i}
     mv bin ${DISTNAME}
     find ${DISTNAME}/ | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}.tar.gz

contrib/gitian/gitian-osx.yml

@@ -12,21 +12,17 @@ packages:
 - "git"
 - "pkg-config"
 - "autoconf"
-- "librsvg2-bin"
-- "libtiff-tools"
 - "libtool"
 - "automake"
 - "faketime"
 - "bsdmainutils"
 - "cmake"
-- "imagemagick"
 - "libcap-dev"
 - "libz-dev"
 - "libbz2-dev"
 - "python"
 - "python-dev"
 - "python-setuptools"
-- "fonts-tuffy"
 remotes:
 - "url": "https://github.com/monero-project/monero.git"
   "dir": "monero"
@@ -81,6 +77,7 @@ script: |
   create_per-host_faketime_wrappers "2000-01-01 12:00:00"
   export PATH=${WRAP_DIR}:${PATH}
 
+  git config --global core.abbrev 9
   cd monero
   BASEPREFIX=`pwd`/contrib/depends
 
@@ -104,7 +101,7 @@ script: |
     export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
     mkdir build && cd build
     cmake .. -DCMAKE_TOOLCHAIN_FILE=${BASEPREFIX}/${i}/share/toolchain.cmake
-    make
+    make ${MAKEOPTS}
     DISTNAME=monero-${i}
     mv bin ${DISTNAME}
     find ${DISTNAME}/ | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}.tar.gz

contrib/gitian/gitian-win.yml

@@ -100,6 +100,7 @@ script: |
   create_per-host_linker_wrapper "2000-01-01 12:00:00"
   export PATH=${WRAP_DIR}:${PATH}
 
+  git config --global core.abbrev 9
   cd monero
   BASEPREFIX=`pwd`/contrib/depends
   # Build dependencies for each host
@@ -108,7 +109,7 @@ script: |
     if [ -d "$EXTRA_INCLUDES" ]; then
       export HOST_ID_SALT="$EXTRA_INCLUDES"
     fi
-    make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" -j 4 V=1
+    make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" V=1
     unset HOST_ID_SALT
   done
 
@@ -125,7 +126,7 @@ script: |
     export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
     mkdir build && cd build
     cmake .. -DCMAKE_TOOLCHAIN_FILE=${BASEPREFIX}/${i}/share/toolchain.cmake
-    make
+    make ${MAKEOPTS}
     DISTNAME=monero-${i}
     mv bin ${DISTNAME}
     find ${DISTNAME}/ | sort | zip -X@ ${OUTDIR}/${DISTNAME}.zip

external/CMakeLists.txt

@@ -100,3 +100,4 @@ endif()
 
 add_subdirectory(db_drivers)
 add_subdirectory(easylogging++)
+add_subdirectory(randomwow)

external/db_drivers/liblmdb/mdb.c

@@ -1742,6 +1742,8 @@ mdb_strerror(int err)
 		NULL, err, 0, ptr, MSGSIZE, (va_list *)buf+MSGSIZE);
 	return ptr;
 #else
+	if (err < 0)
+		return "Invalid error code";
 	return strerror(err);
 #endif
 }
@@ -9641,7 +9643,7 @@ mdb_page_split(MDB_cursor *mc, MDB_val *newkey, MDB_val *newdata, pgno_t newpgno
 			 * the split so the new page is emptier than the old page.
 			 * This yields better packing during sequential inserts.
 			 */
-			if (nkeys < 20 || nsize > pmax/16 || newindx >= nkeys) {
+			if (nkeys < 32 || nsize > pmax/16 || newindx >= nkeys) {
 				/* Find split point */
 				psize = 0;
 				if (newindx <= split_indx || newindx >= nkeys) {

external/easylogging++/CMakeLists.txt

@@ -33,6 +33,7 @@ project(easylogging CXX)
 SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
 
 find_package(Threads)
+find_package(Backtrace)
 
 add_library(easylogging
   easylogging++.cc)
@@ -41,7 +42,8 @@ include_directories("${CMAKE_CURRENT_SOURCE_DIR}")
 include_directories("${CMAKE_CURRENT_BINARY_DIR}")
 target_link_libraries(easylogging
   PRIVATE
-    ${CMAKE_THREAD_LIBS_INIT})
+    ${CMAKE_THREAD_LIBS_INIT}
+    ${Backtrace_LIBRARIES})
 
