![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.224 / (download) - annotate - [select for diffs], Sat Jun 8 13:30:35 2024 UTC (15 hours, 56 minutes ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.223: +2 -1 lines
Diff to previous 1.223 (colored)
Helper to convert purpose into a printable string ok job
Revision 1.223 / (download) - annotate - [select for diffs], Sat Jun 8 13:29:54 2024 UTC (15 hours, 56 minutes ago) by tb
Branch: MAIN
Changes since 1.222: +4 -2 lines
Diff to previous 1.222 (colored)
Extend the cert_purpose enum This adds a TA and an EE purpose to be used in upcoming commits. ok job
Revision 1.222 / (download) - annotate - [select for diffs], Sat Jun 8 13:28:35 2024 UTC (15 hours, 58 minutes ago) by tb
Branch: MAIN
Changes since 1.221: +2 -1 lines
Diff to previous 1.221 (colored)
Add a x509_cache_extensions() helper This is a simple wrapper around X509_check_policy(cert, -1, 0) that doesn't need an explanatory comment in the caller. The reason for having to do this is that various OpenSSL API calls rely on having extension information cached. As an unsurprising consequence of OpenSSL's characteristic API misdesign these calls can't report errors, so they call the extension caching without error checking and the result is that they may report nonsense. To work around this, cache the extensions up front so a second call can't fail and thus API calls such as X509_check_ca(), X509_get_key_usage() and X509_cmp() work reliably. ok job
Revision 1.221 / (download) - annotate - [select for diffs], Tue Jun 4 04:17:18 2024 UTC (5 days, 1 hour ago) by tb
Branch: MAIN
Changes since 1.220: +3 -3 lines
Diff to previous 1.220 (colored)
rpki-client: remove proto argument from x509_location() After recent changes, the rpkiNotify access description became the last user of it, so this is now a pointless complication. ok claudio
Revision 1.220 / (download) - annotate - [select for diffs], Fri May 31 02:45:15 2024 UTC (9 days, 2 hours ago) by tb
Branch: MAIN
Changes since 1.219: +2 -2 lines
Diff to previous 1.219 (colored)
rpki-client: check issuer for certs and CRLs Per RFC 6487, the subject and issuer fields of a certificate and the issuer field of a CRL are subject to the same restrictions: only a commonName and an optional serialNumber may be present and the commonName must be an ASN.1 printable string. So far we've only checked the subject of certificates, which covers almost everything by relying on the verifier to check that the issuer's subject is identical to the subject's issuer, also for CRLs per X509_V_FLAG_CRL_CHECK. The only thing missing this way is the TA's issuer. Since the check is cheap and simple, we're better off doing it ourselves: Refactor the x509_vaild_subject() helper to take an X509_NAME (which is of course the appropriate name for a type representing an X.501 distinguished name). This checks the details of RFC 6487, section 4.4, except that we still can't check for a printable string since afrinic has ~3000 EE certs that don't follow the spec, which would knock out ~45% of their ROAs. We're told that this is going to be fixed this year. looks good to claudio ok job
Revision 1.219 / (download) - annotate - [select for diffs], Wed May 29 13:26:24 2024 UTC (10 days, 16 hours ago) by tb
Branch: MAIN
Changes since 1.218: +1 -4 lines
Diff to previous 1.218 (colored)
rpki-client: rework CRL handling There is no benefit in parsing the CRLNumber in the RPKI. It is redundant with other mechanisms, notably the requirements on manifests. rpki-client never did anything with the CRL number anyway so stop parsing it in the main process. Move CRL AKI and CRL number handling from x509.c to crl.c, slightly improve error checking for X509_CRL_get_ext_d2i() and only check well-formedness of the CRL number: check it's there and non-critical. Avoid double warnings. Add some checks for the well-formedness of the list of revoked certs. Due to bugs in rpki-rs and Krill we can't reject empty lists (because ~15% of CRL's have this). And some people still use CRLs revoking certs at the time they expire. This latter point might change mid-2025. Add a hook for printing CRL numbers in file mode and warn about ill-formed numbers (negative and overlong ones). ok claudio job
Revision 1.218 / (download) - annotate - [select for diffs], Mon May 20 15:51:43 2024 UTC (2 weeks, 5 days ago) by claudio
Branch: MAIN
Changes since 1.217: +13 -8 lines
Diff to previous 1.217 (colored)
Instead of tracking certificates by SKI track them by an internal identifier. The certificate SKI is not strictly unique so using it as a unique id is problematic. It is also not really needed to do that since in theory we already know the path (but this got lost in the privsep communication). So add a cert id and pass this id back and forth between main process and the parser. With this id we can lookup the authentication chain in the parser and this even works with multiple paths to the same resource. Since we no longer lookup by SKI the valid_aki_ski function is replaced by find_issuer() which does the lookup by certid. The loop protection is now extended to allow each TAL to reach each file once but still triggers if a file is reaccessed by the tree of a TAL. In filemode the lookup now uses an AIA uri based lookup tree. Again this replaces the SKI based lookups from before. Done together with tb@ OK tb@ job@
Revision 1.217 / (download) - annotate - [select for diffs], Sun Apr 21 19:27:44 2024 UTC (6 weeks, 6 days ago) by claudio
Branch: MAIN
Changes since 1.216: +3 -1 lines
Diff to previous 1.216 (colored)
P-256 support is experimental so require -x to enable it. Also clean up the externs a little bit by moving experimental and noop to extern.h. Reminded by and OK tb@
Revision 1.216 / (download) - annotate - [select for diffs], Mon Apr 15 13:57:45 2024 UTC (7 weeks, 5 days ago) by job
Branch: MAIN
Changes since 1.215: +2 -1 lines
Diff to previous 1.215 (colored)
Use the manifest location as additional differentiator when comparing CRLs OK tb@
Revision 1.215 / (download) - annotate - [select for diffs], Mon Apr 8 14:02:13 2024 UTC (2 months ago) by tb
Branch: MAIN
Changes since 1.214: +4 -2 lines
Diff to previous 1.214 (colored)
Fix capping of VAPs The previous approach introduced a cap, but it might not always be hit as intended (I missed this on review). Fix this to check the cap after merging an ASPA into an already existing VAP. Also free the list of providers since nothing should be looking at it anymore. Count VAPs that hit the limit with a new overflowed counter. There are still a few aspects of the accounting that probably aren't entirely right. This will be fixed at another point. It's just statistics after all. with/ok claudio, ok job
Revision 1.214 / (download) - annotate - [select for diffs], Fri Apr 5 16:05:15 2024 UTC (2 months ago) by job
Branch: MAIN
Changes since 1.213: +3 -2 lines
Diff to previous 1.213 (colored)
Don't emit Validated ASPAs for Customer ASIDs with more than MAX_ASPA_PROVIDERS The number of providers in a single ASPA object already was limited to MAX_ASPA_PROVIDERS, now also impose a limit on the total number of providers across multiple ASPA objects. If the MAX_ASPA_PROVIDERS limit is hit, omit the Customer ASID's entry from OpenBGPD and JSON output. OK tb@
Revision 1.213 / (download) - annotate - [select for diffs], Fri Mar 22 03:38:12 2024 UTC (2 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.212: +8 -1 lines
Diff to previous 1.212 (colored)
Replace protocol literal strings and strlen() calls with defined constants OK tb@ claudio@
Revision 1.212 / (download) - annotate - [select for diffs], Tue Mar 19 05:04:13 2024 UTC (2 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.211: +4 -4 lines
Diff to previous 1.211 (colored)
Rename parent to issuer in struct auth Parent is confusing and issuer is the appropriate terminology. This is a mechanical diff. The only remaining uses of 'parent' in this code base now mean 'parent process'. discussed with beck and job ok job
Revision 1.211 / (download) - annotate - [select for diffs], Sun Mar 17 01:44:59 2024 UTC (2 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.210: +1 -9 lines
Diff to previous 1.210 (colored)
Remove unused enum rsc_resourceblock_tag This was used in rsc.c prior to the switch to ASN.1 templates. ok job
Revision 1.210 / (download) - annotate - [select for diffs], Mon Feb 26 15:40:33 2024 UTC (3 months, 1 week ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.209: +3 -1 lines
Diff to previous 1.209 (colored)
Track the number of new files moving from 'staging' to 'validated cache' The OpenMetrics output shows per-repository counters for new files added, the main process and JSON output emit the sum of all new files. OK claudio@
Revision 1.209 / (download) - annotate - [select for diffs], Thu Feb 22 21:00:26 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.208: +2 -2 lines
Diff to previous 1.208 (colored)
Fix copy-paste error in comment
Revision 1.208 / (download) - annotate - [select for diffs], Thu Feb 22 12:49:42 2024 UTC (3 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.207: +73 -9 lines
Diff to previous 1.207 (colored)
Add support for RPKI Signed Prefix Lists Signed Prefix List are a CMS protected content type for use with the RPKI to carry the complete list of prefixes which an Autonomous System may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist with and OK claudio@ tb@
Revision 1.207 / (download) - annotate - [select for diffs], Wed Feb 21 12:48:25 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.206: +4 -11 lines
Diff to previous 1.206 (colored)
Group logx() getmonotime() and get_current_time() together Fix their indent in extern.h, move the X509_TIME_* macros to main.c since they aren't (and can't really be) used elsewhere, document the meaning of the magic numbers. Also move get_current_time() out of the middle of entity handlers. ok claudio job
Revision 1.206 / (download) - annotate - [select for diffs], Wed Feb 21 12:38:10 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.205: +8 -8 lines
Diff to previous 1.205 (colored)
Fix secondary indent of various ip_* and as_* prototypes
Revision 1.205 / (download) - annotate - [select for diffs], Wed Feb 21 12:35:36 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.204: +1 -3 lines
Diff to previous 1.204 (colored)
Remove prototypes for tak_read() and ip_addr_cmp() These functions never existed. ok claudio job
Revision 1.204 / (download) - annotate - [select for diffs], Fri Feb 16 05:18:29 2024 UTC (3 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.203: +2 -1 lines
Diff to previous 1.203 (colored)
Factor SKI calculation into a helper This is a straightforward deduplication and simplification made more obvious by prior refactoring by job. "sure" claudio
Revision 1.203 / (download) - annotate - [select for diffs], Sat Feb 3 14:30:47 2024 UTC (4 months ago) by job
Branch: MAIN
Changes since 1.202: +1 -4 lines
Diff to previous 1.202 (colored)
Refactor handling of stale manifests No need to hoist a staleness indicator through the whole process and count it explicitly. OK tb@
Revision 1.202 / (download) - annotate - [select for diffs], Thu Feb 1 15:11:38 2024 UTC (4 months ago) by tb
Branch: MAIN
Changes since 1.201: +2 -1 lines
Diff to previous 1.201 (colored)
Normalize the nid printing OBJ_nid2* can return NULL if the gloriously consistent objects.txt database doesn't specify a long or a short name. So try the long name first, fall back to the short name, and if both fail, use "unknown". Always include the nid as a decimal. ok claudio
