![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.19 / (download) - annotate - [select for diffs], Thu Feb 22 12:49:42 2024 UTC (3 months, 2 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)
Add support for RPKI Signed Prefix Lists Signed Prefix List are a CMS protected content type for use with the RPKI to carry the complete list of prefixes which an Autonomous System may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist with and OK claudio@ tb@
Revision 1.18 / (download) - annotate - [select for diffs], Tue May 30 12:14:48 2023 UTC (12 months, 1 week ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored)
Revert commitid ANSBO0rBvIUtTi45: Make rpki-client choose the verification time of the time it is invoked rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. Using the time of invocation does not work well with fast publishing CAs. It can take a few minutes to reach a repo and that CA may have issued certificates that are not yet valid if that startup time of rpki-client is used to validate. This still keeps the -P option to specify a fixed validation time. OK beck@ job@ tb@
Revision 1.17 / (download) - annotate - [select for diffs], Thu Apr 27 08:37:53 2023 UTC (13 months, 1 week ago) by beck
Branch: MAIN
Changes since 1.16: +2 -3 lines
Diff to previous 1.16 (colored)
Make rpki-client choose the verification time of the time it is invoked rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. ok tb@ claudio@
Revision 1.16 / (download) - annotate - [select for diffs], Wed Apr 26 22:05:28 2023 UTC (13 months, 1 week ago) by beck
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Add a -P option to rpki-client to specify the evaluation time This is intended to be able to test rpki-client in a reproducable way without worrying about the system time changing the results ok claudio@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.14 / (download) - annotate - [select for diffs], Sun May 15 16:43:34 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
More KNF and whitespace fixes.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Apr 20 15:31:48 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
Fix various annoying whitespace errors.
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.10: +15 -7 lines
Diff to previous 1.10 (colored) next main 1.11 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.11.4.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.11: +7 -4 lines
Diff to previous 1.11 (colored) next main 1.12 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.12 / (download) - annotate - [select for diffs], Mon Oct 11 16:50:03 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.11: +7 -4 lines
Diff to previous 1.11 (colored)
Add support for BGPsec Router Certificates (RFC 8209) BGPsec router keys are extracted from RPKI certificates and emitted via the JSON output in base64 encoded form. OK tb@ claudio@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Apr 19 17:04:35 2021 UTC (3 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.10: +9 -4 lines
Diff to previous 1.10 (colored)
code review results in KNF, and moving local variables into lowest scope ok claudio
Revision 1.10 / (download) - annotate - [select for diffs], Sat Sep 12 15:46:48 2020 UTC (3 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_8_BASE,
OPENBSD_6_8
Branch point for: OPENBSD_6_9
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Apr 28 15:03:39 2020 UTC (4 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
a blank line in the header is prettier
Revision 1.8 / (download) - annotate - [select for diffs], Tue Apr 28 13:41:35 2020 UTC (4 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.7: +14 -5 lines
Diff to previous 1.7 (colored)
Print statistics as comments at the top of the files which can take comments. ok claudio job
Revision 1.7 / (download) - annotate - [select for diffs], Fri Mar 6 17:36:42 2020 UTC (4 years, 3 months ago) by benno
Branch: MAIN
Changes since 1.6: +74 -5 lines
Diff to previous 1.6 (colored)
generate 3 different outputs for BIRD: - bird v1 with IPv4 routes - bird v1 with IPv6 routes - bird v2 when using command line option -B. BIRD v2 output from Robert Scheck, robert AT fedoraproject DOT org time_t cast hint from jca@, and tested by job@ ok deraadt@ claudio@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Dec 4 23:03:05 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.5: +5 -5 lines
Diff to previous 1.5 (colored)
use return x; instead of return (x);, like all other files here. ok deraadt@
Revision 1.5 / (download) - annotate - [select for diffs], Wed Dec 4 12:40:17 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +12 -12 lines
Diff to previous 1.4 (colored)
split output management code into seperate file. iterate over output methods using a table. detect output truncation (for instance filesystem full) and don't overwrite previous output ok claudio
Revision 1.4 / (download) - annotate - [select for diffs], Mon Dec 2 02:11:13 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
output_createtmp() remembers the true name, so output_finish() does not need to replay it.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Nov 30 02:31:12 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +7 -2 lines
Diff to previous 1.2 (colored)
Tweak rpki-client to create all 4 output file formats from a single compute, based upon flags. OpenBGPD compatible format by default if no options, to integrate with bgpd.conf and bgpctl reload. Adapt mtree and stuff. This will receive further refactoring... ok benno job
Revision 1.2 / (download) - annotate - [select for diffs], Mon Nov 18 08:36:38 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
Remove unused variables, these output formats don't need special handling for the first or last line. From kristaps@
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 16 17:43:29 2019 UTC (4 years, 7 months ago) by claudio
Branch: MAIN
Add an output format for bird and one doing CSV. Also update the manpage to include all the changes.