 # GUI/libwallet install target
 if (BUILD_GUI_DEPS)

external/easylogging++/easylogging++.cc

@@ -1,17 +1,16 @@
 //
 //  Bismillah ar-Rahmaan ar-Raheem
 //
-//  Easylogging++ v9.96.5
+//  Easylogging++ v9.96.7
 //  Cross-platform logging library for C++ applications
 //
-//  Copyright (c) 2012-2018 Muflihun Labs
+//  Copyright (c) 2012-2018 Zuhd Web Services
 //  Copyright (c) 2012-2018 @abumusamq
 //
 //  This library is released under the MIT Licence.
-//  https://github.com/muflihun/easyloggingpp/blob/master/LICENSE
+//  https://github.com/zuhd-org/easyloggingpp/blob/master/LICENSE
 //
-//  https://github.com/muflihun/easyloggingpp
-//  https://muflihun.github.io/easyloggingpp
+//  https://zuhd.org
 //  http://muflihun.com
 //
 
@@ -962,7 +961,7 @@ void Str::replaceFirstWithEscape(base::type::string_t& str, const base::type::st
   std::size_t foundAt = base::type::string_t::npos;
   while ((foundAt = str.find(replaceWhat, foundAt + 1)) != base::type::string_t::npos) {
     if (foundAt > 0 && str[foundAt - 1] == base::consts::kFormatSpecifierChar) {
-      str.erase(foundAt > 0 ? foundAt - 1 : 0, 1);
+      str.erase(foundAt - 1, 1);
       ++foundAt;
     } else {
       str.replace(foundAt, replaceWhat.length(), replaceWith);
@@ -1531,7 +1530,7 @@ void LogFormat::parseFromFormat(const base::type::string_t& userFormat) {
         if (hasFlag(flag)) {
           // If we already have flag we remove the escape chars so that '%%' is turned to '%'
           // even after specifier resolution - this is because we only replaceFirst specifier
-          formatCopy.erase(foundAt > 0 ? foundAt - 1 : 0, 1);
+          formatCopy.erase(foundAt - 1, 1);
           ++foundAt;
         }
       } else {
@@ -2206,20 +2205,26 @@ Storage::Storage(const LogBuilderPtr& defaultLogBuilder) :
   m_registeredLoggers(new base::RegisteredLoggers(defaultLogBuilder)),
   m_flags(ELPP_DEFAULT_LOGGING_FLAGS),
   m_vRegistry(new base::VRegistry(0, &m_flags)),
+
 #if ELPP_ASYNC_LOGGING
   m_asyncLogQueue(new base::AsyncLogQueue()),
   m_asyncDispatchWorker(asyncDispatchWorker),
 #endif  // ELPP_ASYNC_LOGGING
+
   m_preRollOutCallback(base::defaultPreRollOutCallback) {
   // Register default logger
   m_registeredLoggers->get(std::string(base::consts::kDefaultLoggerId));
   // We register default logger anyway (worse case it's not going to register) just in case
   m_registeredLoggers->get("default");
+
+#if defined(ELPP_FEATURE_ALL) || defined(ELPP_FEATURE_PERFORMANCE_TRACKING)
   // Register performance logger and reconfigure format
   Logger* performanceLogger = m_registeredLoggers->get(std::string(base::consts::kPerformanceLoggerId));
   m_registeredLoggers->get("performance");
   performanceLogger->configurations()->setGlobally(ConfigurationType::Format, std::string("%datetime %level %msg"));
   performanceLogger->reconfigure();
+#endif // defined(ELPP_FEATURE_ALL) || defined(ELPP_FEATURE_PERFORMANCE_TRACKING)
+
 #if defined(ELPP_SYSLOG)
   // Register syslog logger and reconfigure format
   Logger* sysLogLogger = m_registeredLoggers->get(std::string(base::consts::kSysLogLoggerId));
@@ -2337,6 +2342,19 @@ base::threading::Mutex& LogDispatchCallback::fileHandle(const LogDispatchData* d
 namespace base {
 // DefaultLogDispatchCallback
 
