![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.53 / (download) - annotate - [select for diffs], Wed May 29 13:26:24 2024 UTC (3 days, 6 hours ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.52: +57 -8 lines
Diff to previous 1.52 (colored)
rpki-client: rework CRL handling There is no benefit in parsing the CRLNumber in the RPKI. It is redundant with other mechanisms, notably the requirements on manifests. rpki-client never did anything with the CRL number anyway so stop parsing it in the main process. Move CRL AKI and CRL number handling from x509.c to crl.c, slightly improve error checking for X509_CRL_get_ext_d2i() and only check well-formedness of the CRL number: check it's there and non-critical. Avoid double warnings. Add some checks for the well-formedness of the list of revoked certs. Due to bugs in rpki-rs and Krill we can't reject empty lists (because ~15% of CRL's have this). And some people still use CRLs revoking certs at the time they expire. This latter point might change mid-2025. Add a hook for printing CRL numbers in file mode and warn about ill-formed numbers (negative and overlong ones). ok claudio job
Revision 1.52 / (download) - annotate - [select for diffs], Mon Feb 26 10:02:37 2024 UTC (3 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.51: +2 -1 lines
Diff to previous 1.51 (colored)
Properly close JSON array before continuing in TAK OK claudio@
Revision 1.51 / (download) - annotate - [select for diffs], Thu Feb 22 19:29:55 2024 UTC (3 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
Zap trailing blanks
Revision 1.50 / (download) - annotate - [select for diffs], Thu Feb 22 12:49:42 2024 UTC (3 months, 1 week ago) by job
Branch: MAIN
Changes since 1.49: +55 -1 lines
Diff to previous 1.49 (colored)
Add support for RPKI Signed Prefix Lists Signed Prefix List are a CMS protected content type for use with the RPKI to carry the complete list of prefixes which an Autonomous System may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist with and OK claudio@ tb@
Revision 1.49 / (download) - annotate - [select for diffs], Fri Feb 16 05:18:29 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.48: +6 -18 lines
Diff to previous 1.48 (colored)
Factor SKI calculation into a helper This is a straightforward deduplication and simplification made more obvious by prior refactoring by job. "sure" claudio
Revision 1.48 / (download) - annotate - [select for diffs], Tue Feb 13 20:40:17 2024 UTC (3 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.47: +5 -3 lines
Diff to previous 1.47 (colored)
Improve printing of TALs extracted from .tak objects This changeset makes the output align more with the TAL file syntax. OK tb@
Revision 1.47 / (download) - annotate - [select for diffs], Tue Feb 13 20:36:42 2024 UTC (3 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.46: +18 -20 lines
Diff to previous 1.46 (colored)
Avoid using i2d_RSAPublicKey() This should help with future portability efforts, and perhaps makes the code a bit more readable. OK tb@
Revision 1.46 / (download) - annotate - [select for diffs], Thu Feb 1 15:11:38 2024 UTC (3 months, 4 weeks ago) by tb
Branch: MAIN
Changes since 1.45: +17 -1 lines
Diff to previous 1.45 (colored)
Normalize the nid printing OBJ_nid2* can return NULL if the gloriously consistent objects.txt database doesn't specify a long or a short name. So try the long name first, fall back to the short name, and if both fail, use "unknown". Always include the nid as a decimal. ok claudio
Revision 1.45 / (download) - annotate - [select for diffs], Thu Jan 18 14:34:26 2024 UTC (4 months, 1 week ago) by job
Branch: MAIN
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)
The CRL's purported signing time actually is called thisUpdate, not lastUpdate OK tb@ claudio@
Revision 1.44 / (download) - annotate - [select for diffs], Thu Nov 16 11:18:47 2023 UTC (6 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.43: +4 -9 lines
Diff to previous 1.43 (colored)
Simplify CRL printing ok claudio
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jul 19 21:49:30 2023 UTC (10 months, 1 week ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.42: +3 -3 lines
Diff to previous 1.42 (colored)
Rename ASPA providers field in filemode fine with me @tb