Revision 1.201 / (download) - annotate - [select for diffs], Wed Jan 31 06:57:21 2024 UTC (4 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.200: +2 -1 lines
Diff to previous 1.200 (colored)
Introduce and use mft_compare_issued() Newly issued manifests should not only have a higher manifestNumber, their issuance time should also be later. Add corresponding checks and warnings when comparing a newly fetched manifest to a manifest from the cache. ok job (who noticed that such a check was missing)
Revision 1.200 / (download) - annotate - [select for diffs], Wed Jan 31 06:54:43 2024 UTC (4 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.199: +2 -2 lines
Diff to previous 1.199 (colored)
Rename mft_compare() to mft_compare_seqnum() This makes it clearer what exactly this function compares. Also drop some NULL checks that made the semantics of this function tricky. ok job
Revision 1.199 / (download) - annotate - [select for diffs], Thu Jan 18 14:34:26 2024 UTC (4 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.198: +2 -2 lines
Diff to previous 1.198 (colored)
The CRL's purported signing time actually is called thisUpdate, not lastUpdate OK tb@ claudio@
Revision 1.198 / (download) - annotate - [select for diffs], Sun Jan 7 09:48:29 2024 UTC (5 months ago) by tb
Branch: MAIN
Changes since 1.197: +2 -2 lines
Diff to previous 1.197 (colored)
rpki-client: zap a stray space
Revision 1.197 / (download) - annotate - [select for diffs], Wed Dec 27 07:15:55 2023 UTC (5 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.196: +3 -5 lines
Diff to previous 1.196 (colored)
Rework the warnings on internet resources Unify the printing of warnings about AS numbers and IP address blocks to use a call to as_warn() and ip_warn(). Fix a bug in the latter where the upper bound of an IP range didn't take the RFC 3779 encoding into account and passed the address directly to inet_pton() rather than filling the missing bits with 1. Switch the argument order to match the warnings and tweak some warning messages. ok claudio job
Revision 1.196 / (download) - annotate - [select for diffs], Mon Dec 11 19:05:20 2023 UTC (5 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.195: +2 -1 lines
Diff to previous 1.195 (colored)
Warn when the same manifestNumber is recycled across multiple issuances of that manifest OK tb@
Revision 1.195 / (download) - annotate - [select for diffs], Fri Nov 24 14:05:47 2023 UTC (6 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.194: +3 -2 lines
Diff to previous 1.194 (colored)
Require files to be of a minimum size in the RRDP & RSYNC transports Picked 100 bytes as a minimum, to accommodate future signature schemes (such as the smaller P-256) and small files like empty CRLs. With and OK claudio@ tb@
Revision 1.194 / (download) - annotate - [select for diffs], Thu Nov 16 11:10:59 2023 UTC (6 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.193: +3 -1 lines
Diff to previous 1.193 (colored)
Add a helper to extrct the CRL Number from a crl ok claudio
Revision 1.193 / (download) - annotate - [select for diffs], Fri Oct 13 12:06:49 2023 UTC (7 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.192: +16 -4 lines
Diff to previous 1.192 (colored)
Allow imposing constraints on RPKI trust anchors The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope. Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32. For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html With and OK tb@, OK claudio@
Revision 1.192 / (download) - annotate - [select for diffs], Mon Sep 25 14:56:20 2023 UTC (8 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.191: +7 -1 lines
Diff to previous 1.191 (colored)
rpki-client: Refactor sbgp_assysnum() and sbgp_addrblk() An upcoming diff requires the ability to convert ASIdentifiers and IpAddrBlocks into rpki-client's internal structures. Accordingly, split already existing code into dedicated parsing functions . The original functions now only extract the extension-specific data from the X509_EXTENSION. input/ok claudio
Revision 1.191 / (download) - annotate - [select for diffs], Mon Sep 25 11:08:45 2023 UTC (8 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.190: +8 -8 lines
Diff to previous 1.190 (colored)
Pass the talid to various parse functions This will be needed by an upcoming feature where we will need to know what trust anchor a given cert chains to. This doesn't change anything except the size of the diff. ok claudio job
Revision 1.190 / (download) - annotate - [select for diffs], Mon Sep 25 08:48:14 2023 UTC (8 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.189: +3 -1 lines
Diff to previous 1.189 (colored)
Introduce ip_addr_range_print() to avoid code repetition OK tb@
Revision 1.189 / (download) - annotate - [select for diffs], Tue Sep 12 09:33:30 2023 UTC (8 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.188: +2 -1 lines
Diff to previous 1.188 (colored)
Ensure the X.509 Subject only contains commonName and optionally serialNumber OK tb@
Revision 1.188 / (download) - annotate - [select for diffs], Thu Jun 29 14:33:35 2023 UTC (11 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.187: +2 -6 lines
Diff to previous 1.187 (colored)
rpki-client: fix vap_pas stats A small mistake in a diff broke the counters. Make them AFI agnostic and adjust ometric output. guidance & ok claudio
Revision 1.187 / (download) - annotate - [select for diffs], Thu Jun 29 10:28:25 2023 UTC (11 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.186: +1 -9 lines
Diff to previous 1.186 (colored)
Retire log.c
Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.
suggested by claudio
ok job
Revision 1.186 / (download) - annotate - [select for diffs], Mon Jun 26 18:39:53 2023 UTC (11 months, 1 week ago) by job
Branch: MAIN
Changes since 1.185: +3 -8 lines
Diff to previous 1.185 (colored)
Decode and validate ASPA objects following the v1 syntax Through draft-ietf-sidrops-aspa-profile-15, the ASPA profile was made AFI-agnostic. This represents a simplification for both operators and implementers in both the RPKI and BGP layers of the stack. This update changes the JSON structure. No effort was made to simultaneously support ASPA v0 and v1 objects. OK tb@ claudio@
Revision 1.185 / (download) - annotate - [select for diffs], Fri Jun 23 11:36:24 2023 UTC (11 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.184: +10 -5 lines
Diff to previous 1.184 (colored)
Improve detection of RRDP session desynchronization According to RFC 8182, a given session_id and serial number represent an immutable record of the state of the Repository Server at a certain point in time. Add a check to the RRDP notification file processing to compare whether the delta hashes associated to previously seen serials are different in newly fetched notification files. Fall back to a snapshot if a difference is detected, because such a mutation is a strong desynchronization indicator. Idea from Ties de Kock (RIPE NCC). Based on a diff by job@ With and OK job@ tb@
Revision 1.184 / (download) - annotate - [select for diffs], Wed Jun 7 10:46:34 2023 UTC (12 months ago) by job
Branch: MAIN
Changes since 1.183: +3 -2 lines
Diff to previous 1.183 (colored)
In anticipation of a bump of the ASPA eContent profile version, update valid_econtent_version() to allow for non-zero versions. OK tb@
Revision 1.183 / (download) - annotate - [select for diffs], Tue May 30 16:02:28 2023 UTC (12 months, 1 week ago) by job
Branch: MAIN
Changes since 1.182: +3 -2 lines
Diff to previous 1.182 (colored)
Fixup file modification timestamps to optimize failover from RRDP to RSYNC In the RSYNC protocol a file's last modification time and its size are used to determine whether sending a (partial) copy over the wire is needed. Previously, when RRDP data structures are serialized to disk, the mtime of files in DIR_VALID ended up being UTIME_NOW. Thus, the mtimes of files obtained through RRDP will never match the mtimes of the same files available through RSYNC - causing each and every file to be added to the file transfer list. Instead, use the internal timestamps of RPKI files as the last modified timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs) the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files the CRL lastUpdate. This results in a surprising optimization for the number files which have to be transfered. OK claudio@
Revision 1.182 / (download) - annotate - [select for diffs], Tue May 30 12:14:48 2023 UTC (12 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.181: +2 -2 lines
Diff to previous 1.181 (colored)
Revert commitid ANSBO0rBvIUtTi45: Make rpki-client choose the verification time of the time it is invoked rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. Using the time of invocation does not work well with fast publishing CAs. It can take a few minutes to reach a repo and that CA may have issued certificates that are not yet valid if that startup time of rpki-client is used to validate. This still keeps the -P option to specify a fixed validation time. OK beck@ job@ tb@
Revision 1.181 / (download) - annotate - [select for diffs], Tue May 9 10:34:32 2023 UTC (13 months ago) by tb
Branch: MAIN
Changes since 1.180: +2 -1 lines
Diff to previous 1.180 (colored)
rpki-client: use partial chains in certificate validation The generally rather poor quality RFC 3779 code in libcrypto also performs abysmally. Flame graphs show that nearly 20% of the parser process is spent in addr_contains() alone. There is room for improvement in addr_contains() itself - the containment check for prefixes could be optimized quite a bit. We can avoid a lot of the most expensive work for certificates with tons of resources close to the TA by using the verifier's partial chains flag. More precisely, in the tree of already validated certs look for the first one that has no inherited RFC 3779 resources and use that as 'trust anchor' for our chains via the X509_V_FLAG_PARTIAL_CHAIN flag. This way we can be sure that a leaf's delegated resources are properly covered and at the same time significantly shorten most paths validated. Job's and my testing indicates that this avoids 30-50% of overhead and works equally well with LibreSSL and OpenSSL >= 1.1. The main bottlenecks in the parser process now appear to be SHA-2 and RSA/BIGNUM, two well-known pain points in libcrypto. This is based on a hint by beck and was discussed extensively with beck, claudio and job during and after m2k23. ok claudio job
Revision 1.180 / (download) - annotate - [select for diffs], Thu Apr 27 08:37:53 2023 UTC (13 months, 1 week ago) by beck
Branch: MAIN
Changes since 1.179: +2 -2 lines
Diff to previous 1.179 (colored)
Make rpki-client choose the verification time of the time it is invoked rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. ok tb@ claudio@
Revision 1.179 / (download) - annotate - [select for diffs], Wed Apr 26 22:05:28 2023 UTC (13 months, 1 week ago) by beck
Branch: MAIN
Changes since 1.178: +9 -1 lines
Diff to previous 1.178 (colored)
Add a -P option to rpki-client to specify the evaluation time This is intended to be able to test rpki-client in a reproducable way without worrying about the system time changing the results ok claudio@
Revision 1.178 / (download) - annotate - [select for diffs], Wed Apr 26 16:32:41 2023 UTC (13 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.177: +19 -9 lines
Diff to previous 1.177 (colored)
Improve accounting by tracking things by repo and tal. This fixes some wrong accounting for repositories that are referenced from more than one TAL. It changes the ometric lable output a little bit since there are repository metrics that no longer include the 'name' label. OK tb@
