![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.105 / (download) - annotate - [select for diffs], Wed May 29 13:27:52 2024 UTC (3 days, 6 hours ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.104: +15 -14 lines
Diff to previous 1.104 (colored)
Clean up the list of standards a little No need to spell out RPKI and a few other things every time they appear in titles. Replace an obsolete standard with a new draft. with/ok job
Revision 1.104 / (download) - annotate - [select for diffs], Fri May 24 12:57:20 2024 UTC (8 days, 7 hours ago) by tb
Branch: MAIN
Changes since 1.103: +14 -16 lines
Diff to previous 1.103 (colored)
Update references to new and not quite so new RFCs Four warnings now contain "RFC 9582" rather than "RFC 6482bis". Also update some references to I-Ds. ok claudio
Revision 1.103 / (download) - annotate - [select for diffs], Fri Mar 1 08:10:09 2024 UTC (3 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.102: +6 -2 lines
Diff to previous 1.102 (colored)
Add -x to opt into experimental file formats Instead of burning one letter for each new file format (sidrops is known to crank out new things faster than a normal person can read), use -x to opt into parsing and processing file formats that aren't yet considered stable. This is currently only the Signed Prefix List. While a repetition of the ASPA debacle, this code hasn't yet seen enough stress testing to be enabled by default. ok claudio job
Revision 1.102 / (download) - annotate - [select for diffs], Thu Feb 22 17:54:08 2024 UTC (3 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.101: +4 -3 lines
Diff to previous 1.101 (colored)
wrap an overlong line to appease mandoc -Tlint
Revision 1.101 / (download) - annotate - [select for diffs], Thu Feb 22 12:49:42 2024 UTC (3 months, 1 week ago) by job
Branch: MAIN
Changes since 1.100: +8 -2 lines
Diff to previous 1.100 (colored)
Add support for RPKI Signed Prefix Lists Signed Prefix List are a CMS protected content type for use with the RPKI to carry the complete list of prefixes which an Autonomous System may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist with and OK claudio@ tb@
Revision 1.100 / (download) - annotate - [select for diffs], Wed Jan 31 17:19:02 2024 UTC (4 months ago) by job
Branch: MAIN
Changes since 1.99: +8 -2 lines
Diff to previous 1.99 (colored)
Add reference to RRDP Session Desynchronization draft
Revision 1.99 / (download) - annotate - [select for diffs], Tue Jan 16 19:52:39 2024 UTC (4 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.98: +4 -4 lines
Diff to previous 1.98 (colored)
Update standards reference
Revision 1.98 / (download) - annotate - [select for diffs], Fri Oct 13 12:06:49 2023 UTC (7 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.97: +50 -2 lines
Diff to previous 1.97 (colored)
Allow imposing constraints on RPKI trust anchors The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope. Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32. For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html With and OK tb@, OK claudio@
Revision 1.97 / (download) - annotate - [select for diffs], Mon Jun 26 18:39:53 2023 UTC (11 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.96: +3 -3 lines
Diff to previous 1.96 (colored)
Decode and validate ASPA objects following the v1 syntax Through draft-ietf-sidrops-aspa-profile-15, the ASPA profile was made AFI-agnostic. This represents a simplification for both operators and implementers in both the RPKI and BGP layers of the stack. This update changes the JSON structure. No effort was made to simultaneously support ASPA v0 and v1 objects. OK tb@ claudio@
Revision 1.96 / (download) - annotate - [select for diffs], Wed Jun 7 16:23:02 2023 UTC (11 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.95: +8 -2 lines
Diff to previous 1.95 (colored)
Document CMS signing-time <> mod-time trick
Revision 1.95 / (download) - annotate - [select for diffs], Sun Apr 30 20:10:38 2023 UTC (13 months ago) by benno