Revision 1.42 / (download) - annotate - [select for diffs], Thu Jun 29 10:22:37 2023 UTC (11 months ago) by job
Branch: MAIN
Changes since 1.41: +8 -17 lines
Diff to previous 1.41 (colored)
There no longer is a need to wrap the (now AFI-agnostic) ASPA providers in objects in filemode OK claudio@
Revision 1.41 / (download) - annotate - [select for diffs], Mon Jun 26 18:39:53 2023 UTC (11 months ago) by job
Branch: MAIN
Changes since 1.40: +9 -41 lines
Diff to previous 1.40 (colored)
Decode and validate ASPA objects following the v1 syntax Through draft-ietf-sidrops-aspa-profile-15, the ASPA profile was made AFI-agnostic. This represents a simplification for both operators and implementers in both the RPKI and BGP layers of the stack. This update changes the JSON structure. No effort was made to simultaneously support ASPA v0 and v1 objects. OK tb@ claudio@
Revision 1.40 / (download) - annotate - [select for diffs], Mon Jun 5 14:19:13 2023 UTC (11 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.39: +12 -12 lines
Diff to previous 1.39 (colored)
Add an extra argument compact to json_do_object() to instruct the parser to dump this object on a single line. While one can select on an object to object basis for arrays the compact setting is inherited from the surrounding object. Requested by job@, OK job@ tb@
Revision 1.39 / (download) - annotate - [select for diffs], Tue May 30 12:02:22 2023 UTC (12 months ago) by claudio
Branch: MAIN
Changes since 1.38: +311 -416 lines
Diff to previous 1.38 (colored)
Convert all of filemode to use the json API as well. Output is mostly the same apart from some space differences. OK tb@ job@
Revision 1.38 / (download) - annotate - [select for diffs], Wed Apr 26 18:17:50 2023 UTC (13 months ago) by tb
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
Kill whitespace
Revision 1.37 / (download) - annotate - [select for diffs], Sun Apr 23 13:19:34 2023 UTC (13 months, 1 week ago) by job
Branch: MAIN
Changes since 1.36: +37 -3 lines
Diff to previous 1.36 (colored)
In filemode, if an ASPA contains information for only 1 AFI, supplement the other OK claudio@
Revision 1.36 / (download) - annotate - [select for diffs], Thu Apr 20 15:12:19 2023 UTC (13 months, 1 week ago) by job
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
Consistent casing
Revision 1.35 / (download) - annotate - [select for diffs], Wed Apr 12 03:53:40 2023 UTC (13 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
Align printing of geofeed records in filemode
Revision 1.34 / (download) - annotate - [select for diffs], Mon Mar 13 19:51:49 2023 UTC (14 months, 2 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.33: +11 -1 lines
Diff to previous 1.33 (colored)
In filemode, display the moment the signature path will expire Previously this was only shown for ROA+ASPA. Now also show for GBR, Geofeed, Certs, RSC, and TAK. OK tb@
Revision 1.33 / (download) - annotate - [select for diffs], Mon Mar 13 18:02:58 2023 UTC (14 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.32: +5 -1 lines
Diff to previous 1.32 (colored)
In filemode for ROAs/ASPAs display when the Signature path will expire Also rename 'certification path' to 'signature path' for alignment OK tb@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Mar 13 09:24:37 2023 UTC (14 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.31: +23 -23 lines
Diff to previous 1.31 (colored)
Rename some data fields to closer match their provenance OK tb@
Revision 1.31 / (download) - annotate - [select for diffs], Fri Mar 10 12:44:56 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.30: +22 -20 lines
Diff to previous 1.30 (colored)
mechanical change, rename struct members to match the original X509 names OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Fri Mar 10 12:02:11 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.29: +26 -2 lines
Diff to previous 1.29 (colored)
Show the X.509 notBefore in filemode OK tb@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Mar 9 12:54:28 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.28: +3 -1 lines
Diff to previous 1.28 (colored)
In filmode also show 'Not After' for GBR records OK tb@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Mar 9 09:46:21 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.27: +43 -1 lines