+const char* convertToChar(Level level) {
+  // Do not use switch over strongly typed enums because Intel C++ compilers dont support them yet.
+  if (level == Level::Global) return "G";
+  if (level == Level::Debug) return "D";
+  if (level == Level::Info) return "I";
+  if (level == Level::Warning) return "W";
+  if (level == Level::Error) return "E";
+  if (level == Level::Fatal) return "F";
+  if (level == Level::Verbose) return "V";
+  if (level == Level::Trace) return "T";
+  return "?";
+}
+
 void DefaultLogDispatchCallback::handle(const LogDispatchData* data) {
 #if defined(ELPP_THREAD_SAFE)
 #if 0
@@ -2345,11 +2363,15 @@ void DefaultLogDispatchCallback::handle(const LogDispatchData* data) {
 #endif
 #endif
   m_data = data;
-  dispatch(m_data->logMessage()->logger()->logBuilder()->build(m_data->logMessage(),
+  base::TypedConfigurations* tc = m_data->logMessage()->logger()->typedConfigurations();
+  const base::LogFormat* logFormat = &tc->logFormat(m_data->logMessage()->level());
+  dispatch(base::utils::DateTime::getDateTime(logFormat->dateTimeFormat().c_str(), &tc->subsecondPrecision(m_data->logMessage()->level()))
+      + "\t" + convertToChar(m_data->logMessage()->level()) + " " + m_data->logMessage()->message() + "\n",
+      m_data->logMessage()->logger()->logBuilder()->build(m_data->logMessage(),
            m_data->dispatchAction() == base::DispatchAction::NormalLog || m_data->dispatchAction() == base::DispatchAction::FileOnlyLog));
 }
 
-void DefaultLogDispatchCallback::dispatch(base::type::string_t&& logLine) {
+void DefaultLogDispatchCallback::dispatch(base::type::string_t&& rawLine, base::type::string_t&& logLine) {
   if (m_data->dispatchAction() == base::DispatchAction::NormalLog || m_data->dispatchAction() == base::DispatchAction::FileOnlyLog) {
     if (m_data->logMessage()->logger()->m_typedConfigurations->toFile(m_data->logMessage()->level())) {
       base::type::fstream_t* fs = m_data->logMessage()->logger()->m_typedConfigurations->fileStream(
@@ -2376,8 +2398,8 @@ void DefaultLogDispatchCallback::dispatch(base::type::string_t&& logLine) {
     if (m_data->dispatchAction() != base::DispatchAction::FileOnlyLog) {
       if (m_data->logMessage()->logger()->m_typedConfigurations->toStandardOutput(m_data->logMessage()->level())) {
         if (ELPP->hasFlag(LoggingFlag::ColoredTerminalOutput))
-          m_data->logMessage()->logger()->logBuilder()->convertToColoredOutput(&logLine, m_data->logMessage()->level());
-        ELPP_COUT << ELPP_COUT_LINE(logLine);
+          m_data->logMessage()->logger()->logBuilder()->convertToColoredOutput(&rawLine, m_data->logMessage()->level());
+        ELPP_COUT << ELPP_COUT_LINE(rawLine);
       }
     }
   }
@@ -3279,11 +3301,11 @@ const std::string &Loggers::getFilenameCommonPrefix() {
 // VersionInfo
 
 const std::string VersionInfo::version(void) {
-  return std::string("9.96.5");
+  return std::string("9.96.7");
 }
 /// @brief Release date of current version
 const std::string VersionInfo::releaseDate(void) {
-  return std::string("07-09-2018 0950hrs");
+  return std::string("24-11-2018 0728hrs");
 }
 
