- Check that image contents match pre- and post- crushing.
- Also remove use of external tool to compute sha256 in favor of hashlib.
- contrib: remove all use of shell=True in strip_pngs.py
Using `shell=True` can be a security hazard. See e.g.
https://docs.python.org/2/library/subprocess.html#subprocess.check_output
17005bc [Qt] add payment request unit test for non matching networks (Philip Kaufmann)
080da96 [Qt] prepare paymentservertests for new unit tests (Philip Kaufmann)
- verify that payment request network matches client network
- add static verifyNetwork() function to PaymentServer to be able to use
the same validation code in GUI and unit-testing code
- add a second PaymentRequest Test CA certificate to paymentrequestdata.h
(serial number f0:da:97:e4:38:d7:64:16) as caCert2_BASE64
- rename existing Test CA certificate to caCert1_BASE64
- rename existing payment request data to know they belong to
caCert1_BASE64
- update comments to reflect the changes and add a missing comment to one
of the payment requests
b468e81 Qt: Clarify sign/verify dialog text to specifically state that these messages only prove one receives with the address in question, and makes no claim to sender of transactions (Luke Dashjr)
- it is helpful to be able to test and verify payment request processing
by allowing self signed root certificates (e.g. generated by Gavins
"certificate authority in a box")
- This option is just shown in the UI options, if -help-debug is enabled.
- before it was possible to use the steps to change e.g. amouns of
authenticated or unauthenticated payment requests (AmountSpinBox is
already set to read-only here) - this is now fixed
- also move the reimplemented stepEnabled() function to the
protected section of our class, where it belongs (see Qt doc)
8dccba6 fail immediately on an empty signature (Cory Fields)
dad7764 depends: bump openssl to 1.0.1k (Cory Fields)
488ed32 consensus: guard against openssl's new strict DER checks (Cory Fields)
New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.
Makes it possible to compactly provide a delibrately invalid signature
for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid
signatures need to be provided in the scriptSig; prior to this change
those invalid signatures would need to be large DER-encoded signatures.
Note that we may want to further expand on this change in the future by
saying that only OP_0 is a "valid" invalid signature; BIP19 even with
this change is inherently malleable as the invalid signatures can be any
validly encoded DER signature.
2ecd294 Bugfix: configure: Correctly detect "nothing to build" condition (Luke Dashjr)
b7a4ecc Bugfix: Only check for boost when building code that requires it (Luke Dashjr)
a19eeac Bugfix: configure: Check for openssl/ec.h (Luke Dashjr)
fe925e2 Use EXTRA_LIBRARIES instead of noinst_LIBRARIES so we can avoid building unused code (Cory Fields)
This will disconnect peers that do not transfer a block in 10 minutes, plus
5 minutes for every previously queued block with validated headers
(accomodating downstream bandwidth down to a few kilobytes per second - below
that the node would have trouble staying synchronized anyway).
on rare occasions, rand() was returning duped values, causing duplicate
transactions.
BuildMerkleTree happily used these, but CPartialMerkleTree caught them and
returned a null merkle root.
Rather than taking changes with rand(), use the loop counter to guarantee
unique values.
At sipa's request, also remove the remaining uses of rand().