Diff to previous 1.27 (colored)
Show CMS signing-time signed attribute in filemode OK tb@
Revision 1.27 / (download) - annotate - [select for diffs], Tue Mar 7 14:49:32 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.26: +89 -48 lines
Diff to previous 1.26 (colored)
Improve decoded content printing in filemode Looks reasonable claudio@
Revision 1.26 / (download) - annotate - [select for diffs], Tue Jan 10 13:26:34 2023 UTC (16 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.25: +3 -2 lines
Diff to previous 1.25 (colored)
Improve timestamp printing in filemode OK claudio@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Jan 6 13:19:43 2023 UTC (16 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)
Zap trailing tabs
Revision 1.24 / (download) - annotate - [select for diffs], Wed Dec 14 08:46:58 2022 UTC (17 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.23: +10 -14 lines
Diff to previous 1.23 (colored)
Print expiry moment in human-readable filemode in a consistent fashion across all object types OK claudio@ tb@
Revision 1.23 / (download) - annotate - [select for diffs], Wed Dec 14 02:34:32 2022 UTC (17 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.22: +30 -12 lines
Diff to previous 1.22 (colored)
Print issuer & serial in filemode OK tb@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Dec 1 12:41:34 2022 UTC (18 months ago) by job
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Align uppercase / lowercase pattern
Revision 1.21 / (download) - annotate - [select for diffs], Sat Nov 26 12:02:37 2022 UTC (18 months ago) by job
Branch: MAIN
Changes since 1.20: +47 -1 lines
Diff to previous 1.20 (colored)
Add support for authenticating geofeed data CSV files in filemode RFC 9092 describes a scheme in which an authenticator is appended to a geofeed (RFC 8805) file. It is a digest of the main body of the file signed by the private key of the relevant RPKI certificate for a covering address range. The authenticator is a detached CMS signature. with and OK tb@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Nov 16 08:57:38 2022 UTC (18 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.19: +8 -6 lines
Diff to previous 1.19 (colored)
Align output to a more tabular view OK claudio@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Nov 4 17:39:36 2022 UTC (18 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.18: +37 -36 lines
Diff to previous 1.18 (colored)
Format filemode output in a tabular fashion to improve readability OK tb@ claudio@
Revision 1.18 / (download) - annotate - [select for diffs], Fri Nov 4 09:43:13 2022 UTC (18 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.17: +12 -1 lines
Diff to previous 1.17 (colored)
Check the SIA signedObject in ROA/MFT/ASPA/TAK/GBR EE certificates Unfortunately we can't yet error out when accessMethods other than signedObject are encountered in the SubjectInformationAccess extension because there is pollution in the ecosystem. OK tb@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Nov 2 12:43:02 2022 UTC (18 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.16: +93 -1 lines
Diff to previous 1.16 (colored)
Add support for draft-ietf-sidrops-signed-tal-12 Add support validation of Signed Objects containing Trust Anchor Keys (TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs to distribute and sign the next Trust Anchor with the current Trust Anchor. This might be an improvement over visiting RIR websites and copy+pasting TAL data by hand. OK tb@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Aug 30 23:41:53 2022 UTC (21 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
stray tab
Revision 1.15 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months ago) by job
Branch: MAIN
Changes since 1.14: +50 -1 lines
Diff to previous 1.14 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jul 14 13:24:56 2022 UTC (22 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)
Fix JSON output in filemode for TALs OK claudio@
Revision 1.13 / (download) - annotate - [select for diffs], Sun May 15 16:43:34 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.12: +4 -7 lines
Diff to previous 1.12 (colored)
More KNF and whitespace fixes.