 } // namespace el

external/easylogging++/easylogging++.h

@@ -1,17 +1,16 @@
 //
 //  Bismillah ar-Rahmaan ar-Raheem
 //
-//  Easylogging++ v9.96.5
+//  Easylogging++ v9.96.7
 //  Single-header only, cross-platform logging library for C++ applications
 //
-//  Copyright (c) 2012-2018 Muflihun Labs
+//  Copyright (c) 2012-2018 Zuhd Web Services
 //  Copyright (c) 2012-2018 @abumusamq
 //
 //  This library is released under the MIT Licence.
-//  https://github.com/muflihun/easyloggingpp/blob/master/LICENSE
+//  https://github.com/zuhd-org/easyloggingpp/blob/master/LICENSE
 //
-//  https://github.com/muflihun/easyloggingpp
-//  https://muflihun.github.io/easyloggingpp
+//  https://zuhd.org
 //  http://muflihun.com
 //
 
@@ -758,10 +757,12 @@ static const char* kDefaultLoggerId                        =      ELPP_DEFAULT_L
 static const char* kDefaultLoggerId                        =      "default";
 #endif
 
+#if defined(ELPP_FEATURE_ALL) || defined(ELPP_FEATURE_PERFORMANCE_TRACKING)
 #ifdef ELPP_DEFAULT_PERFORMANCE_LOGGER
 static const char* kPerformanceLoggerId                    =      ELPP_DEFAULT_PERFORMANCE_LOGGER;
 #else
 static const char* kPerformanceLoggerId                    =      "performance";
+#endif // ELPP_DEFAULT_PERFORMANCE_LOGGER
 #endif
 
 #if defined(ELPP_SYSLOG)
@@ -2776,7 +2777,7 @@ class DefaultLogDispatchCallback : public LogDispatchCallback {
   void handle(const LogDispatchData* data);
  private:
   const LogDispatchData* m_data;
-  void dispatch(base::type::string_t&& logLine);
+  void dispatch(base::type::string_t&& rawLine, base::type::string_t&& logLine);
 };
 #if ELPP_ASYNC_LOGGING
 class AsyncLogDispatchCallback : public LogDispatchCallback {
@@ -3836,7 +3837,7 @@ class Helpers : base::StaticClass {
     return ELPP->hasCustomFormatSpecifier(formatSpecifier);
   }
   static inline void validateFileRolling(Logger* logger, Level level) {
-    if (logger == nullptr) return;
+    if (ELPP == nullptr || logger == nullptr) return;
     logger->m_typedConfigurations->validateFileRolling(level, ELPP->preRollOutCallback());
   }
 };