Revision 1.177 / (download) - annotate - [select for diffs], Thu Apr 13 17:04:02 2023 UTC (13 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.176: +3 -2 lines
Diff to previous 1.176 (colored)
Check whether products listed on a manifest were issued by the same authority as the manifest itself OK tb@
Revision 1.176 / (download) - annotate - [select for diffs], Thu Mar 30 15:29:15 2023 UTC (14 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.175: +2 -1 lines
Diff to previous 1.175 (colored)
Add the protocol used to sync the repository to the open-metric output. OK tb@
Revision 1.175 / (download) - annotate - [select for diffs], Mon Mar 13 19:51:49 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.174: +9 -3 lines
Diff to previous 1.174 (colored)
In filemode, display the moment the signature path will expire Previously this was only shown for ROA+ASPA. Now also show for GBR, Geofeed, Certs, RSC, and TAK. OK tb@
Revision 1.174 / (download) - annotate - [select for diffs], Mon Mar 13 09:24:37 2023 UTC (14 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.173: +3 -3 lines
Diff to previous 1.173 (colored)
Rename some data fields to closer match their provenance OK tb@
Revision 1.173 / (download) - annotate - [select for diffs], Sun Mar 12 11:54:56 2023 UTC (14 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.172: +4 -1 lines
Diff to previous 1.172 (colored)
Refactor expiration calculation Unify common code paths which find the exact expiry moment into a new helper function. Additionally, the new helper offers more accuracy by checking more applicable CRLs whether their 'nextupdate' is 'sooner'. tb@ noted: The helper adds a multiplier of log(#crls), but that's certainly acceptable as it is still very cheap. OK tb@
Revision 1.172 / (download) - annotate - [select for diffs], Fri Mar 10 12:44:56 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.171: +11 -11 lines
Diff to previous 1.171 (colored)
mechanical change, rename struct members to match the original X509 names OK tb@
Revision 1.171 / (download) - annotate - [select for diffs], Fri Mar 10 12:02:11 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.170: +9 -1 lines
Diff to previous 1.170 (colored)
Show the X.509 notBefore in filemode OK tb@
Revision 1.170 / (download) - annotate - [select for diffs], Thu Mar 9 12:54:28 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.169: +2 -1 lines
Diff to previous 1.169 (colored)
In filmode also show 'Not After' for GBR records OK tb@
Revision 1.169 / (download) - annotate - [select for diffs], Thu Mar 9 09:46:21 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.168: +10 -3 lines
Diff to previous 1.168 (colored)
Show CMS signing-time signed attribute in filemode OK tb@
Revision 1.168 / (download) - annotate - [select for diffs], Mon Mar 6 16:04:52 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.167: +2 -1 lines
Diff to previous 1.167 (colored)
Add check for RSA key pair modulus & public exponent Both the SPKI inside a CA's .cer TBS section and Signers wrapped in CMS must be RSA, with mod 2048 & (e) 0x10001 OK tb@
Revision 1.167 / (download) - annotate - [select for diffs], Fri Jan 13 08:58:36 2023 UTC (16 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.166: +4 -4 lines
Diff to previous 1.166 (colored)
Add aspa-set to openbgpd config output. Change the way the validated ASPA tree is built since OpenBGPD config follows more the ASPA profile and puts the optional AFI to each provider ASnum instead of duplicated everything into an IPv4 and IPv6 tree. The JSON output of ASPA is still the same. The inclusion of the aspa-set can currently be disabled by the -A flag. OK tb@
Revision 1.166 / (download) - annotate - [select for diffs], Wed Jan 4 14:22:43 2023 UTC (17 months ago) by claudio
Branch: MAIN
Changes since 1.165: +2 -1 lines
Diff to previous 1.165 (colored)
Validate the session_id to be a real UUID. RFC 8182 requires the session_id to be a version 4 random UUID (using variant 1). Now checking the version and variant is currently disabled because there is at least one CA with a session_id that is all random and therefor the version check triggers there. Joint work with job@. OK job@, tb@
Revision 1.165 / (download) - annotate - [select for diffs], Wed Dec 28 21:30:18 2022 UTC (17 months, 1 week ago) by jmc
Branch: MAIN
Changes since 1.164: +3 -3 lines
Diff to previous 1.164 (colored)
spelling fixes; from paul tagliamonte any parts of his diff not taken are noted on tech
Revision 1.164 / (download) - annotate - [select for diffs], Thu Dec 15 12:02:29 2022 UTC (17 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.163: +75 -40 lines
Diff to previous 1.163 (colored)
Rework statistic collection to be per repository and add metric output option Many statistic values are now accounted by repository via repo_stat_inc() At end of the run sum_stats() accumulates these stats per TAL and globally. The new output file metrics is written when the -m output flag is specified. The metrics file is written in OpenMetrics format (with a few tweaks to allow node_exporter to parse the file as well). The ometric code is a copy from bgpctl(8) and should be kept in sync. OK tb@
Revision 1.163 / (download) - annotate - [select for diffs], Wed Dec 14 10:34:49 2022 UTC (17 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.162: +4 -4 lines
Diff to previous 1.162 (colored)
Switch to struct timespec for collecting stats. This allows to use clock_gettime(CLOCK_MONOTONIC) for runtime calculation. OK tb@
Revision 1.162 / (download) - annotate - [select for diffs], Tue Nov 29 10:33:09 2022 UTC (18 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.161: +2 -2 lines
Diff to previous 1.161 (colored)
Return an error string instead of surpressing the warning in valid_x509. This way manifests can should a better error message when something fails. With and OK tb@
Revision 1.161 / (download) - annotate - [select for diffs], Sat Nov 26 12:02:36 2022 UTC (18 months, 1 week ago) by job
Branch: MAIN
Changes since 1.160: +31 -1 lines
Diff to previous 1.160 (colored)
Add support for authenticating geofeed data CSV files in filemode RFC 9092 describes a scheme in which an authenticator is appended to a geofeed (RFC 8805) file. It is a digest of the main body of the file signed by the private key of the relevant RPKI certificate for a covering address range. The authenticator is a detached CMS signature. with and OK tb@
Revision 1.160 / (download) - annotate - [select for diffs], Fri Nov 18 14:38:34 2022 UTC (18 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.159: +1 -10 lines
Diff to previous 1.159 (colored)
Move skiplist to main and merge with shortlist. With/ok job
Revision 1.159 / (download) - annotate - [select for diffs], Fri Nov 4 12:05:36 2022 UTC (19 months ago) by tb
Branch: MAIN
Changes since 1.158: +4 -4 lines
Diff to previous 1.158 (colored)
whitespace
Revision 1.158 / (download) - annotate - [select for diffs], Fri Nov 4 09:43:13 2022 UTC (19 months ago) by job
Branch: MAIN
Changes since 1.157: +7 -1 lines
Diff to previous 1.157 (colored)
Check the SIA signedObject in ROA/MFT/ASPA/TAK/GBR EE certificates Unfortunately we can't yet error out when accessMethods other than signedObject are encountered in the SubjectInformationAccess extension because there is pollution in the ecosystem. OK tb@
Revision 1.157 / (download) - annotate - [select for diffs], Wed Nov 2 12:43:02 2022 UTC (19 months ago) by job
Branch: MAIN
Changes since 1.156: +37 -1 lines
Diff to previous 1.156 (colored)
Add support for draft-ietf-sidrops-signed-tal-12 Add support validation of Signed Objects containing Trust Anchor Keys (TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs to distribute and sign the next Trust Anchor with the current Trust Anchor. This might be an improvement over visiting RIR websites and copy+pasting TAL data by hand. OK tb@
Revision 1.156 / (download) - annotate - [select for diffs], Sat Sep 3 21:24:02 2022 UTC (21 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.155: +3 -1 lines
Diff to previous 1.155 (colored)
Properly free() crl & auth tree in parser process OK claudio@
Revision 1.155 / (download) - annotate - [select for diffs], Sat Sep 3 14:40:09 2022 UTC (21 months ago) by job
Branch: MAIN
Changes since 1.154: +2 -1 lines
Diff to previous 1.154 (colored)
Introduce x509_any_inherit() for objects which may not have inherit elements Unify conformance checking of Trust Anchors, ROAs, ASPAs, RSCs - none of which may have any 'inherit' elements in the RFC 3779 IP/AS Resources extension of the X509 certificate. OK tb@
Revision 1.154 / (download) - annotate - [select for diffs], Sat Sep 3 13:30:27 2022 UTC (21 months ago) by claudio
Branch: MAIN
Changes since 1.153: +2 -1 lines
Diff to previous 1.153 (colored)
Add the repoid of the cert in the cert struct. This way it is possible to track the parent repository id of a publication point. Nomenclature is confusing but not much we can do here. OK tb@ job@
Revision 1.153 / (download) - annotate - [select for diffs], Fri Sep 2 19:10:36 2022 UTC (21 months ago) by claudio
Branch: MAIN
Changes since 1.152: +3 -1 lines
Diff to previous 1.152 (colored)
Use the abort commands when a repo timeout happens. This is cleaner then just failing the repo fetch but leaving the backends running. OK tb@
Revision 1.152 / (download) - annotate - [select for diffs], Fri Sep 2 18:37:17 2022 UTC (21 months ago) by claudio
Branch: MAIN
Changes since 1.151: +2 -1 lines
Diff to previous 1.151 (colored)
Implement RRDP_ABORT, a message to abort a inflight RRDP request. The abort is done in a way that waits for any inflight files or http requests to finish before removing the rrdp state and before sending the rrdp done message indicating failure. OK tb@ and benno@
Revision 1.151 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
Changes since 1.150: +66 -8 lines
Diff to previous 1.150 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.150 / (download) - annotate - [select for diffs], Fri Aug 19 12:45:53 2022 UTC (21 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.149: +4 -3 lines
Diff to previous 1.149 (colored)
Check the resources in ROAs and RSCs against EE certs The resources delegated in the RFC 3779 extensions of the EE cert for ROAs or RSCs can be a subset of the resources in the auth chain. So far we compared that the resources of ROAs and RSCs are covered by the auth chain, which is not entirely correct. Extract the necessary data from the EE cert into rpki-client's own data structures, then verify that the EE cert's resources cover the ones claimed in the ROA or RSC. Do this as part or ROA and RSC parsing, that the EE cert's resources are covered by the auth chain is checked in valid_x509() later on. All this is a bit more annoying and intrusive than it should be... ok claudio job
Revision 1.149 / (download) - annotate - [select for diffs], Thu Aug 18 15:20:27 2022 UTC (21 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.148: +1 -2 lines
Diff to previous 1.148 (colored)
Remove dangling ASPA references until we land real support OK tb@
Revision 1.148 / (download) - annotate - [select for diffs], Wed Aug 17 11:57:46 2022 UTC (21 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.147: +8 -5 lines
Diff to previous 1.147 (colored)
Clarify and tidy up some comments OK tb@
Revision 1.147 / (download) - annotate - [select for diffs], Wed Aug 10 10:27:03 2022 UTC (21 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.146: +2 -2 lines
Diff to previous 1.146 (colored)
Decrease how long to wait for the remote peer to send IO before giving up If a repository is uncommunicative, rpki-client will try other transports, or come back later (because of a next crontab invocation). OK claudio@