Branch: MAIN
Changes since 1.94: +4 -3 lines
Diff to previous 1.94 (colored)
document that - with recent changes - the -A option now also excludes the ASPA data from the JSON output. ok claudio@
Revision 1.94 / (download) - annotate - [select for diffs], Wed Apr 26 22:05:28 2023 UTC (13 months ago) by beck
Branch: MAIN
Changes since 1.93: +6 -1 lines
Diff to previous 1.93 (colored)
Add a -P option to rpki-client to specify the evaluation time This is intended to be able to test rpki-client in a reproducable way without worrying about the system time changing the results ok claudio@
Revision 1.93 / (download) - annotate - [select for diffs], Mon Mar 6 19:20:34 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.92: +1 -126 lines
Diff to previous 1.92 (colored)
For conciseness sake' remove non-optional items in references in STANDARDS Discussed with deraadt@ tb@ claudio@
Revision 1.92 / (download) - annotate - [select for diffs], Mon Mar 6 16:17:17 2023 UTC (14 months, 3 weeks ago) by deraadt
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
spelling
Revision 1.91 / (download) - annotate - [select for diffs], Mon Mar 6 16:04:52 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.90: +12 -2 lines
Diff to previous 1.90 (colored)
Add check for RSA key pair modulus & public exponent Both the SPKI inside a CA's .cer TBS section and Signers wrapped in CMS must be RSA, with mod 2048 & (e) 0x10001 OK tb@
Revision 1.90 / (download) - annotate - [select for diffs], Mon Mar 6 15:50:33 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
Fix URL to RFC
Revision 1.89 / (download) - annotate - [select for diffs], Fri Feb 17 14:52:06 2023 UTC (15 months, 1 week ago) by job
Branch: MAIN
Changes since 1.88: +8 -6 lines
Diff to previous 1.88 (colored)
Update AUTHORS section
Revision 1.88 / (download) - annotate - [select for diffs], Fri Feb 17 13:26:18 2023 UTC (15 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.87: +18 -18 lines
Diff to previous 1.87 (colored)
Use %R technical report macro for RFCs
Revision 1.87 / (download) - annotate - [select for diffs], Thu Feb 16 20:33:07 2023 UTC (15 months, 2 weeks ago) by jmc
Branch: MAIN
Changes since 1.86: +2 -3 lines
Diff to previous 1.86 (colored)
- remove a leftover .El - escape "An" as this is also a macro
Revision 1.86 / (download) - annotate - [select for diffs], Thu Feb 16 20:06:15 2023 UTC (15 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.85: +224 -55 lines
Diff to previous 1.85 (colored)
Update references in STANDARDS section to use Rs blocks Also drop largely irrelevant references like IPv6 and CIDR (as we didn't reference IPv4 either), remove obsoleted RFCs and add their successors.
Revision 1.85 / (download) - annotate - [select for diffs], Thu Feb 16 04:07:33 2023 UTC (15 months, 2 weeks ago) by deraadt
Branch: MAIN
Changes since 1.84: +8 -2 lines
Diff to previous 1.84 (colored)
explain why ARIN TAL is not included. ok job
Revision 1.84 / (download) - annotate - [select for diffs], Wed Jan 18 10:13:46 2023 UTC (16 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.83: +4 -6 lines
Diff to previous 1.83 (colored)
The default output format is -o (openbgpd) but it now includes both roa-set and aspa-set by default. So make the man page less specific. OK tb@ job@ kn@
Revision 1.83 / (download) - annotate - [select for diffs], Fri Jan 13 08:58:36 2023 UTC (16 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.82: +5 -3 lines
Diff to previous 1.82 (colored)
Add aspa-set to openbgpd config output. Change the way the validated ASPA tree is built since OpenBGPD config follows more the ASPA profile and puts the optional AFI to each provider ASnum instead of duplicated everything into an IPv4 and IPv6 tree. The JSON output of ASPA is still the same. The inclusion of the aspa-set can currently be disabled by the -A flag. OK tb@