installers/build-cli-win.py

@@ -1,88 +0,0 @@
-# 
-# This is a script for easily building the wownero cli installer in an automated build. Note
-# that it is also possible to build the installer by dropping the .nsi file on the NSIS GUI,
-# but that this will not work, as the script requires some defines, parsed from the wownero
-# version file, to be passed on the command line.
-#
-
-import sys
-sys.dont_write_bytecode = True
-
-import os
-import os.path
-import subprocess
-
-#
-# Grab the dir of this .py
-#
-basedir = os.path.dirname(os.path.abspath(__file__))
-
-#
-# Try to find version.cpp.in.
-#
-version_file = os.path.join('..', 'src', 'version.cpp.in')
-if not os.path.isfile(version_file):
-    print('Version file not found: %s' % version_file)
-    sys.exit(-1)
-
-#
-# Try to parse version.cpp.in.
-#
-version_string = None
-release_name = None
-with open(version_file, 'r') as fp:
-    version_prefix = '#define DEF_MONERO_VERSION "'
-    release_prefix = '#define DEF_MONERO_RELEASE_NAME "'
-    for line in fp:
-        if line.startswith(version_prefix):
-            version_string = line.replace(version_prefix, '')[:-2]
-        elif line.startswith(release_prefix):
-            release_name = line.replace(release_prefix, '')[:-2]
-
-if not version_string:
-    print('Failed to parse version from: %s' % version_file)
-    sys.exit(-1)
-
-if not release_name:
-    print('Failed to parse release name from: %s' % version_file)
-    sys.exit(-1)
-
-#
-# Check that we got an expected version format.
-#
-version_parts = version_string.split('.')
-if len(version_parts) != 4:
-    print('Invalid version string: %s' % version_string)
-    sys.exit(-1)
-
-#
-# Try to find makensis.
-#
-makensis = 'makensis.exe'
-if not os.path.isfile(makensis):
-    for dir in os.environ['PATH'].split(';'):
-        test = os.path.join(dir, makensis)
-        if os.path.isfile(test):
-            makensis = test
-            break
-
-if not os.path.isfile(makensis):
-    print('Failed to find makensis.exe')
-    sys.exit(-1)
-
-#
-# Build & run makensis command line.
-#
-cmd  = '"%s"' % makensis
-cmd += ' /V4'
-cmd += ' /DVERSION_MAJOR=%s' % version_parts[0]
-cmd += ' /DVERSION_MINOR=%s' % version_parts[1]
-cmd += ' /DVERSION_BUILD=%s' % version_parts[2]
-cmd += ' /DVERSION_REVISION=%s' % version_parts[3]
-cmd += ' /DRELEASE_NAME="%s"' % release_name
-cmd += ' "%s"' % os.path.join(basedir, 'cli-win', 'installer.nsi')
-
-print("Calling makensis: %s" % cmd)
-
-subprocess.call(cmd)
-