Revision 1.146 / (download) - annotate - [select for diffs], Tue Aug 9 09:02:26 2022 UTC (22 months ago) by claudio
Branch: MAIN
Changes since 1.145: +2 -2 lines
Diff to previous 1.145 (colored)
Make the http code respect MAX_CONN_TIMEOUT and fail connects once they hit this timeout. This is in line with the rsync code. OK tb@ job@
Revision 1.145 / (download) - annotate - [select for diffs], Mon Aug 8 15:22:31 2022 UTC (22 months ago) by job
Branch: MAIN
Changes since 1.144: +4 -1 lines
Diff to previous 1.144 (colored)
Unify the maximum idle IO timeout for RSYNC & HTTPS OK claudio@
Revision 1.144 / (download) - annotate - [select for diffs], Mon Aug 8 14:10:10 2022 UTC (22 months ago) by job
Branch: MAIN
Changes since 1.143: +4 -1 lines
Diff to previous 1.143 (colored)
Set rsync connection timeout to 15 seconds. OK sthen@
Revision 1.143 / (download) - annotate - [select for diffs], Mon Jun 27 10:18:27 2022 UTC (23 months, 1 week ago) by job
Branch: MAIN
Changes since 1.142: +13 -1 lines
Diff to previous 1.142 (colored)
Add skiplist option to steer clear of skiplisted hosts Blocking outbound connections towards RPKI publication servers based on IP or IPv6 address in external instrumentation like HTTP proxies or pf(4) rules is somewhat unwieldy. It might be easier for operators if we offer a mechanism that cuts at the CA cert SIA parsing step. OK claudio@ tb@
Revision 1.142 / (download) - annotate - [select for diffs], Fri Jun 10 10:36:43 2022 UTC (23 months, 4 weeks ago) by tb
Branch: MAIN
Changes since 1.141: +2 -1 lines
Diff to previous 1.141 (colored)
Dedup econtent version checks Since the ASN.1 template conversions, we have three copies of mostly dead code that validates that the econtent version is at its default value 0. Until a new standard bumps this version and we decide to support that, we're better off with only one copy of this code. ok claudio
Revision 1.141 / (download) - annotate - [select for diffs], Wed Jun 1 10:59:21 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.140: +4 -1 lines
Diff to previous 1.140 (colored)
Limit the number of RSC checklist FileNameAndHash entries the same way as mft FileAndHash entries are checked. ok claudio job
Revision 1.140 / (download) - annotate - [select for diffs], Tue May 31 18:41:43 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.139: +1 -6 lines
Diff to previous 1.139 (colored)
Remove now unused ASN1_frame() and cms_econtent_version() ok claudio job
Revision 1.139 / (download) - annotate - [select for diffs], Tue May 31 18:33:16 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.138: +11 -1 lines
Diff to previous 1.138 (colored)
Prepare rewrite of rsc.c with templated ASN.1
Change signatures of various functions to avoid using struct parse and
expose sbgp_as_{id,range}() and sbgp_addr{,_range}() so they can be used
from rsc.c. This is a mostly mechanical diff.
ok claudio job
Revision 1.138 / (download) - annotate - [select for diffs], Tue May 24 09:20:49 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.137: +4 -3 lines
Diff to previous 1.137 (colored)
Introduce MAX_HTTP_REQUESTS and MAX_RSYNC_REQUESTS. These just replace MAX_CONNECTIONS and MAX_RSYNC_PROCESSES to be more unified. OK tb@
Revision 1.137 / (download) - annotate - [select for diffs], Wed May 11 21:19:06 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.136: +2 -1 lines
Diff to previous 1.136 (colored)
Verify MFT and GBR objects only carry RFC 3779 extensions set to 'inherit' OK claudio@ tb@
Revision 1.136 / (download) - annotate - [select for diffs], Wed May 11 14:42:01 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.135: +2 -1 lines
Diff to previous 1.135 (colored)
In filemode check whether ROA & RSC resources are properly contained with and OK tb@ claudio@
Revision 1.135 / (download) - annotate - [select for diffs], Tue May 10 07:41:37 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.134: +2 -1 lines
Diff to previous 1.134 (colored)
Validate RSC filenames Factor out POSIX portable filename check into a new valid_filename() and rename the previous valid_filename() to valid_mft_filename(). Fixes and supersedes imcomplete checks in the RSC code. Avoids truncation via strndup() in case of embedded NULs. input/ok claudio
Revision 1.134 / (download) - annotate - [select for diffs], Mon May 9 17:19:32 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.133: +1 -2 lines
Diff to previous 1.133 (colored)
Drop prototype of currently nonexistent function.
Revision 1.133 / (download) - annotate - [select for diffs], Mon May 9 17:02:34 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.132: +39 -1 lines
Diff to previous 1.132 (colored)
Add preliminary support for decoding RSC objects in filemode This implements decoding support for draft-ietf-sidrops-rpki-rsc-06 There are three major outstanding issues: * The wire image might still change to conform to the more widely deployed 3779 API in libressl/openssl. IETF discussion ongoing. * Whether the resources listed in the ResourceBlock are contained within the EE's RFC 3779 extension is not hooked up yet. * There is a fair bit of duplicity between rsc.c and cert.c, look for XXX OK tb@
Revision 1.132 / (download) - annotate - [select for diffs], Thu Apr 21 12:59:03 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.131: +2 -2 lines
Diff to previous 1.131 (colored)
Further refactor and cleanup filemode.c mainly remove the copies of proc_parser_cert_validate() and proc_parser_root_cert() adjust parse_load_certchain() and parse_load_ta() respectivly. Also cleanup the functions in parser.c and make it possible to call ta_parse and cert_parse with a NULL cert. OK tb@
Revision 1.131 / (download) - annotate - [select for diffs], Thu Apr 21 09:53:07 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.130: +8 -5 lines
Diff to previous 1.130 (colored)
The filemode code is enough different from the regular parser code that it makes sense to totally split it out. Duplicate proc_parser_cert_validate() and proc_parser_root_cert() for now. The valid_x509() plus the required static functions are moved to validate.c. The crl_tree code moved into crl.c similar to the auth_tree handling in cert.c. All the proc functions are now tagged with __attribute(noreturn) which allows to remove the errx() after them. OK tb@
Revision 1.130 / (download) - annotate - [select for diffs], Wed Apr 20 15:38:24 2022 UTC (2 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.129: +2 -2 lines
Diff to previous 1.129 (colored)
more whitespace cleanups
Revision 1.129 / (download) - annotate - [select for diffs], Wed Apr 20 10:46:20 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.128: +6 -5 lines
Diff to previous 1.128 (colored)
Add Concatenated JSON output in filemode (rpki-client -j -f *) The schema is still work in progress. OK claudio@
Revision 1.128 / (download) - annotate - [select for diffs], Tue Apr 19 13:52:24 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored)
Change type of talsz and dependent code from size_t to int. Tal ids are already stored as int and and talsz is the limit for these ids. OK tb@
Revision 1.127 / (download) - annotate - [select for diffs], Tue Apr 19 09:52:29 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.126: +4 -1 lines
Diff to previous 1.126 (colored)
Adjust on how CRL and MFT files are verified. Verify the CRL referenced from the mft against the mft's fileAndHash info. If the CRL matches then load it and use it to validate this mft. If the mft validated OK add the now also valid CRL to the auth store for later use. Before the newest CRL was always selected but that has negative consequences because it is common practice to revoke the previous MFT's EE cert and with that the cache is turned useless as soon as a new CRL is used. Also there was a possibility that the CRL used for validation of the MFT was not the one later used. Both RFC6486 and draft-ietf-sidrops-6486bis are unclear about this part of the validation process. We opted in favor of the chached MFT. With and OK tb@
Revision 1.126 / (download) - annotate - [select for diffs], Tue Apr 12 08:45:34 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.125: +4 -1 lines
Diff to previous 1.125 (colored)
Generalize sbgp_sia_location() to x509_location() AIA and CRL URIs can reuse the code in sbgp_sia_location and thus get the same checks as the SIA locations. This eliminates some more duplication and makes the checks more stringent in that embedded NULs and "./" are no longer allowed. ok claudio
Revision 1.125 / (download) - annotate - [select for diffs], Mon Apr 4 16:02:54 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.124: +3 -2 lines
Diff to previous 1.124 (colored)
Adjust cache cleanup to the deficits of RRDP. Unlike rysnc, RRDP has no method to sync the cache. It just depends on all deltas to work but has no method to check if the result is consistent with the source. Because of this do not unlink files which were fetched via RRDP. Instead move them back to their .rrdp directory and hope the will be cleaned up. This should help to keep the cache coherent in some edge cases. OK tb@
Revision 1.124 / (download) - annotate - [select for diffs], Sat Apr 2 12:17:53 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.123: +8 -4 lines
Diff to previous 1.123 (colored)
Split certificate parsing in two steps. cert_parse_pre() which does the parse and some checks and cert_parse() or ta_parse() to do the additional checks for regular certs or TAs. With this adjust the cert parser in -f mode to identify TAs (by checking if it is self signed) and adjust the validation in that case. Now -f should be able to parse and show all object correctly. With and OK tb@
Revision 1.123 / (download) - annotate - [select for diffs], Fri Apr 1 17:22:07 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.122: +5 -5 lines
Diff to previous 1.122 (colored)
Change x509_get_aki(), x509_get_ski(), x509_get_aia(), and x509_get_crl() to work more like x509_get_expire(). They will return an error if the extension extraction failed but not if it was not present. The callers must now do that check but most did already. With this cert_parse_inner() no longer cares about TA vs non-TA certs. Feedback and OK tb@
Revision 1.122 / (download) - annotate - [select for diffs], Thu Mar 31 12:00:00 2022 UTC (2 years, 2 months ago) by job
Branch: MAIN
Changes since 1.121: +2 -1 lines
Diff to previous 1.121 (colored)
Sync & permit ASPA objects to appear on Manifests OK tb@ claudio@
Revision 1.121 / (download) - annotate - [select for diffs], Mon Feb 14 14:46:16 2022 UTC (2 years, 3 months ago) by job
Branch: MAIN
Changes since 1.120: +4 -1 lines
Diff to previous 1.120 (colored)
Name the maximum number of deltas permitted in a RRDP Notification file OK claudio@ tb@
Revision 1.120 / (download) - annotate - [select for diffs], Thu Feb 10 17:33:28 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.119: +2 -1 lines
Diff to previous 1.119 (colored)
Fix serial number printing in crl_print() for large serials. Create a common x509_convert_seqnum() function to convert the various ASN1_INTEGERs into hexnumbers and use this for mft and crl handling. With and OK tb@, also OK job@
Revision 1.119 / (download) - annotate - [select for diffs], Thu Feb 10 15:33:47 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.118: +9 -6 lines
Diff to previous 1.118 (colored)
Implement some code to print crls with -f. For this introduce x509_get_time() that converts a ASN1_TIME to time_t. Also move time2str() to print.c where it makes more sense. This needs more work but that will happen in tree. OK tb@