Revision 1.12 / (download) - annotate - [select for diffs], Sun May 15 15:00:53 2022 UTC (2 years ago) by deraadt
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
whitespace spotted during read-thru
Revision 1.11 / (download) - annotate - [select for diffs], Mon May 9 17:02:34 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.10: +117 -1 lines
Diff to previous 1.10 (colored)
Add preliminary support for decoding RSC objects in filemode This implements decoding support for draft-ietf-sidrops-rpki-rsc-06 There are three major outstanding issues: * The wire image might still change to conform to the more widely deployed 3779 API in libressl/openssl. IETF discussion ongoing. * Whether the resources listed in the ResourceBlock are contained within the EE's RFC 3779 extension is not hooked up yet. * There is a fair bit of duplicity between rsc.c and cert.c, look for XXX OK tb@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Apr 24 18:20:12 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.9: +5 -3 lines
Diff to previous 1.9 (colored)
Wrap two overlong lines
Revision 1.9 / (download) - annotate - [select for diffs], Wed Apr 20 15:31:48 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.8: +5 -6 lines
Diff to previous 1.8 (colored)
Fix various annoying whitespace errors.
Revision 1.8 / (download) - annotate - [select for diffs], Wed Apr 20 10:46:20 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.7: +277 -73 lines
Diff to previous 1.7 (colored)
Add Concatenated JSON output in filemode (rpki-client -j -f *) The schema is still work in progress. OK claudio@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Apr 12 11:05:50 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.6: +36 -3 lines
Diff to previous 1.6 (colored)
Extend -f filemode to decode & print TAL details "fine" claudio@ tb@
Revision 1.6 / (download) - annotate - [select for diffs], Mon Mar 21 10:39:51 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.5: +5 -3 lines
Diff to previous 1.5 (colored)
Make sure that the string generated by pretty_key_id() is always properly NUL terminated. Diff by Martin Vahlensieck <openbsd () academicsolutions ! ch> OK tb@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Feb 10 17:33:28 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.4: +18 -5 lines
Diff to previous 1.4 (colored)
Fix serial number printing in crl_print() for large serials. Create a common x509_convert_seqnum() function to convert the various ASN1_INTEGERs into hexnumbers and use this for mft and crl handling. With and OK tb@, also OK job@
Revision 1.4 / (download) - annotate - [select for diffs], Thu Feb 10 15:33:47 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.3: +43 -5 lines
Diff to previous 1.3 (colored)
Implement some code to print crls with -f. For this introduce x509_get_time() that converts a ASN1_TIME to time_t. Also move time2str() to print.c where it makes more sense. This needs more work but that will happen in tree. OK tb@
Revision 1.3 / (download) - annotate - [select for diffs], Wed Dec 22 09:35:14 2021 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Replace two questionable size_t types. For the repo id use a unsigned int and for the roa maxlength use unsigned char (like the prefixlen in struct ip_addr). With input and OK job@
Revision 1.2.4.1 / (download) - annotate - [select for diffs], Wed Nov 10 11:58:00 2021 UTC (2 years, 6 months ago) by bluhm
Branch: OPENBSD_6_9
Changes since 1.2: +1 -1 lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Copy the new file print.c from -current to -stable. This was forgotten in the previous -stable commit. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.2.2.1 / (download) - annotate - [select for diffs], Wed Nov 10 11:57:37 2021 UTC (2 years, 6 months ago) by bluhm
Branch: OPENBSD_7_0
Changes since 1.2: +1 -1 lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Copy the new file print.c from -current to -stable. This was forgotten in the previous -stable commit. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.2 / (download) - annotate - [select for diffs], Mon Oct 25 14:07:56 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Branch point for: OPENBSD_7_0,
OPENBSD_6_9
Changes since 1.1: +1 -4 lines
Diff to previous 1.1 (colored)
Remove unused variables
Revision 1.1 / (download) - annotate - [select for diffs], Sun Oct 24 17:53:07 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Move the various print functions from the regress tests into print.c. OK tb@