Revision 1.82 / (download) - annotate - [select for diffs], Thu Dec 15 12:02:29 2022 UTC (17 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.81: +7 -3 lines
Diff to previous 1.81 (colored)
Rework statistic collection to be per repository and add metric output option Many statistic values are now accounted by repository via repo_stat_inc() At end of the run sum_stats() accumulates these stats per TAL and globally. The new output file metrics is written when the -m output flag is specified. The metrics file is written in OpenMetrics format (with a few tweaks to allow node_exporter to parse the file as well). The ometric code is a copy from bgpctl(8) and should be kept in sync. OK tb@
Revision 1.81 / (download) - annotate - [select for diffs], Sat Nov 26 12:02:37 2022 UTC (18 months ago) by job
Branch: MAIN
Changes since 1.80: +4 -2 lines
Diff to previous 1.80 (colored)
Add support for authenticating geofeed data CSV files in filemode RFC 9092 describes a scheme in which an authenticator is appended to a geofeed (RFC 8805) file. It is a digest of the main body of the file signed by the private key of the relevant RPKI certificate for a covering address range. The authenticator is a detached CMS signature. with and OK tb@
Revision 1.80 / (download) - annotate - [select for diffs], Thu Nov 17 20:49:38 2022 UTC (18 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.79: +13 -2 lines
Diff to previous 1.79 (colored)
Add shortlist functionality, a compagnion to the skiplist If the operator specifies the '-H' option once (or more) followed by a FQDN, the utility will *only* connect to those hosts and skip all others. OK claudio@ tb@
Revision 1.79 / (download) - annotate - [select for diffs], Thu Nov 10 13:22:55 2022 UTC (18 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)
Indicate compliance with work-in-progress spec for ROA objects
Revision 1.78 / (download) - annotate - [select for diffs], Thu Nov 3 17:43:39 2022 UTC (18 months, 4 weeks ago) by jmc
Branch: MAIN
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
don't needlessy uppercase Nd;
Revision 1.77 / (download) - annotate - [select for diffs], Thu Nov 3 00:48:31 2022 UTC (18 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.76: +4 -4 lines
Diff to previous 1.76 (colored)
shorten Autonomous System Provider Authorizations
Revision 1.76 / (download) - annotate - [select for diffs], Thu Nov 3 00:44:13 2022 UTC (18 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.75: +6 -5 lines
Diff to previous 1.75 (colored)
Add notion of ASPA
Revision 1.75 / (download) - annotate - [select for diffs], Wed Nov 2 12:46:49 2022 UTC (18 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.74: +4 -4 lines
Diff to previous 1.74 (colored)
Reference RSC RFC-to-be instead of internet-draft
Revision 1.74 / (download) - annotate - [select for diffs], Wed Nov 2 12:43:02 2022 UTC (18 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.73: +4 -2 lines
Diff to previous 1.73 (colored)
Add support for draft-ietf-sidrops-signed-tal-12 Add support validation of Signed Objects containing Trust Anchor Keys (TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs to distribute and sign the next Trust Anchor with the current Trust Anchor. This might be an improvement over visiting RIR websites and copy+pasting TAL data by hand. OK tb@
Revision 1.73 / (download) - annotate - [select for diffs], Mon Sep 5 20:08:26 2022 UTC (20 months, 3 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (colored)
Update to most recent spec
Revision 1.72 / (download) - annotate - [select for diffs], Sat Sep 3 11:01:55 2022 UTC (20 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.71: +5 -3 lines
Diff to previous 1.71 (colored)
Clarify timeout/deadline
Revision 1.71 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months ago) by job
Branch: MAIN
Changes since 1.70: +3 -1 lines
Diff to previous 1.70 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Aug 25 18:12:05 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
