- Better handling of unsupported encryption in destinations
- Implement handling of unsupported encryption in router identities
- Banlist forever all RIs with unsupported encryption
- New negative cache of all dests with unsupported encryption
- New methods for destination lookup that will succeed even if
the LS is expired or encryption is unsupported
- Use new dest lookup so client will get the right error code
later, rather than failing with no LS when we really got it
but just couldn't verify it.
- Cleanups and javadocs
OCMOSJ: Detect unsupported encryption on dest and return the correct failure code
through I2CP to streaming to i2ptunnel
Streaming: Re-enable message status override, but treat LS lookup failure
as a soft failure for now.
HTTP Client: Add error page for unsupported encryption
- Verify crypto key pair in LS
- Verfiy same dest as before in LS
Router: Don't try to use an unavailable sig type for the router,
even if it's the default
RouterInfo: Work around unsupported raw signatures for
RI Ed25519 sig type
- New router.sigType config
- Generate / regenerate router keys based on config
- New router.keys2 file format for sig types and padding
- Fix RouterInfo.readBytes() signature verification with sig types
- Catch unset padding in KeysAndCert.writeBytes()
- Catch key errors in ReadRouterJob
- Show RI sig type on /netdb in console
- Move some things from Router to startup classes
- Startup classes package private
- Buffer readin of key files
- Remove configurability of router.info and router.keys file locations
- Add local SSL support for std. and IRC client tunnels (ticket #1107)
Keystore goes in ~/.i2p/keystore; pubkey cert goes in ~/.i2p/certificates/i2ptunnel
- Escape messages to index page
- Show message for uncaught exception
- Don't filter create torrent form, and
fix exception on ':' in file names (ticket #1342)
- Don't remap file names on torrents we created, and
save remap setting in torrent config file (tickets #571, 771)
- Escaping fixes since names may not be remapped
- Use better encodePath() from Jetty
- Don't say create torrent succeeded when it didn't
- Add more sanity checks for torrent creation
XSSFilter patch from str4d:
XSSFilter and XSSRequestWrapper were from http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
No provided license, but it is clearly intended for public consumption.
But most of it is boilerplate provided by the Servlet Filter system.
In fact, now that I have stripped out his JS-specific patterns and replaced it with the whitelist,
it is effectively identical to what I would have written from scratch.
