#i2p-dev (irc2p) | 2.7.0-8-rc | Tags frozen | Checkin deadline Fri. Jan. 31 5PM UTC | ACTION REQUIRED git.idk.i2p account deletion http://i2pforum.i2p/viewtopic.php?t=1312

#i2p-dev

/2025/01/28

Online: 60

@eyedeekay

&eche|on

&kytv

&zzz

+R4SAS

+RN

+RN_

+StormyCloud

+dr|z3d

+hagen

+lbt

+orignal

+postman

+segfault

+weko

+wodencafe

An0nm0n

Arch

BravoOreo

Danny

FreeRider

Irc2PGuest29709

Irc2PGuest30976

Irc2PGuest36803

Irc2PGuest39511

Irc2PGuest507

Irc2PGuest59134

Irc2PGuest88786

Nausicaa

Onn4l7h

Onn4|7h

Over

Sisyphus

Sleepy

Soni

T3s|4_

T3s|4__

acetone_

anon2

b3t4f4c3

bak83

boonst

cumlord

dickless

dr4wd3_

enoxa

eyedeekay_bnc

l337s

not_bob_afk

poriori

profetikla

qend-irc2p

radakayot__

rapidash

shiver_

solidx66

u5657

uop23ip

w8rabbit

x74a6

RN hey mareki2p they're looking for more info from you

mareki2p I'm back, reading past conversation. The problem was that I wanted to send the CreateSession I2CP message, it contains destination, destination contains certificate. I attached type 5 certificate with zero/empty content. The i2pd worked just fine, java did not. This is my mistake. I should attach type 0 certificate instead. Maybe the docs is not comprehensive enough. Maybe I can not read the docs properly. I

mareki2p definitely don't think that "if it works on i2pd and not on java it must be my bug" as zzz said. My pull request improves this situation and allows type 5 certificate with zero/empty content with elgamal+dsa destinations. This is not bug fix, but improvement/enhancement.

zzz I added a note to the spec saying 'dont do that'

dr|z3d :)

RN isn't elgamal+dsa deprecated anyway?

dr|z3d DSA is only there to support legacy services.

dr|z3d ElGamal isn't yet deprecated, but orignal's pushing for deprecation.

RN ahh, that must be what I recall reading

StormyCloud zzz reseed is good. LetsEncrypt moved their signing provider which caused certbot to fail.

dr|z3d running python3-certbot-nginx StormyCloud?

mareki2p So if i2pd is accepting such I2CP messages (with type 5 certificate and zero bytes following) is i2pd wrong? Should new issue be raised against it?

StormyCloud No using acme

dr|z3d is nginx handling the server?

dr|z3d mareki2p: orignal's been told, but feel free to file a bug just to bring the message home :)

StormyCloud No haproxy is in front of everything

dr|z3d webserver is nginx or apache?

StormyCloud Neither? Just have haproxy infront of the reseed tools package.

dr|z3d ok

mareki2p I also noticed that if you have no I2CP username/password set on the server, the client can supply any name+pwd and everything succeeds. Is that intentional?

RN if the name is not registered by anyone then it just ingores the pw you are sending

RN you can for example try that with dr|z3d and a made up password. It will turn you into Irc2PGuest####

RN because dr|z3d is a registered nick, so the random password you provide won't likely match the one he chose

dr|z3d I2CP, not I2PIRC...

RN oh, oopsie

RN s/I2PIRC/IRC2P/

RN nevermind me mareki2p, I missread

RN ardu has a deepseek-abliterated model, I think that is same without the guardrails

RN oops, wrong window

RN *** should go take a break ***

orignal i2pd considers signature type 0 in cert as valid

orignal well ElGamal should be deprecated at lease on servers

mareki2p My issue is that I sent certificate type 5 with zero payload and i2pd accepted it, java did not. Java requires certificate type 0.

zzz wrong, his bug is that cert type 5 min payload is 4

zzz it would have worked if he got the payload right. but it still should be type 0

orignal if you send cert 5 with zero payload it's i2pd's bug

orignal it must be 4

zzz I didn't really catch it either, it just failed in a weird way

orignal muformaed certificate is another story

zzz guy still doesn't get it that it has to be 4

orignal *malformed

zzz so I just stick to short answer 'use type 0'

orignal he is right

orignal SigningKeyType IdentityEx::GetSigningKeyType () const

orignal {

orignal if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 2)

orignal return bufbe16toh (m_ExtendedBuffer); // signing key

orignal return SIGNING_KEY_TYPE_DSA_SHA1;

orignal }

orignal I do it this way, but it's not right

orignal e.g. if type is 5 and length is zero I will handle it as DSA

zzz yeah. but there's no requirement to catch every wrong thing, I wouldn't worry about it

orignal right

eyedeekay zzz merge 226 when you're ready