Revision 1.118 / (download) - annotate - [select for diffs], Tue Feb 8 14:53:03 2022 UTC (2 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.117: +3 -2 lines
Diff to previous 1.117 (colored)
Check CRLs also for manifests There is a chicken-egg here since manifests reference the CRL themselves. We may also have two CRLs available, in which case we check against the one with the newer thisUpdate time. The RFC situation is a bit of a mess with abundant complexity, unclear recommendations and requirements and draft specs that also need to be considered. This is a first version that works with future improvements to be landed later. Joint work with claudio, prompted by a question by job ok claudio job
Revision 1.117 / (download) - annotate - [select for diffs], Tue Feb 8 11:51:51 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.116: +3 -3 lines
Diff to previous 1.116 (colored)
Move the guts of proc_parser_crl() into crl_parse(). This is actually parsing the CRL, so it makes more sense to have it there. It will also make an upcoming change easier. While there, rename free_crl() into crl_free() for consistency with all other *_free() functions. input/ok claudio
Revision 1.116 / (download) - annotate - [select for diffs], Fri Jan 28 15:30:23 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.115: +14 -3 lines
Diff to previous 1.115 (colored)
Properly handle .mft files as intended by the RFC. Instead of always selecting the newest file this opens both the new (from rrdp or rsync) and old (valid) MFT. It then compares the manifest number and based on that the 'newer' MFT is selected. The MFT file and hash check is also changed to always try both locations and selecting whatever matches up with the hash. The selction is passed back to the the main process and used later on to open exactly the same file as was checked against the hash. The MFT parsing code has been split up into multiple steps so that the files can be parsed, compared and then fully validated. In most cases this makes no difference but it prevents replay attacks using old but still valid files. With and OK tb@
Revision 1.115 / (download) - annotate - [select for diffs], Mon Jan 24 17:29:37 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.114: +1 -2 lines
Diff to previous 1.114 (colored)
Adjust code to handle unsupported file types a bit more graceful. The file still needs to match its hash to make the MFT valid but then there will only be a warning printed. Parsing of other files from that MFT are not influenced. OK tb@
Revision 1.114 / (download) - annotate - [select for diffs], Sun Jan 23 12:09:24 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.113: +2 -4 lines
Diff to previous 1.113 (colored)
Handle EINTR the same way in all poll loops. In all cases restart the poll loop. In the main process move the timeout handling for repositories into a single function that does the timeouts and the calculation of the timeout in one go. OK tb@
Revision 1.113 / (download) - annotate - [select for diffs], Sun Jan 23 05:59:35 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.112: +3 -4 lines
Diff to previous 1.112 (colored)
Simplify valid_cert() and valid_roa() by passing in struct auth instead of looking it up again. For this valid_roa() needs to be moved up in proc_parser_roa() also move out the assignment of the TAL id. Not the right thing to alter an object in a validation function. OK tb@
Revision 1.112 / (download) - annotate - [select for diffs], Sat Jan 22 09:18:48 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.111: +3 -4 lines
Diff to previous 1.111 (colored)
Change valid_filename() ot return an enum rtype and rename it to rtype_from_mftfile(). Move both rtype_from functions to mft.c. ok beck claudio
Revision 1.111 / (download) - annotate - [select for diffs], Fri Jan 21 18:49:44 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.110: +20 -17 lines
Diff to previous 1.110 (colored)
Add function to determine the file type from the file name extension rpki-client uses the same idiom to determine the file type in too many places. Use one function that determines the appropriate RTYPE from the file name. Add that type to struct mftfile and use this new member to simplify queue_add_from_mft*(). input/ok claudio
Revision 1.110 / (download) - annotate - [select for diffs], Thu Jan 20 09:24:08 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.109: +1 -2 lines
Diff to previous 1.109 (colored)
Rename mft_check() to proc_parser_mft_check() and make it a static function.
Revision 1.109 / (download) - annotate - [select for diffs], Wed Jan 19 15:50:31 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.108: +3 -1 lines
Diff to previous 1.108 (colored)
Implement a filemode where the passed file from the command line is printed in human readable form and is also verified against the valid cache of rpki-client. To validate the file the chain is explored backwards by looking at the Authority Information Access URI and X509v3 CRL Distribution Point of the cert. Once the trust anchor is found this chain can be verified. Feedback and OK job@ tb@
Revision 1.108 / (download) - annotate - [select for diffs], Tue Jan 18 16:36:49 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.107: +4 -5 lines
Diff to previous 1.107 (colored)
Change cert_parse() and ta_parse() to no longer take a x509 handle as argument. The x509 cert is also inside struct cert and easy to access. Also switch auth_insert() to a void function since it can't fail. OK tb@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Jan 18 16:24:55 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.106: +2 -2 lines
Diff to previous 1.106 (colored)
Revert all the files that should have not been committed in last commit.
Revision 1.106 / (download) - annotate - [select for diffs], Tue Jan 18 16:18:22 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.105: +3 -3 lines
Diff to previous 1.105 (colored)
Kill extra newline
Revision 1.105 / (download) - annotate - [select for diffs], Tue Jan 18 13:06:43 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.104: +2 -1 lines
Diff to previous 1.104 (colored)
Cleanup the scattered OBJ_txt2obj() calls and move them into x509_init_oid() to initalize all necessary OID objects at start. OK tb@
Revision 1.104 / (download) - annotate - [select for diffs], Fri Jan 14 15:00:23 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.103: +6 -4 lines
Diff to previous 1.103 (colored)
Introduce a validated cache which holds all the files that have successfully been verified by rpki-client. With this the rsync and rrdp directories are more of a temporary storage location. New files are downloaded there and then moved to the valid directory at the end. In -n mode only the valid directory is looked at with the exception of the ta directory holding the trust anchors. A file can now be in two different locations so adjust all the code paths that open files to check both locations. One nice side-effect of this is that the RRDP handling in the main process got simplified. There is no longer the need for temporary RRDP directories. OK tb@
Revision 1.103 / (download) - annotate - [select for diffs], Thu Jan 13 13:46:03 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.102: +2 -2 lines
Diff to previous 1.102 (colored)
Alter valid_filehash() to take a file descriptor instead of a path. This is needed so that callers can allow a file to be in multiple locations. Also move mft_check() from mft.c to parser.c. OK tb@
Revision 1.102 / (download) - annotate - [select for diffs], Thu Jan 13 13:18:41 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.101: +4 -2 lines
Diff to previous 1.101 (colored)
Implement a RRDP_CLEAR message that instructs the parent to cleanup the rrdp directory. This is used before a snapshot download to ensure that the snapshot is applied to a clean repo. Similar cleanup happens if the transfer fails. In that case remove the temp directory contents only. This uses a new function remove_contents() to remove everything below a base directory (a bit like rm -r X/*). OK tb@
Revision 1.101 / (download) - annotate - [select for diffs], Tue Jan 11 13:06:07 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.100: +12 -5 lines
Diff to previous 1.100 (colored)
Change the way the parser accesses files. It now builds the file path based on information from the repository, a local path and the filename. This simplifies some code both in the main process and the parser. For this to work repositories are passed to the parser before any other entity of this repository is passed. Struct entity is extended to include the repoid and the path along the file(name). Input and OK tb@ & job@
Revision 1.100 / (download) - annotate - [select for diffs], Wed Dec 29 11:37:57 2021 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.99: +3 -4 lines
Diff to previous 1.99 (colored)
Cleanup struct entity. Remove the unneeded has_data field, the same information can be figured out by looking at the data pointer itself. It is NULL when there is no data and not-NULL if there is data. OK benno@
Revision 1.99 / (download) - annotate - [select for diffs], Wed Dec 22 09:35:14 2021 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.98: +13 -13 lines
Diff to previous 1.98 (colored)
Replace two questionable size_t types. For the repo id use a unsigned int and for the roa maxlength use unsigned char (like the prefixlen in struct ip_addr). With input and OK job@
Revision 1.98 / (download) - annotate - [select for diffs], Thu Nov 25 14:03:40 2021 UTC (2 years, 6 months ago) by job
Branch: MAIN
Changes since 1.97: +1 -4 lines
Diff to previous 1.97 (colored)
Replace MAX_REPO_TIMEOUT with repo_timeout, which is set to 1/4th of timeout, or if timeout is disabled set to 24 hours. OK claudio@
Revision 1.97 / (download) - annotate - [select for diffs], Wed Nov 24 15:24:16 2021 UTC (2 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.96: +2 -1 lines
Diff to previous 1.96 (colored)
Move some functions from rrdp.c to rrdp_util.c and hex_decode to encoding.c. This will make it easier to write a RRDP regress test. OK job@ deraadt@
Revision 1.96 / (download) - annotate - [select for diffs], Wed Nov 10 08:34:48 2021 UTC (2 years, 6 months ago) by job
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
Increase maximum filesize of RPKI objects to 4MB Based on feedback from Ties de Kock OK tb@
Revision 1.63.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.63: +149 -62 lines
Diff to previous 1.63 (colored) next main 1.64 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.67.4.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.67: +139 -57 lines
Diff to previous 1.67 (colored) next main 1.68 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.95 / (download) - annotate - [select for diffs], Tue Nov 9 11:03:39 2021 UTC (2 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.94: +12 -3 lines
Diff to previous 1.94 (colored)
Limit the number of publication points under a given TAL. Introduce an additional timeout for each publication point. The limits are large enough to accomodate normal operating levels. With and OK benno@ job@ tb@ beck@ deraadt@
Revision 1.94 / (download) - annotate - [select for diffs], Fri Nov 5 10:50:41 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.93: +1 -6 lines
Diff to previous 1.93 (colored)
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
Revision 1.93 / (download) - annotate - [select for diffs], Thu Nov 4 14:24:41 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.92: +2 -1 lines
Diff to previous 1.92 (colored)
Move and promote getmonotime() to an internal API function.