Changes since 1.69: +10 -7 lines
Diff to previous 1.69 (colored)
Make PEM printing available through increased verbosity (-vvf) Suggestion from claudio@ OK tb@
Revision 1.69 / (download) - annotate - [select for diffs], Thu Aug 25 17:31:26 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
Changes since 1.68: +5 -2 lines
Diff to previous 1.68 (colored)
In verbose filemode print details about encapsulated certificates. Add command line flag to print the certificate in PEM format. OK tb@
Revision 1.68 / (download) - annotate - [select for diffs], Thu Jun 30 10:27:52 2022 UTC (23 months ago) by job
Branch: MAIN
Changes since 1.67: +3 -3 lines
Diff to previous 1.67 (colored)
zap whitespace
Revision 1.67 / (download) - annotate - [select for diffs], Tue Jun 28 01:40:29 2022 UTC (23 months ago) by job
Branch: MAIN
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored)
Remove superfluous 'any'
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jun 27 10:18:27 2022 UTC (23 months ago) by job
Branch: MAIN
Changes since 1.65: +24 -2 lines
Diff to previous 1.65 (colored)
Add skiplist option to steer clear of skiplisted hosts Blocking outbound connections towards RPKI publication servers based on IP or IPv6 address in external instrumentation like HTTP proxies or pf(4) rules is somewhat unwieldy. It might be easier for operators if we offer a mechanism that cuts at the CA cert SIA parsing step. OK claudio@ tb@
Revision 1.65 / (download) - annotate - [select for diffs], Tue May 31 18:42:26 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.64: +3 -3 lines
Diff to previous 1.64 (colored)
Update reference to RSC draft 08 ok claudio job
Revision 1.64 / (download) - annotate - [select for diffs], Fri May 20 10:38:39 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.63: +4 -2 lines
Diff to previous 1.63 (colored)
Add RFC 7318
Revision 1.63 / (download) - annotate - [select for diffs], Sun May 15 14:59:28 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.62: +3 -3 lines
Diff to previous 1.62 (colored)
Specify which version of RPKI RSC draft is supported.
Revision 1.62 / (download) - annotate - [select for diffs], Mon May 9 17:02:34 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.61: +3 -1 lines
Diff to previous 1.61 (colored)
Add preliminary support for decoding RSC objects in filemode This implements decoding support for draft-ietf-sidrops-rpki-rsc-06 There are three major outstanding issues: * The wire image might still change to conform to the more widely deployed 3779 API in libressl/openssl. IETF discussion ongoing. * Whether the resources listed in the ResourceBlock are contained within the EE's RFC 3779 extension is not hooked up yet. * There is a fair bit of duplicity between rsc.c and cert.c, look for XXX OK tb@
Revision 1.61 / (download) - annotate - [select for diffs], Wed Apr 20 20:26:22 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.60: +3 -3 lines
Diff to previous 1.60 (colored)
Fix mandoc -Tlint warning about trailing whitespace
Revision 1.60 / (download) - annotate - [select for diffs], Wed Apr 20 10:46:20 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.59: +6 -2 lines
Diff to previous 1.59 (colored)
Add Concatenated JSON output in filemode (rpki-client -j -f *) The schema is still work in progress. OK claudio@
Revision 1.59 / (download) - annotate - [select for diffs], Tue Apr 12 12:54:09 2022 UTC (2 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)
fix bad space;
Revision 1.58 / (download) - annotate - [select for diffs], Tue Apr 12 11:05:50 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.57: +5 -3 lines
Diff to previous 1.57 (colored)
Extend -f filemode to decode & print TAL details "fine" claudio@ tb@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Mar 31 17:27:31 2022 UTC (2 years, 2 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.56: +3 -3 lines
Diff to previous 1.56 (colored)