installers/cli-win/installer.nsi

@@ -1,262 +0,0 @@
-;-----------------------------------------------------------------------------------------
-; File:     Wownero CLI NSIS installer
-; Author:   0x000090
-; Date:     1 Dec 2018
-; License:  WTFPL
-;-----------------------------------------------------------------------------------------
-;
-;                      DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
-;                             Version 2, December 2004
-;
-;     Copyright (C) 2018  Wownero Inc., a Monero Enterprise Alliance partner company
-;
-;                      DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
-;           TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-;
-;                       0. You just DO WHAT THE FUCK YOU WANT TO.
-;
-;-----------------------------------------------------------------------------------------
-!include 'MUI2.nsh'
-!include 'TextFunc.nsh'
-!include 'WordFunc.nsh'
-!include 'Sections.nsh'
-
-;-----------------------------------------------------------------------------------------
-!ifndef VERSION_MAJOR
-    !warning 'VERSION_MAJOR not defined!'
-    Quit
-!endif
-
-!ifndef VERSION_MINOR
-    !warning 'VERSION_MINOR not defined!'
-    Quit
-!endif
-
-!ifndef VERSION_BUILD
-    !warning 'VERSION_BUILD not defined!'
-    Quit
-!endif
-
-!ifndef VERSION_REVISION
-    !warning 'VERSION_REVISION not defined!'
-    Quit
-!endif
-
-!ifndef RELEASE_NAME
-    !warning 'RELEASE_NAME not defined!'
-    Quit
-!endif
-
-!define VERSION_SHORT                   '${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_BUILD}'
-!define VERSION_LONG                    '${VERSION_SHORT}.${VERSION_REVISION}'
-
-;-----------------------------------------------------------------------------------------
-!define PROJECT_NAME                    'Wownero'
-!define PRODUCT_NAME                    'Wownero CLI'
-!define COMPANY_NAME                    'Wownero Inc.'
-!define EXE_BASENAME                    'wownero'
-!define HELP_URL                        'http://wownero.org/#community'
-!define ABOUT_URL                       'http://wownero.org/#about'
-!define SOURCE_DIR                      '..\..\build\release\bin'
-!define TARGET_DIR                      '..\..\build\installers'
-!define TARGET_PATH                     '${TARGET_DIR}\Wownero-CLI-${VERSION_LONG}-win.exe'
-!define INSTALL_SUBDIR                  'cli'
-!define INSTALL_SIZE                    181000
-!define UNINSTALLER_NAME                'uninstall.exe'
-!define REG_BASE                        'Software\Microsoft\Windows\CurrentVersion\Uninstall'
-!define REG_KEY                         '${REG_BASE}\{E114584F-4E1B-4B2D-8B1C-69A188025E98}'
-!define /date CURRENT_YEAR              '%Y'
-  
-;-----------------------------------------------------------------------------------------
-!system 'if not exist "${TARGET_DIR}" md "${TARGET_DIR}"'
-
-;-----------------------------------------------------------------------------------------
-Name                                    '${PRODUCT_NAME}'
-OutFile                                 '${TARGET_PATH}'
-BrandingText                            '${PRODUCT_NAME} ${VERSION_LONG} "${RELEASE_NAME}"'
-CRCCheck                                force
-RequestExecutionLevel                   admin
-InstallDir                              "$PROGRAMFILES64\${PROJECT_NAME}\${INSTALL_SUBDIR}"
-ShowInstDetails                         show
-ShowUninstDetails                       show
-  
-;-----------------------------------------------------------------------------------------