Revision 1.92 / (download) - annotate - [select for diffs], Thu Nov 4 14:21:19 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.91: +10 -10 lines
Diff to previous 1.91 (colored)
Use the same spacing for all defines.
Revision 1.91 / (download) - annotate - [select for diffs], Thu Nov 4 11:32:55 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.90: +11 -8 lines
Diff to previous 1.90 (colored)
Instead of passing tal descriptions around just pass a tal id and use a small lookup table to print the description in the output path. OK tb@
Revision 1.90 / (download) - annotate - [select for diffs], Wed Nov 3 14:59:37 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.89: +4 -1 lines
Diff to previous 1.89 (colored)
Limit the number of rsync processes being spawned by stopping to accept new requests when over the limit. Use a generous limit of 16. OK deraadt@
Revision 1.89 / (download) - annotate - [select for diffs], Wed Nov 3 10:50:18 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.88: +8 -14 lines
Diff to previous 1.88 (colored)
Move the MAX_CERT_DEPTH to extern.h and adjust the comments of all limits a bit.
Revision 1.88 / (download) - annotate - [select for diffs], Mon Nov 1 17:00:34 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.87: +4 -6 lines
Diff to previous 1.87 (colored)
Further simplify cert and auth handling. Move common code into auth_insert and skip this distinction between invalid and failed certificates. The difference between the to is getting more and more blurry. OK tb@
Revision 1.87 / (download) - annotate - [select for diffs], Mon Nov 1 09:12:18 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.86: +1 -3 lines
Diff to previous 1.86 (colored)
Cleanup struct auth a bit. The tal description is also stored in the cert and the filename is only used in tracewarn which is not that helpful. OK tb@
Revision 1.86 / (download) - annotate - [select for diffs], Fri Oct 29 09:27:36 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.85: +2 -1 lines
Diff to previous 1.85 (colored)
Ensure that RRDP snapshot and delta files are fetched from the same host as the notification file. OK tb@ job@
Revision 1.85 / (download) - annotate - [select for diffs], Thu Oct 28 13:51:42 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.84: +6 -1 lines
Diff to previous 1.84 (colored)
Limit how many FileAndHash entries a single manifest may contain OK claudio@
Revision 1.84 / (download) - annotate - [select for diffs], Thu Oct 28 11:57:00 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.83: +3 -1 lines
Diff to previous 1.83 (colored)
Limit the size of the base64 blob inside the RRDP XML to be less than MAX_FILE_SIZE after base64 decoding it. This way hostile RRDP servers do less damage. OK beck@ tb@
Revision 1.83 / (download) - annotate - [select for diffs], Thu Oct 28 09:02:19 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)
Don't exit in certain cases on failures to parse x509 objects. In most cases we already warn and continue if someone sends us malformed x509 objects. This makes this consistent behaviour in all places so that if someone passes in bogus X509, We end up failing their entry and continuing rather than exiting. We still exit on memory/system failures so that a future run of rpki client can simply do better when the machine is perhaps less hammered on ok job@ claudio@
Revision 1.82 / (download) - annotate - [select for diffs], Wed Oct 27 21:56:58 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.81: +18 -1 lines
Diff to previous 1.81 (colored)
Add limits on size of certain untrusted inputs ok job@
Revision 1.81 / (download) - annotate - [select for diffs], Tue Oct 26 16:59:19 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.80: +2 -2 lines
Diff to previous 1.80 (colored)
Move load_file() to encoding.c so that regress can use the function.
Revision 1.80 / (download) - annotate - [select for diffs], Tue Oct 26 16:12:54 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.79: +12 -12 lines
Diff to previous 1.79 (colored)
Refactor the tal parsing code to use the same load_file() and buffer passing as done for the other parsers. OK job@ tb@
Revision 1.79 / (download) - annotate - [select for diffs], Tue Oct 26 13:31:05 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.78: +5 -3 lines
Diff to previous 1.78 (colored)
Also move the cert parser code away from using BIO. OK beck@
Revision 1.78 / (download) - annotate - [select for diffs], Tue Oct 26 10:52:49 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.77: +9 -5 lines
Diff to previous 1.77 (colored)
Change CMS and CRL d2i functions from their BIO version to passing the der buffer instead. The file are loaded early in the entity processing loop. OK tb@
Revision 1.77 / (download) - annotate - [select for diffs], Sun Oct 24 17:53:07 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.76: +8 -1 lines
Diff to previous 1.76 (colored)
Move the various print functions from the regress tests into print.c. OK tb@
Revision 1.76 / (download) - annotate - [select for diffs], Sun Oct 24 12:06:16 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.75: +2 -1 lines
Diff to previous 1.75 (colored)
Restrict the characterset for filenames on Manifests feedback from benno@ OK claudio@
Revision 1.75 / (download) - annotate - [select for diffs], Sat Oct 23 20:01:16 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.74: +3 -6 lines
Diff to previous 1.74 (colored)
Rename io_buf_new to io_new_buffer and io_buf_close to io_close_buffer. With this the write functions are all of the form io_xyz_buffer. Remove some prototypes of functions I forgot to remove in previous commit. OK benno@
Revision 1.74 / (download) - annotate - [select for diffs], Sat Oct 23 16:06:04 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.73: +13 -11 lines
Diff to previous 1.73 (colored)
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
Revision 1.73 / (download) - annotate - [select for diffs], Fri Oct 22 11:13:06 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.72: +4 -1 lines
Diff to previous 1.72 (colored)
First step of cleanup in the io land. Introduce io_buf_new() and io_buf_close(). These function will inject a size of the the buffer at the beginning of the buffer and will allow the read size to be switched to proper async IO. OK benno@
Revision 1.72 / (download) - annotate - [select for diffs], Tue Oct 12 15:16:45 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.71: +5 -4 lines
Diff to previous 1.71 (colored)
Emit SKI in the JSON output and improve flow in x509_get_pubkey() OK claudio@
Revision 1.71 / (download) - annotate - [select for diffs], Mon Oct 11 16:50:03 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.70: +39 -12 lines
Diff to previous 1.70 (colored)
Add support for BGPsec Router Certificates (RFC 8209) BGPsec router keys are extracted from RPKI certificates and emitted via the JSON output in base64 encoded form. OK tb@ claudio@
Revision 1.70 / (download) - annotate - [select for diffs], Sun Oct 10 21:57:43 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.69: +3 -3 lines
Diff to previous 1.69 (colored)
Make style consistent and remove an unused code path OK tb@
Revision 1.69 / (download) - annotate - [select for diffs], Thu Oct 7 08:30:39 2021 UTC (2 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.68: +4 -1 lines
Diff to previous 1.68 (colored)
Add x509_get_expire() to extract the not-after time from a certificate as a epoch time_t. Store the expire time for certs, crls will follow after. OK tb@
Revision 1.68 / (download) - annotate - [select for diffs], Tue Oct 5 11:20:46 2021 UTC (2 years, 8 months ago) by job
Branch: MAIN
Changes since 1.67: +10 -1 lines
Diff to previous 1.67 (colored)
Add rudimentary support for BGPsec router certificates OK claudio@
Revision 1.67 / (download) - annotate - [select for diffs], Thu Sep 9 14:15:49 2021 UTC (2 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored)
Rework how various OIDs are compared in the code. Instead of converting the ASN1_OBJECT into a string and comparing the strings, convert the string into an ASN1_OBJECT once and then compare these objects with OBJ_cmp(). Makes the code a bit easier to read and removes some repetitive conversions. With input and OK tb@
Revision 1.66 / (download) - annotate - [select for diffs], Wed Sep 1 08:09:41 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.65: +2 -3 lines
Diff to previous 1.65 (colored)
Add http_proxy support to rpki-client's http handler. OK tb@
Revision 1.65 / (download) - annotate - [select for diffs], Tue Jul 13 18:39:39 2021 UTC (2 years, 10 months ago) by job
Branch: MAIN
Changes since 1.64: +7 -3 lines
Diff to previous 1.64 (colored)
Add more checks for eContent 'version' fields. Input from deraadt@, tb@, claudio@ OK deraadt@ claudio@ tb@
Revision 1.64 / (download) - annotate - [select for diffs], Thu May 6 17:03:57 2021 UTC (3 years, 1 month ago) by job
Branch: MAIN
Changes since 1.63: +3 -1 lines
Diff to previous 1.63 (colored)
Add an 'expires' column to CSV & JSON output The 'expires' value contains a reasonable earliest moment a VRP would expire, in light of the currently available set of CAs and CRLs. The 'expires' value can be used to avoid route selection based on stale data when generating VRP sets, when faced with loss of communication between consumer and valdiator, or validator and CA repository. OK claudio@
Revision 1.63 / (download) - annotate - [select for diffs], Wed Apr 14 18:05:47 2021 UTC (3 years, 1 month ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.62: +1 -2 lines
Diff to previous 1.62 (colored)
move the RPKI_VERSION define into its own version.h file, helps portable. ok claudio@
Revision 1.62 / (download) - annotate - [select for diffs], Thu Apr 1 16:04:48 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.61: +71 -2 lines
Diff to previous 1.61 (colored)
Initial commit of RRDP (The RPKI Repository Delta Protocol - RFC8182) support in rpki-client. For now it is off by default. All XML processing is done in its own process with minimal pledge rights. It uses the already present https process to fetch the xml files and uses the master porcess to handle the file IO into the repositories. RRDP data is stored in the cache under ./rrdp/ and the first directory is the SHA256 hash of the notify URI. Fetching snapshots and deltas works to bring the cache up to date. If something goes wrong rpki-client will fall back to rsync. RRDP was implemented by Nils Fisher and integrated into rpki-client by myself. "Time to get it in" deraadt@
Revision 1.61 / (download) - annotate - [select for diffs], Thu Apr 1 06:53:49 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.60: +2 -1 lines
Diff to previous 1.60 (colored)
Do a better job at cleaning up. Remove empty directories, scan not only the known repositories but also clean up no longer known repositories. With this rpki-client keeps its cache nice and shiny. With and OK job@
Revision 1.60 / (download) - annotate - [select for diffs], Thu Apr 1 06:43:23 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.59: +8 -1 lines