man pages: add missing commas between subordinate and main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
Revision 1.56 / (download) - annotate - [select for diffs], Wed Jan 26 14:42:39 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.55: +5 -2 lines
Diff to previous 1.55 (colored)
Allow rsync:// URI as file in -f mode. This makes it easier to explore rpki repositories by following AIA and manifest URIs. Also stop checking the the loaded file is not part of the auth tree, it is possible that this file was loaded before as a dependency. OK tb@
Revision 1.55 / (download) - annotate - [select for diffs], Mon Jan 24 06:54:15 2022 UTC (2 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
in the options list, show -f as taking "file ..." arguments; tweak/ok claudio
Revision 1.54 / (download) - annotate - [select for diffs], Sun Jan 23 18:40:55 2022 UTC (2 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.53: +4 -4 lines
Diff to previous 1.53 (colored)
rearrange SYNOPSIS/usage to be a bit clearer; discussed with and ok claudio
Revision 1.53 / (download) - annotate - [select for diffs], Sun Jan 23 07:21:12 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.52: +9 -4 lines
Diff to previous 1.52 (colored)
Allow rpki-client to display more than one file in -f mode. Change -f to be a mode flag and pass one or multiple files as arguments to rpki-client. Some extra checks need to be done to not load the same certificate or CRL multiple times. Input and OK tb@
Revision 1.52 / (download) - annotate - [select for diffs], Wed Jan 19 16:33:36 2022 UTC (2 years, 4 months ago) by job
Branch: MAIN
Changes since 1.51: +13 -2 lines
Diff to previous 1.51 (colored)
Document the -f file inspection function
Revision 1.51 / (download) - annotate - [select for diffs], Fri Dec 3 08:40:07 2021 UTC (2 years, 5 months ago) by job
Branch: MAIN
Changes since 1.50: +10 -5 lines
Diff to previous 1.50 (colored)
Clarify manpage OK claudio@
Revision 1.50 / (download) - annotate - [select for diffs], Thu Nov 25 14:03:40 2021 UTC (2 years, 6 months ago) by job
Branch: MAIN
Changes since 1.49: +4 -2 lines
Diff to previous 1.49 (colored)
Replace MAX_REPO_TIMEOUT with repo_timeout, which is set to 1/4th of timeout, or if timeout is disabled set to 24 hours. OK claudio@
Revision 1.43.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.43: +29 -18 lines
Diff to previous 1.43 (colored) next main 1.44 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.47.4.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.47: +7 -4 lines
Diff to previous 1.47 (colored) next main 1.48 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.49 / (download) - annotate - [select for diffs], Tue Oct 26 13:26:53 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.48: +4 -4 lines
Diff to previous 1.48 (colored)
rpki-client supports RFC8630 TAL files.
Revision 1.48 / (download) - annotate - [select for diffs], Mon Oct 11 16:50:03 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.47: +5 -2 lines
Diff to previous 1.47 (colored)
Add support for BGPsec Router Certificates (RFC 8209) BGPsec router keys are extracted from RPKI certificates and emitted via the JSON output in base64 encoded form. OK tb@ claudio@
Revision 1.47 / (download) - annotate - [select for diffs], Wed Sep 1 08:17:37 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.46: +9 -8 lines
Diff to previous 1.46 (colored)
Document the http_proxy environment variable
Revision 1.46 / (download) - annotate - [select for diffs], Tue Jun 29 17:43:57 2021 UTC (2 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.45: +5 -6 lines
Diff to previous 1.45 (colored)
Flip the -r RRDP switch, which went through community testing for half a year. Default is now to attempt RRDP first, then try RSYNC. If problems show up, return to rsync-only behaviour with -R, and file a report. ok claudio
Revision 1.45 / (download) - annotate - [select for diffs], Thu May 6 17:03:57 2021 UTC (3 years ago) by job
