Merge branch develop

thejohnfreeman · Sep 11, 2023 · f7d450c · f7d450c
2 parents d67a259 + a955057
commit f7d450c
Show file tree

Hide file tree

Showing 6 changed files with 546 additions and 334 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -60,12 +60,12 @@ While we commit to responding with 24 hours of your initial report with our tria
 
 ## Bug Bounty Program
 
-[Ripple](https://ripple.com) is generously sponsoring a bug bounty program for vulnerabilities in [`rippled`](https://github.com/ripple/rippled) (and other related projects, like [`ripple-lib`](https://github.com/ripple/ripple-lib)).
+[Ripple](https://ripple.com) is generously sponsoring a bug bounty program for vulnerabilities in [`rippled`](https://github.com/XRPLF/rippled) (and other related projects, like [`xrpl.js`](https://github.com/XRPLF/xrpl.js), [`xrpl-py`](https://github.com/XRPLF/xrpl-py), [`xrpl4j`](https://github.com/XRPLF/xrpl4j)).
 
-This program allows us to recognize and reward individuals or groups that identify and report bugs. In summary, order to qualify for a bounty, the bug must be:
+This program allows us to recognize and reward individuals or groups that identify and report bugs. In summary, in order to qualify for a bounty, the bug must be:
 
-1. **In scope**. Only bugs in software under the scope of the program qualify. Currently, that means `rippled` and `ripple-lib`.
-2. **Relevant**. A security issue, posing a danger to user funds, privacy or the operation of the XRP Ledger.
+1. **In scope**. Only bugs in software under the scope of the program qualify. Currently, that means `rippled`, `xrpl.js`, `xrpl-py`, `xrpl4j`.
+2. **Relevant**. A security issue, posing a danger to user funds, privacy, or the operation of the XRP Ledger.
 3. **Original and previously unknown**. Bugs that are already known and discussed in public do not qualify. Previously reported bugs, even if publicly unknown, are not eligible.
 4. **Specific**. We welcome general security advice or recommendations, but we cannot pay bounties for that.
 5. **Fixable**. There has to be something we can do to permanently fix the problem. Note that bugs in other people’s software may still qualify in some cases. For example, if you find a bug in a library that we use which can compromise the security of software that is in scope and we can get it fixed, you may qualify for a bounty.

diff --git a/cfg/rippled-example.cfg b/cfg/rippled-example.cfg
@@ -283,12 +283,14 @@
 #       ssl_cert
 #
 #           Specifies the path to the SSL certificate file in PEM format.
-#           This is not needed if the chain includes it.
+#           This is not needed if the chain includes it. Use ssl_chain if
+#           your certificate includes one or more intermediates.
 #
 #       ssl_chain
 #
 #           If you need a certificate chain, specify the path to the
 #           certificate chain here. The chain may include the end certificate.
+#           This must be used if the certificate includes intermediates.
 #
 #   ssl_ciphers = <cipherlist>
 #

diff --git a/src/ripple/protocol/impl/Issue.cpp b/src/ripple/protocol/impl/Issue.cpp
@@ -19,6 +19,7 @@
 
 #include <ripple/protocol/Issue.h>
 
+#include <ripple/json/json_errors.h>
 #include <ripple/protocol/AccountID.h>
 #include <ripple/protocol/UintTypes.h>
 #include <ripple/protocol/jss.h>
@@ -78,7 +79,7 @@ issueFromJson(Json::Value const& v)
 {
     if (!v.isObject())
     {
-        Throw<std::runtime_error>(
+        Throw<Json::error>(
             "issueFromJson can only be specified with a 'object' Json value");
     }
 
@@ -87,37 +88,34 @@ issueFromJson(Json::Value const& v)
 
     if (!curStr.isString())
     {
-        Throw<std::runtime_error>(
+        Throw<Json::error>(
             "issueFromJson currency must be a string Json value");
     }
 
     auto const currency = to_currency(curStr.asString());
     if (currency == badCurrency() || currency == noCurrency())
     {
-        Throw<std::runtime_error>(
-            "issueFromJson currency must be a valid currency");
+        Throw<Json::error>("issueFromJson currency must be a valid currency");
     }
 
     if (isXRP(currency))
     {
         if (!issStr.isNull())
         {
-            Throw<std::runtime_error>("Issue, XRP should not have issuer");
+            Throw<Json::error>("Issue, XRP should not have issuer");
         }
         return xrpIssue();
     }
 
     if (!issStr.isString())
     {
-        Throw<std::runtime_error>(
-            "issueFromJson issuer must be a string Json value");
+        Throw<Json::error>("issueFromJson issuer must be a string Json value");
     }
     auto const issuer = parseBase58<AccountID>(issStr.asString());
 
     if (!issuer)
     {
-        Throw<std::runtime_error>(
-            "issueFromJson issuer must be a valid account");
+        Throw<Json::error>("issueFromJson issuer must be a valid account");
     }
 
     return Issue{currency, *issuer};