json checkpoints will be checked every 10 minutes, dns every 60.
json checkpoints always enforced, dns still with flag.
conflicting checkpoints is hard fail, but soft if dns enforce flag not
set and dns checkpoints are wonky.
Bounds checking on blockchain_storage' m_blocks.size() when validating
against checkpoints. Also moved initial json & DNS checkpoints load to
after blockchain init.
The daemon should now check for updated checkpoints from
checkpoints.moneropulse.org as well as from the configured json file
every ~1hr (and on launch).
The daemon now has a flag to enable enforcing these checkpoints (rather
than just printing a warning when they fail).
TODO: an easily configurable list of DNS servers to check for
checkpoints as opposed to the hard-coded "checkpoints.moneropulse.org"
Note: DNSResolver does not yet *use* DNSSEC, but rather this commit is
preparation for including DNSSEC validation. The function in
src/wallet/wallet2.cpp that uses DNSResolver still needs its parameters
updated accordingly.
For checkpoints being read at runtime to work correctly, the checkpoint
add code needs to not return false if a checkpoint is added that already
exists. In this case, instead return false if the checkpoint is for a
height that already has a checkpoint and the hashes are different.
ldns dependency was only still around for constants defined in ldns/rr.h,
but those constants are RFC specified DNS constants, and to reduce deps
have been replicated in dns_utils.h instead of including ldns/rr.h.
As it turns out, some of CMake's built-in modules for detecting headers
and libraries don't work if you have certain compiler flags set, such as
-Werror=old-style-definition, as they do "int main()" rather than
"int main(void)". Having CMake search for libs before compiler flags
are set alleviates this issue, and I believe the underlying issue will
be fixed in future releases of CMake.
Simplewallet should now do a DNS query on an address if it fails to
convert the given string to a binary representation of an address
(base58->binary). It will prompt the user, telling of what the "url"
passed was, what monero address it translated to, and whether or not
DNSSEC validation was a success, and ask for a confirmation that these
are all acceptable.
Also implemented rudimentary IPv6 support, but commented it out because
it's not widely supported by ISPs for now, and thus is not currently
supported by Monero.