Branch: MAIN
Changes since 1.44: +12 -6 lines
Diff to previous 1.44 (colored)
Add an 'expires' column to CSV & JSON output The 'expires' value contains a reasonable earliest moment a VRP would expire, in light of the currently available set of CAs and CRLs. The 'expires' value can be used to avoid route selection based on stale data when generating VRP sets, when faced with loss of communication between consumer and valdiator, or validator and CA repository. OK claudio@
Revision 1.44 / (download) - annotate - [select for diffs], Wed May 5 17:24:00 2021 UTC (3 years ago) by job
Branch: MAIN
Changes since 1.43: +4 -2 lines
Diff to previous 1.43 (colored)
Clarify -n behavior Input from John Heasley OK claudio@
Revision 1.43 / (download) - annotate - [select for diffs], Thu Apr 8 14:03:32 2021 UTC (3 years, 1 month ago) by job
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.42: +5 -2 lines
Diff to previous 1.42 (colored)
reword manpage on -n OK claudio@
Revision 1.42 / (download) - annotate - [select for diffs], Tue Apr 6 18:29:43 2021 UTC (3 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.41: +4 -4 lines
Diff to previous 1.41 (colored)
uppercase "HTTP";
Revision 1.41 / (download) - annotate - [select for diffs], Tue Apr 6 15:22:30 2021 UTC (3 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.40: +4 -3 lines
Diff to previous 1.40 (colored)
Mention the http client in two places. ok claudio
Revision 1.40 / (download) - annotate - [select for diffs], Fri Apr 2 06:11:01 2021 UTC (3 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
fix sentence structure;
Revision 1.39 / (download) - annotate - [select for diffs], Thu Apr 1 17:43:11 2021 UTC (3 years, 2 months ago) by job
Branch: MAIN
Changes since 1.38: +10 -4 lines
Diff to previous 1.38 (colored)
Update manpage about RRDP OK claudio@
Revision 1.38 / (download) - annotate - [select for diffs], Thu Apr 1 16:58:56 2021 UTC (3 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.37: +6 -6 lines
Diff to previous 1.37 (colored)
sort options list;
Revision 1.37 / (download) - annotate - [select for diffs], Thu Apr 1 16:16:44 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.36: +3 -2 lines
Diff to previous 1.36 (colored)
RRDP is currently off by default.
Revision 1.36 / (download) - annotate - [select for diffs], Thu Apr 1 16:04:48 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.35: +7 -3 lines
Diff to previous 1.35 (colored)
Initial commit of RRDP (The RPKI Repository Delta Protocol - RFC8182) support in rpki-client. For now it is off by default. All XML processing is done in its own process with minimal pledge rights. It uses the already present https process to fetch the xml files and uses the master porcess to handle the file IO into the repositories. RRDP data is stored in the cache under ./rrdp/ and the first directory is the SHA256 hash of the notify URI. Fetching snapshots and deltas works to bring the cache up to date. If something goes wrong rpki-client will fall back to rsync. RRDP was implemented by Nils Fisher and integrated into rpki-client by myself. "Time to get it in" deraadt@
Revision 1.35 / (download) - annotate - [select for diffs], Mon Mar 29 15:04:28 2021 UTC (3 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.34: +7 -3 lines
Diff to previous 1.34 (colored)
-B option not updated about bird1v4 & bird1v6 files; ok job
Revision 1.34 / (download) - annotate - [select for diffs], Fri Mar 19 13:56:10 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.33: +5 -3 lines
Diff to previous 1.33 (colored)
Add an -V option to show the version of rpki-client. For the base version it will show just OpenBSD while -portable will show the portable version. OK sthen@, tb@, kn@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Dec 9 11:33:10 2020 UTC (3 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.32: +4 -3 lines
Diff to previous 1.32 (colored)
Lets claim RFC6493 support.