Diff to previous 1.59 (colored)
Move base64 and hex encoding functions into their own place. OK tb@
Revision 1.59 / (download) - annotate - [select for diffs], Mon Mar 29 12:41:34 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.58: +2 -1 lines
Diff to previous 1.58 (colored)
Introduce hex_encode() to transform the aki/ski values to a string. OK tb@
Revision 1.58 / (download) - annotate - [select for diffs], Mon Mar 29 06:50:44 2021 UTC (3 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.57: +1 -3 lines
Diff to previous 1.57 (colored)
Inline x509_get_extensions() and remove it Since aia, aki and ski are all represented by char *, this is an error-prone interface - as found by job. The function doesn't do much anyway. ok claudio
Revision 1.57 / (download) - annotate - [select for diffs], Sun Mar 28 16:22:17 2021 UTC (3 years, 2 months ago) by job
Branch: MAIN
Changes since 1.56: +2 -1 lines
Diff to previous 1.56 (colored)
Add some restrictions to manifest object profile OK tb@, feedback from claudio@
Revision 1.56 / (download) - annotate - [select for diffs], Thu Mar 25 12:18:45 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.55: +7 -1 lines
Diff to previous 1.55 (colored)
Adjust HTTP client code a bit. Add support for 304 Not Modified responses, remove handling of 206 Partial Content (the client does not use range headers). Report the Last-Modified timestamp back to the requestor and switch OK to a enum value for (FAIL, OK and NOT MODIFIED). OK tb@
Revision 1.55 / (download) - annotate - [select for diffs], Fri Mar 19 13:56:10 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
Add an -V option to show the version of rpki-client. For the base version it will show just OpenBSD while -portable will show the portable version. OK sthen@, tb@, kn@
Revision 1.54 / (download) - annotate - [select for diffs], Thu Mar 18 14:03:42 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.53: +1 -2 lines
Diff to previous 1.53 (colored)
Since the entity queues are per repo there is no need to store the repo id anymore. OK job@ tb@
Revision 1.53 / (download) - annotate - [select for diffs], Fri Mar 5 17:15:19 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
Factor out the URI check we do in various places into valid_uri(). RRDP will add a bunch more checks so this makes even more sense. With and OK tb@
Revision 1.52 / (download) - annotate - [select for diffs], Fri Mar 5 16:00:00 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.51: +2 -1 lines
Diff to previous 1.51 (colored)
Factor out the SHA256 hash checks into valid_filehash() so that it can be used by the RRDP code as well. OK tb@
Revision 1.51 / (download) - annotate - [select for diffs], Fri Mar 5 12:33:19 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
Remove space at end of line
Revision 1.50 / (download) - annotate - [select for diffs], Thu Mar 4 13:01:41 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.49: +6 -1 lines
Diff to previous 1.49 (colored)
Implement a https client as a sub-process for rpki-client. This code will be used to fetch TA certs and later on for RRDP. Kind of unreached for now since the default TAL files don't include https URI. The http client is fully asynchronous and can handle multiple downloads at the same time. This code was based on the http client in ftp(1). OK tb@, job@
Revision 1.49 / (download) - annotate - [select for diffs], Tue Mar 2 09:23:59 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
There is no longer the need to mkpathat(), the main process runs now from the cachedir.
Revision 1.48 / (download) - annotate - [select for diffs], Tue Mar 2 09:08:59 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.47: +1 -2 lines
Diff to previous 1.47 (colored)
Open both the cachedir and outputdir early and use fchdir(2) to switch between the two. OK deraadt@ job@
Revision 1.47 / (download) - annotate - [select for diffs], Mon Feb 22 09:46:05 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
Rename mkpath() to mkpathat() since it uses mkdirat() internally.
Revision 1.46 / (download) - annotate - [select for diffs], Fri Feb 19 08:14:49 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)
Move the mkpath() call from the rsync path to the main process. This allows to drop cpath from the rsync proc pledge (down to "stdio proc exec"). This will also make work easier with the upcoming http fetcher. OK tb@
Revision 1.45 / (download) - annotate - [select for diffs], Thu Feb 18 16:23:17 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)
Use X509_get_ext_d2i() also for x509_get_aki() and x509_get_ski(). Now x509_get_extensions() is no longer required to loop over all extensions and the code becomes a lot simpler. While there cleanup x509_get_crl(), as explained by tb@ X509_get_ext_d2i() allocates memory so one needs to free the pointer at the end. For x509_crl_get_aki() use X509_CRL_get_ext_d2i() and more or less copy the rest over from x509_get_aki(). Warn if extensions are missing or present when not expected and also check the the extensions are marked non-critical as required. OK job@ tb@
Revision 1.44 / (download) - annotate - [select for diffs], Tue Feb 16 08:52:00 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.43: +2 -4 lines
Diff to previous 1.43 (colored)
Rework the repository handling. Split the handling of trust anchors into
ta_lookup() while regular repositories (to fetch .mft files) are handled
by repo_lookup(). Also the cache directory layout changed; moving the
trust anchors to ./ta/{tal basename}/ the other repositories end up in
./rsync/
OK tb@
Revision 1.43 / (download) - annotate - [select for diffs], Tue Feb 16 07:58:30 2021 UTC (3 years, 3 months ago) by job
Branch: MAIN
Changes since 1.42: +12 -6 lines
Diff to previous 1.42 (colored)
get Authority Information Access (AIA) from CA & EE certs In the context of the RPKI, the AIA extension identifies the publication point of the certificate of the issuer of the certificate in which the extension appears. A single reference to the publication point of the immediate superior certificate MUST be present, except for a "self-signed" certificate. Thanks tb@ for review OK claudio@
Revision 1.42 / (download) - annotate - [select for diffs], Mon Feb 8 09:22:53 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.41: +2 -1 lines
Diff to previous 1.41 (colored)
Extract the 1.3.6.1.5.5.7.48.5 (caRepository) SIA from the certificate. Make sure that the caRepository matches the start of the URI of rpkiManifest. The MFT must be a file inside the caRepository. OK tb@
Revision 1.41 / (download) - annotate - [select for diffs], Thu Feb 4 14:32:01 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
The uri parameter of struct entity is actually a local file path. Rename field to reduce confusion about what is what. OK tb@
Revision 1.40 / (download) - annotate - [select for diffs], Thu Feb 4 08:10:24 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.39: +23 -1 lines
Diff to previous 1.39 (colored)
Shuffle code around, move all the bits of proc_parser into parser.c. OK tb@
Revision 1.39 / (download) - annotate - [select for diffs], Tue Feb 2 18:33:11 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.38: +3 -1 lines
Diff to previous 1.38 (colored)
Add a mkpath() helper function to rpki-client to recursively create directories. OK deraadt@
Revision 1.38 / (download) - annotate - [select for diffs], Fri Jan 29 10:13:16 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.37: +5 -5 lines
Diff to previous 1.37 (colored)
A while ago rpki-client was changed to validate the sha256 hashes of files referenced in MFT files during the validation of the MFT file. An MFT is only valid if all files are present and their hashes are valid. Because of this there is no longer the need to check the hash when these files are parsed later on. Remove these checks for CRT, ROA and CRL files. Use the presence of the pkey when parsing cert files to decide if it is a root cert or not. OK tb@
Revision 1.37 / (download) - annotate - [select for diffs], Fri Jan 8 08:09:07 2021 UTC (3 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.36: +12 -14 lines
Diff to previous 1.36 (colored)
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
Revision 1.36 / (download) - annotate - [select for diffs], Wed Dec 9 11:29:04 2020 UTC (3 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.35: +16 -2 lines
Diff to previous 1.35 (colored)
Validate ghostbuster records (RFC 6493) but for now do nothing with the provided vcard payload. This change verifies the certificate of the .gbr file and makes sure it is valid (like we do for e.g. .roa files). OK job@
Revision 1.35 / (download) - annotate - [select for diffs], Wed Dec 2 15:31:15 2020 UTC (3 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.34: +1 -3 lines
Diff to previous 1.34 (colored)
Remove the last users of io_*_write functions that call io_simple_write() internally. This is a step in direction of more async aware io in rpki-client. Now everything uses a buffer which is then written. OK tb@
Revision 1.34 / (download) - annotate - [select for diffs], Sat Sep 12 15:46:48 2020 UTC (3 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.33: +3 -1 lines
Diff to previous 1.33 (colored)
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
Revision 1.33 / (download) - annotate - [select for diffs], Sat Sep 12 10:02:01 2020 UTC (3 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)
Move the proc_rsync and with that the rsync processing into rsync.c main.c is too crowded OK deraadt@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Jul 28 07:35:04 2020 UTC (3 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.31: +2 -1 lines
Diff to previous 1.31 (colored)
One tiny step towards adding RRDP support in rpki-client. Extract the notify URL from the cert if it is available and pass it back to the parent process. The parent process can then use this info to load the repo via RRDP instead of rsync. OK benno@ (some long time ago)
Revision 1.31 / (download) - annotate - [select for diffs], Tue Jun 30 12:52:44 2020 UTC (3 years, 11 months ago) by job
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
Remove -f (force) option. The -f option existed for some initial debugging work. Thanks Weerd for review OK claudio@
Revision 1.30 / (download) - annotate - [select for diffs], Wed Jun 24 14:39:21 2020 UTC (3 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
Stop using rsync --delete when syncing up with the CA repos. Instead use the files referenced in the manifests to build up a list of files to keep and remove anything that is not in the list after doing the full computation. OK job@ benno@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 30 13:46:39 2020 UTC (4 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.28: +5 -1 lines
Diff to previous 1.28 (colored)
Place elapsed, user, and system time for processing in the comment headers. ok job benno claudio
