tls rework

src/net.h

@@ -103,8 +103,6 @@ EVP_PKEY *generate_key();
 X509 *generate_x509(EVP_PKEY *pkey);
 bool write_to_disk(EVP_PKEY *pkey, X509 *x509);
 void configure_context(SSL_CTX *ctx, bool server_side);
-static boost::filesystem::path tlsKeyPath;
-static boost::filesystem::path tlsCertPath;
 
 // OpenSSL related variables for metrics.cpp
 static std::string routingsecrecy;
@@ -214,6 +212,7 @@ public:
     NodeId nodeid;
     uint64_t nServices;
     bool fTLSEstablished;
+    bool fTLSVerified;
     int64_t nLastSend;
     int64_t nLastRecv;
     int64_t nTimeConnected;
@@ -359,6 +358,14 @@ protected:
     // Basic fuzz-testing
     void Fuzz(int nChance); // modifies ssSend
 
+    enum class eTlsOption {
+        FALLBACK_UNSET = 0,
+        FALLBACK_FALSE = 1,
+        FALLBACK_TRUE = 2
+    };
+    static eTlsOption tlsFallbackNonTls;
+    static eTlsOption tlsValidate;
+
 public:
     uint256 hashContinue;
     int nStartingHeight;
@@ -459,7 +466,7 @@ public:
         if (addr.IsValid() && !addrKnown.contains(addr.GetKey())) {
             if (vAddrToSend.size() >= MAX_ADDR_TO_SEND) {
                 vAddrToSend[insecure_rand() % vAddrToSend.size()] = addr;
-            } else { 
+            } else {
                 vAddrToSend.push_back(addr);
             }
         }
@@ -693,6 +700,13 @@ public:
 
     static uint64_t GetTotalBytesRecv();
     static uint64_t GetTotalBytesSent();
+
+    // resource deallocation on cleanup, called at node shutdown
+    static void NetCleanup();
+
+    // returns the value of the tlsfallbacknontls and tlsvalidate flags set at zend startup (see init.cpp)
+    static bool GetTlsFallbackNonTls();
+    static bool GetTlsValidate();
 };