![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.16 / (download) - annotate - [select for diffs], Wed Dec 27 07:15:55 2023 UTC (5 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.15: +7 -7 lines
Diff to previous 1.15 (colored)
Rework the warnings on internet resources Unify the printing of warnings about AS numbers and IP address blocks to use a call to as_warn() and ip_warn(). Fix a bug in the latter where the upper bound of an IP range didn't take the RFC 3779 encoding into account and passed the address directly to inet_pton() rather than filling the missing bits with 1. Switch the argument order to match the warnings and tweak some warning messages. ok claudio job
Revision 1.15 / (download) - annotate - [select for diffs], Wed Oct 18 07:10:24 2023 UTC (7 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)
rpki-client: move inherit in {ip,as}_warn()
While alphabetic order makes sense, having inherit between individual
AS and IP entries and ranges makes little sense. Use the order that we
have elsewhere.
ok claudio job
Revision 1.14 / (download) - annotate - [select for diffs], Wed Oct 18 07:04:24 2023 UTC (7 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.13: +21 -31 lines
Diff to previous 1.13 (colored)
rpki-client: rework as_check_overlap() Avoid early returns and use a single copy of the warning by reworking the control flow through two nested switches. ok claudio job
Revision 1.13 / (download) - annotate - [select for diffs], Fri Oct 13 12:06:49 2023 UTC (7 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.12: +32 -2 lines
Diff to previous 1.12 (colored)
Allow imposing constraints on RPKI trust anchors The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope. Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32. For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html With and OK tb@, OK claudio@
Revision 1.12 / (download) - annotate - [select for diffs], Tue May 23 06:39:31 2023 UTC (12 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.11: +5 -27 lines
Diff to previous 1.11 (colored)
Simplify as_id_parse() using ASN1_INTEGER_get_uint64() Instead of decoding an ASN1_INTEGER by hand because ASN1_INTEGER_get() is broken by design and would report an error on LP32 architectures for the reserved ASid UINT32_MAX, we can simplify this ugliness and use the ASN1_INTEGER_get_uint64() API, available since LibreSSL 3.6. ok claudio
Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 30 08:17:21 2022 UTC (18 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.10: +1 -3 lines
Diff to previous 1.10 (colored)
Remove unused sys/socket.h include OK claudio@
Revision 1.10 / (download) - annotate - [select for diffs], Tue Nov 29 20:41:32 2022 UTC (18 months ago) by job
Branch: MAIN
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Nov 29 20:26:22 2022 UTC (18 months ago) by job
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
Only include assert.h if we call assert() OK tb@
Revision 1.8 / (download) - annotate - [select for diffs], Sun May 15 16:43:34 2022 UTC (2 years ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)
More KNF and whitespace fixes.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Dec 26 12:32:28 2021 UTC (2 years, 5 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)
fix spelling of inheritance
Revision 1.6 / (download) - annotate - [select for diffs], Sat Sep 12 15:46:48 2020 UTC (3 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.5: +1 -3 lines
Diff to previous 1.5 (colored)
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
Revision 1.5 / (download) - annotate - [select for diffs], Wed Nov 27 17:18:24 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)
swap some comparisons
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 19 16:30:36 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored)
use $OpenBSD$ headers
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jun 19 04:21:43 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +11 -16 lines
Diff to previous 1.2 (colored)
indentation adjustments, in particular near warn statements ok claudio
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 17 15:04:59 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Jun 17 14:31:30 2019 UTC (4 years, 11 months ago) by job
Branch: job
CVS Tags: job_20190617
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import Kristaps Dzonsons' RPKI validator into the tree rpki-client(1) is an implementation of the Resource Public Key Infrastructure (RPKI), specified by RFC 6480. The client is responsible for downloading, validating and converting Route Origin Authorisations (ROAs) into Validated ROA Payloads (VRPs). The client's output (VRPs) can be used by bgpd(8) to perform BGP Origin Validation (RFC 6811). The current rpki-client(1) version depends on the CMS functions in OpenSSL, this of course needs to be addressed urgently. Thanks to NetNod, IIS.SE, SUNET & 6connect for supporting this effort! OK deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 17 14:31:30 2019 UTC (4 years, 11 months ago) by job
Branch: MAIN
Initial revision