-VIAddVersionKey  'CompanyName'          '${COMPANY_NAME}'
-VIAddVersionKey  'ProductName'          '${PRODUCT_NAME}'
-VIAddVersionKey  'FileDescription'      '${PRODUCT_NAME}'
-VIAddVersionKey  'LegalCopyright'       'Copyright (c) ${CURRENT_YEAR}, ${COMPANY_NAME}'
-VIAddVersionKey  'FileVersion'          '${VERSION_SHORT}'
-VIProductVersion '${VERSION_LONG}' 
-  
-;-----------------------------------------------------------------------------------------
-!define MUI_ABORTWARNING
-!define MUI_UNABORTWARNING
-
-!define MUI_FINISHPAGE_NOAUTOCLOSE
-!define MUI_UNFINISHPAGE_NOAUTOCLOSE
-
-!define MUI_ICON "app.ico"
-!define MUI_UNICON "app.ico"
-
-!define MUI_HEADERIMAGE
-!define MUI_HEADERIMAGE_RIGHT
-!define MUI_HEADERIMAGE_BITMAP "header.bmp"
-!define MUI_HEADERIMAGE_UNBITMAP "header.bmp"
-!define MUI_HEADERIMAGE_BITMAP_NOSTRETCH
-!define MUI_HEADERIMAGE_UNBITMAP_NOSTRETCH
-
-!define MUI_WELCOMEFINISHPAGE_BITMAP "welcome.bmp"
-!define MUI_UNWELCOMEFINISHPAGE_BITMAP "welcome.bmp"
-!define MUI_WELCOMEFINISHPAGE_BITMAP_NOSTRETCH
-!define MUI_UNWELCOMEFINISHPAGE_UNBITMAP_NOSTRETCH
-  
-;-----------------------------------------------------------------------------------------
-!insertmacro MUI_PAGE_WELCOME
-!insertmacro MUI_PAGE_DIRECTORY
-!insertmacro MUI_PAGE_INSTFILES
-!insertmacro MUI_UNPAGE_WELCOME
-!insertmacro MUI_UNPAGE_CONFIRM
-!insertmacro MUI_UNPAGE_INSTFILES
-
-;-----------------------------------------------------------------------------------------
-!insertmacro MUI_LANGUAGE "English"
-
-;-----------------------------------------------------------------------------------------
-Function VerifyUserIsAdmin  
-    UserInfo::GetAccountType
-    Pop $0
-    ${If} $0 != "admin"
-        MessageBox MB_ICONSTOP "Admin permissions required, please use right-click > Run as Administrator."
-        SetErrorLevel 740 ; ERROR_ELEVATION_REQUIRED
-        Quit
-    ${EndIf}  
-FunctionEnd
-
-Function .onInit
-    Call VerifyUserIsAdmin
-FunctionEnd
-
-Function un.onInit
-FunctionEnd
-  
-;-----------------------------------------------------------------------------------------
-!macro RemoveFile file
-    Push $0
-    ${TrimNewLines} '${file}' $0
-    SetDetailsPrint both
-    ${If} ${FileExists} '$0'
-        DetailPrint 'Deleting file $0'
-        SetDetailsPrint textonly
-        Delete "$0"
-    ${Else}
-        DetailPrint 'File not found: $0'
-    ${Endif}
-    SetDetailsPrint lastused
-    Pop $0
-!macroend
-
-!macro RemoveDir dir
-    Push $0
-    ${TrimNewLines} '${dir}' $0
-    SetDetailsPrint both
-    ${If} ${FileExists} '$0'
-        DetailPrint 'Deleting directory $0'
-        SetDetailsPrint textonly
-        RmDir /r "$0"
-    ${Else}
-        DetailPrint 'Directory not found: $0'
-    ${Endif}
-    SetDetailsPrint lastused
-    Pop $0
-!macroend
-
-;-----------------------------------------------------------------------------------------
-Function WriteFiles
-    DetailPrint 'Installing application files...'
-    SetDetailsPrint both
-    SetOutPath '$INSTDIR'
-    File 'app.ico'
-
-    ;
-    ; Add here whatever else you want to be included:
-    ;
-    File '${SOURCE_DIR}\${EXE_BASENAME}d.exe'
-    File '${SOURCE_DIR}\${EXE_BASENAME}-wallet-cli.exe'
-    File '${SOURCE_DIR}\${EXE_BASENAME}-wallet-rpc.exe'
-    File '${SOURCE_DIR}\${EXE_BASENAME}-gen-trusted-multisig.exe'
-
-    ;
-    ; NOTE: you can also add all files in a dir, like this:
-    ;
-    ;File /r '${SOURCE_DIR}\*.*'
-
-    SetDetailsPrint lastused
-    DetailPrint 'Writing uninstaller...'
-    WriteUninstaller '$INSTDIR\${UNINSTALLER_NAME}'
