This adds a -whitelist option to specify subnet ranges from which peers
that connect are whitelisted. In addition, there is a -whitebind option
which works like -bind, except peers connecting to it are also
whitelisted (allowing a separate listen port for trusted connections).
Being whitelisted has two effects (for now):
* They are immune to DoS disconnection/banning.
* Transactions they broadcast (which are valid) are always relayed,
even if they were already in the mempool. This means that a node
can function as a gateway for a local network, and that rebroadcasts
from the local network will work as expected.
Whitelisting replaces the magic exemption localhost had for DoS
disconnection (local addresses are still never banned, though), which
implied hidden service connects (from a localhost Tor node) were
incorrectly immune to DoS disconnection as well. This old
behaviour is removed for that reason, but can be restored using
-whitelist=127.0.0.1 or -whitelist=::1 can be specified. -whitebind
is safer to use in case non-trusted localhost connections are expected
(like hidden services).
- SO_NOSIGPIPE isn't available on WIN32 so merge the 2 non-WIN32 blocks
- use predefined names from header for IPV6_PROTECTION_LEVEL and
PROTECTION_LEVEL_UNRESTRICTED
... instead of after 30 minutes of no sending, for latency measurement
and keep-alive. Also, disconnect if no reply arrives within 20 minutes,
instead of 90 of inactivity (for peers supporting the 'pong' message).
Updates openssl to 1.0.1k for:
- build docs
- gitian linux build descriptors
- gitian windows build descriptors
see: https://www.openssl.org/news/secadv_20150108.txt
Note: This patch was not applied to the OSX gitian process because
that is (still) broken for dogecoin at this time.
New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.
Github-Pull: #5634
Rebased-From: 488ed32f2ada1d1dd108fc245d025c4d5f252783
The removed case (pcHead == script.end()) can never be reached, since
we explicitly error out above if that is the case. It is legacy from
Namecoin's merge-mining, which does not forbid this case earlier.
see: https://www.openssl.org/news/secadv_20141015.txt
Changes gitian build scripts for linux and windows to use
OpenSSL 1.0.1j. osx scripts have other issues (they have not
been updated to dogecoin dependencies) so those will go into a
separate change.
Please note that although the input for qt-win.yml changes for
reasons of consistency, the output does not, so the version
number for qt-win*-5.2.0-gitian intermediates remain at r3.
1. Fix some mistakes(typo, omission, spacing).
2. Re-adjust sentences to proper form.
3. Replace translation of certain words to better one.
4, Update legacy translations of upstream.
-----------------------------------------------------------------------------
I commit this first, and will commit another updates after 'translation resources' updates.
thanks.