Revision 1.28 / (download) - annotate - [select for diffs], Tue Apr 28 13:41:35 2020 UTC (4 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.27: +30 -8 lines
Diff to previous 1.27 (colored)
Print statistics as comments at the top of the files which can take comments. ok claudio job
Revision 1.27 / (download) - annotate - [select for diffs], Wed Apr 1 14:15:49 2020 UTC (4 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)
Split the mft file and hash check from the mft parsing. This makes it easier to check all files in a mft before failing and also the check is now done after the embedded cert was checked. This refactor was triggered because of a bug in mft_parse_econtent(). check_validity() altered rc but later failure code assumed that goto out is good enough to return an error (rc == -1) but since rc was 1 success was returned. This bug is now also fixed. Bug report and OK job@
Revision 1.26 / (download) - annotate - [select for diffs], Tue Mar 10 14:22:26 2020 UTC (4 years, 3 months ago) by jca
Branch: MAIN
Changes since 1.25: +1 -4 lines
Diff to previous 1.25 (colored)
Narrow the visibility of some functions and variables local to output.c Also make the outputs table const. Based on a suggestion from claudio@, ok deraadt@ claudio@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Mar 9 23:50:01 2020 UTC (4 years, 3 months ago) by jca
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
Ensure that we properly flush, close and rename temporary output files Makes sure we don't feed an incomplete/garbage file to consumers. Input and ok claudio@ deraadt@
Revision 1.24 / (download) - annotate - [select for diffs], Fri Mar 6 17:36:42 2020 UTC (4 years, 3 months ago) by benno
Branch: MAIN
Changes since 1.23: +4 -2 lines
Diff to previous 1.23 (colored)
generate 3 different outputs for BIRD: - bird v1 with IPv4 routes - bird v1 with IPv6 routes - bird v2 when using command line option -B. BIRD v2 output from Robert Scheck, robert AT fedoraproject DOT org time_t cast hint from jca@, and tested by job@ ok deraadt@ claudio@
Revision 1.23 / (download) - annotate - [select for diffs], Fri Dec 6 09:27:12 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.22: +3 -2 lines
Diff to previous 1.22 (colored)
Don't hardcode the cache directory for rpki-client. If started as root rpki-client will use the defaults for cache and output directory. If not started as root users need to provide both directories as arguments. While there switch from absolute path names to relative ones. For this the parser and rsync process do a chdir(2) to the cache directory on startup. OK benno@
Revision 1.22 / (download) - annotate - [select for diffs], Wed Dec 4 12:40:17 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.21: +16 -5 lines
Diff to previous 1.21 (colored)
split output management code into seperate file. iterate over output methods using a table. detect output truncation (for instance filesystem full) and don't overwrite previous output ok claudio
Revision 1.21 / (download) - annotate - [select for diffs], Mon Dec 2 02:11:13 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
output_createtmp() remembers the true name, so output_finish() does not need to replay it.
Revision 1.20 / (download) - annotate - [select for diffs], Sat Nov 30 02:31:12 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.19: +7 -6 lines
Diff to previous 1.19 (colored)
Tweak rpki-client to create all 4 output file formats from a single compute, based upon flags. OpenBGPD compatible format by default if no options, to integrate with bgpd.conf and bgpctl reload. Adapt mtree and stuff. This will receive further refactoring... ok benno job
Revision 1.19 / (download) - annotate - [select for diffs], Fri Nov 29 04:40:04 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.18: +3 -2 lines
Diff to previous 1.18 (colored)
Use the AKI embedded in the CRL to store the crls. This way the AKI from the cert can be used to load the correct CRL. This simplifies the code even further. OK benno@, beck@ agrees that this is the right way to do it
Revision 1.18 / (download) - annotate - [select for diffs], Fri Nov 29 04:04:08 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.17: +3 -1 lines
Diff to previous 1.17 (colored)
If run as root, priv-drop to _rpki-client. If no output file is specified, output to the bgpd/bgpd.conf-compatible /var/db/rpki-client/roa file. ok claudio and benno
Revision 1.17 / (download) - annotate - [select for diffs], Thu Nov 28 20:36:17 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.16: +14 -8 lines
Diff to previous 1.16 (colored)
Convert the auths array into an RB tree indexed by SKI. For fast lookups the parent auth struct is stored as a pointer so walking up the certificate chain remains simple. Doing this replaces a few slow lookups and speeds up rpki-client by a factor of 2. OK benno@
Revision 1.16 / (download) - annotate - [select for diffs], Thu Nov 28 20:23:09 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.15: +3 -1 lines
Diff to previous 1.15 (colored)
Output to a temporary file, which gets renamed on success. This will work much better with bgpd.conf include automation. ok claudio benno
Revision 1.15 / (download) - annotate - [select for diffs], Thu Nov 28 03:22:59 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.14: +18 -1 lines
Diff to previous 1.14 (colored)
To verify a manifest, a roa, or a certificate, we check its signature against the CA one layer above it. This check just needs to use the certificate revocation list published by that CA. Instead of loading all CRLs we find into the trust store, we create a STACK_OF(X509_CRL), push the onto it and use it with X509_STORE_CTX_set0_crls(ctx, crls); The x509_get_crl() function to retrieve a crl path from an X509 object is written by claudio@. ok claudio@
Revision 1.14 / (download) - annotate - [select for diffs], Wed Nov 27 17:14:20 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.13: +23 -13 lines
Diff to previous 1.13 (colored)
whitespace
Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 27 17:08:12 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.12: +3 -1 lines
Diff to previous 1.12 (colored)
Only store ta certs in the trust store and build chains of the intermediate certificates for use in X509_STORE_CTX_init(). To do that save the X509 cert in struct cert. claudio sees > 2x speed increase. ok claudio@ and feedback from jsing@ and beck@.
Revision 1.12 / (download) - annotate - [select for diffs], Wed Nov 27 04:32:09 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.11: +18 -17 lines
Diff to previous 1.11 (colored)
knf, make types grepable. ok claudio@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Nov 4 09:35:43 2019 UTC (4 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)
Refactor tal code a bit. Move the file reader back into tal.c so that the regress test is able to use it. OK deraadt@
Revision 1.10 / (download) - annotate - [select for diffs], Thu Oct 31 08:36:43 2019 UTC (4 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
Handle the TAL files in the master process and pass them as buffer to the parser process. This way the parser never needs to read outside of the cache directory which makes the unveil simpler. Additionally rsync_uri_parse no longer needs to know about .tal files so there is now no chance to sneak in a .tal file later on. OK deraadt@
Revision 1.9 / (download) - annotate - [select for diffs], Wed Oct 16 17:43:29 2019 UTC (4 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.8: +3 -1 lines
Diff to previous 1.8 (colored)
Add an output format for bird and one doing CSV. Also update the manpage to include all the changes.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Oct 8 10:04:36 2019 UTC (4 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.7: +27 -4 lines
Diff to previous 1.7 (colored)
Rewrite the output handling of rpki-client and add an option to dump the data in JSON format. To make the JSON output the same as the output of the RIPE rpki-validator the basename of the TAL had to be added and passed around in rpki-client. Additinally the VRPs are now stored in an RB tree in the main process instead of keeping them per ROA object. This changes the sort order to be in network order and no longer just lexographical. Agreed by job@ deraadt@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Aug 20 16:01:52 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.6: +3 -2 lines
Diff to previous 1.6 (colored)
Change the arguments to rpki-client a bit. Instead of listing all TAL files as arguments rpki-client will now load the TAL installed in /etc/rpki by default. For debug reasons an option -t tal is added to pass in TAL files by hand. The argument is now instead the filename of the output file. Now `rpki-client roa.conf` will do what you need which is a lot nicer. Agreed by deraadt@ job@ to be a step in the right direction.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Aug 13 13:27:26 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.5: +4 -1 lines
Diff to previous 1.5 (colored)
Show the most common warnings only if verbose is set. Most of these warnings were shown because of an inconsistent rpki database and is no real problem. OK florian@
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jun 19 16:30:37 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +1 -1 lines
Diff to previous 1.4 (colored)
use $OpenBSD$ headers
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 19 15:47:34 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.3: +4 -5 lines
Diff to previous 1.3 (colored)
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jun 19 04:21:43 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +14 -14 lines
Diff to previous 1.2 (colored)
indentation adjustments, in particular near warn statements ok claudio
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 17 15:02:39 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +1 -8 lines
Diff to previous 1.1 (colored)
This portable code knocking out pledge or unveil is better done as a C stub, rather than #define. Anyways, this "-portable by default" approach is not the OpenBSD way.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Jun 17 14:31:30 2019 UTC (4 years, 11 months ago) by job
Branch: job
CVS Tags: job_20190617
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import Kristaps Dzonsons' RPKI validator into the tree rpki-client(1) is an implementation of the Resource Public Key Infrastructure (RPKI), specified by RFC 6480. The client is responsible for downloading, validating and converting Route Origin Authorisations (ROAs) into Validated ROA Payloads (VRPs). The client's output (VRPs) can be used by bgpd(8) to perform BGP Origin Validation (RFC 6811). The current rpki-client(1) version depends on the CMS functions in OpenSSL, this of course needs to be addressed urgently. Thanks to NetNod, IIS.SE, SUNET & 6connect for supporting this effort! OK deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 17 14:31:30 2019 UTC (4 years, 11 months ago) by job
Branch: MAIN
Initial revision