-FunctionEnd
-
-Function un.WriteFiles
-    DetailPrint 'Removing application files...'
-    !insertmacro RemoveDir '$INSTDIR'
-FunctionEnd
-
-;-----------------------------------------------------------------------------------------
-Function WriteShortcuts
-    DetailPrint 'Creating Desktop shortcuts...'
-    CreateShortCut '$DESKTOP\${PRODUCT_NAME} Wallet.lnk' '$INSTDIR\${EXE_BASENAME}-wallet-cli.exe' '' '$INSTDIR\app.ico'
-    CreateShortCut '$DESKTOP\${PRODUCT_NAME} Daemon.lnk' '$INSTDIR\${EXE_BASENAME}d.exe'           '' '$INSTDIR\app.ico'
-    DetailPrint 'Creating Start Menu shortcuts...'
-    CreateDirectory '$SMPROGRAMS\${COMPANY_NAME}\${PRODUCT_NAME}'
-    CreateShortCut  '$SMPROGRAMS\${COMPANY_NAME}\${PRODUCT_NAME}\${PRODUCT_NAME} Wallet.lnk'    '$INSTDIR\${EXE_BASENAME}-wallet-cli.exe' '' '$INSTDIR\app.ico'
-    CreateShortCut  '$SMPROGRAMS\${COMPANY_NAME}\${PRODUCT_NAME}\${PRODUCT_NAME} Daemon.lnk'    '$INSTDIR\${EXE_BASENAME}d.exe'           '' '$INSTDIR\app.ico'
-    CreateShortCut  '$SMPROGRAMS\${COMPANY_NAME}\${PRODUCT_NAME}\Uninstall ${PRODUCT_NAME}.lnk' '$INSTDIR\${UNINSTALLER_NAME}'            '' '$INSTDIR\app.ico'
-FunctionEnd
-
-Function un.WriteShortcuts
-    DetailPrint 'Removing Desktop shortcuts...'
-    !insertmacro RemoveFile '$DESKTOP\${PRODUCT_NAME} Daemon.lnk'
-    !insertmacro RemoveFile '$DESKTOP\${PRODUCT_NAME} Wallet.lnk'
-    DetailPrint 'Removing Start Menu shortcuts...'
-    !insertmacro RemoveDir '$SMPROGRAMS\${COMPANY_NAME}\${PRODUCT_NAME}'
-FunctionEnd
-  
-;-----------------------------------------------------------------------------------------
-Function WriteUninstaller
-    DetailPrint 'Registering ${PRODUCT_NAME} ${VERSION_SHORT}'
-    WriteRegDWORD HKLM '${REG_KEY}' 'VersionMajor'          ${VERSION_MAJOR}
-    WriteRegDWORD HKLM '${REG_KEY}' 'VersionMinor'          ${VERSION_MINOR}
-    WriteRegDWORD HKLM '${REG_KEY}' 'EstimatedSize'         ${INSTALL_SIZE}
-    WriteRegDWORD HKLM '${REG_KEY}' 'NoModify'              1
-    WriteRegDWORD HKLM '${REG_KEY}' 'NoRepair'              1
-    WriteRegStr   HKLM '${REG_KEY}' 'Contact'              '${COMPANY_NAME}'
-    WriteRegStr   HKLM '${REG_KEY}' 'Publisher'            '${COMPANY_NAME}'
-    WriteRegStr   HKLM '${REG_KEY}' 'HelpLink'             '${HELP_URL}'
-    WriteRegStr   HKLM '${REG_KEY}' 'URLInfoAbout'         '${ABOUT_URL}'
-    WriteRegStr   HKLM '${REG_KEY}' 'DisplayVersion'       '${VERSION_SHORT}'
-    WriteRegStr   HKLM '${REG_KEY}' 'Comments'             '${PRODUCT_NAME}'
-    WriteRegStr   HKLM '${REG_KEY}' 'DisplayName'          '${PRODUCT_NAME} ${VERSION_SHORT}'
-    WriteRegStr   HKLM '${REG_KEY}' 'InstallLocation'      '"$INSTDIR"'
-    WriteRegStr   HKLM '${REG_KEY}' 'DisplayIcon'          '"$INSTDIR\app.ico"'
-    WriteRegStr   HKLM '${REG_KEY}' 'UninstallString'      '"$INSTDIR\${UNINSTALLER_NAME}"'
-    WriteRegStr   HKLM '${REG_KEY}' 'QuietUninstallString' '"$INSTDIR\${UNINSTALLER_NAME}" /S'
-FunctionEnd
-
-Function un.WriteUninstaller
-    DetailPrint 'Unregistering ${PRODUCT_NAME} ${VERSION_SHORT}...'
-    DeleteRegKey HKLM '${REG_KEY}'
-FunctionEnd
-
-;-----------------------------------------------------------------------------------------
-Section "${PRODUCT_NAME} ${VERSION_SHORT}"
-    Call WriteFiles
-    Call WriteShortcuts
-    Call WriteUninstaller
-SectionEnd
-
-;-----------------------------------------------------------------------------------------
-Section "Uninstall"
-    Call un.WriteFiles
-    Call un.WriteShortcuts
-    Call un.WriteUninstaller
-SectionEnd
-