Revision 1.32 / (download) - annotate - [select for diffs], Fri Oct 23 20:37:11 2020 UTC (3 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.31: +8 -8 lines
Diff to previous 1.31 (colored)
sort options list;
Revision 1.31 / (download) - annotate - [select for diffs], Fri Oct 23 15:40:51 2020 UTC (3 years, 7 months ago) by job
Branch: MAIN
Changes since 1.30: +2 -3 lines
Diff to previous 1.30 (colored)
Align man with reality OK claudio@ deraadt@
Revision 1.30 / (download) - annotate - [select for diffs], Tue Sep 15 20:02:30 2020 UTC (3 years, 8 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.29: +4 -5 lines
Diff to previous 1.29 (colored)
Align man page with reality sure benno@
Revision 1.29 / (download) - annotate - [select for diffs], Tue Sep 15 12:06:02 2020 UTC (3 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.28: +10 -2 lines
Diff to previous 1.28 (colored)
Experienced a situation where (older code) rpki-client+openrsyncd got "stuck" (for an amusing long time), so that the partnership with cron "~ -ns" could not make progress ingesting new ROAs. Add a "-s timeout" feature (default 1H, 0 to disable) after which rpki-client gives up the ghost, allowing cron to perform a fresh try. Log loudly when this occurs. ok job claudio beck
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jun 30 12:52:44 2020 UTC (3 years, 11 months ago) by job
Branch: MAIN
Changes since 1.27: +3 -6 lines
Diff to previous 1.27 (colored)
Remove -f (force) option. The -f option existed for some initial debugging work. Thanks Weerd for review OK claudio@
Revision 1.27 / (download) - annotate - [select for diffs], Thu May 14 07:12:16 2020 UTC (4 years ago) by claudio
Branch: MAIN
Changes since 1.26: +3 -3 lines
Diff to previous 1.26 (colored)
rpki-client no longer passes -l to rsync since it does not make sense to preserve symbolic links in the repositories. From Robert Scheck < robert at fedoraproject.org >
Revision 1.26 / (download) - annotate - [select for diffs], Tue Apr 21 05:36:04 2020 UTC (4 years, 1 month ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.25: +3 -3 lines
Diff to previous 1.25 (colored)
tweak previous;
Revision 1.25 / (download) - annotate - [select for diffs], Mon Apr 20 19:47:28 2020 UTC (4 years, 1 month ago) by job
Branch: MAIN
Changes since 1.24: +9 -2 lines
Diff to previous 1.24 (colored)
Document the suggested interval in man page
Revision 1.24 / (download) - annotate - [select for diffs], Mon Apr 20 11:15:14 2020 UTC (4 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
Strip the 'in bgpd' in the title of the rpki-client man page. rpki-client is not only for bgpd (especially in the portable version). From Robert Scheck. OK job@ benno@
Revision 1.23 / (download) - annotate - [select for diffs], Sat Apr 18 13:26:37 2020 UTC (4 years, 1 month ago) by sthen
Branch: MAIN
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)
use correct path for the default cache dir in rpki-client(8). ok claudio@
Revision 1.22 / (download) - annotate - [select for diffs], Fri Mar 6 22:22:31 2020 UTC (4 years, 2 months ago) by job
Branch: MAIN
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)
Sync manpage to new default value Thanks jca@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Feb 24 15:43:36 2020 UTC (4 years, 3 months ago) by job
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
Fix typo Thanks Robert Scheck & Kristaps Dzonsons
Revision 1.20 / (download) - annotate - [select for diffs], Tue Feb 11 18:41:39 2020 UTC (4 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.19: +7 -6 lines
Diff to previous 1.19 (colored)
Simplify and unify wording for the -I sourceaddr option in various places. This is somewhat related to the "-b bind_addr" option some programs have, which should get some cleanup also... input florian claudio jmc
Revision 1.19 / (download) - annotate - [select for diffs], Thu Dec 19 17:31:03 2019 UTC (4 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
wider list width to adjust for previous;
Revision 1.18 / (download) - annotate - [select for diffs], Thu Dec 19 14:23:02 2019 UTC (4 years, 5 months ago) by job
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
Align man file with reality
Revision 1.17 / (download) - annotate - [select for diffs], Thu Dec 12 18:48:56 2019 UTC (4 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)
correct output option list, from Alarig Le Lay
Revision 1.16 / (download) - annotate - [select for diffs], Fri Dec 6 09:27:12 2019 UTC (4 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.15: +8 -1 lines
Diff to previous 1.15 (colored)
Don't hardcode the cache directory for rpki-client. If started as root rpki-client will use the defaults for cache and output directory. If not started as root users need to provide both directories as arguments. While there switch from absolute path names to relative ones. For this the parser and rsync process do a chdir(2) to the cache directory on startup. OK benno@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Dec 4 16:42:34 2019 UTC (4 years, 5 months ago) by job
Branch: MAIN
Changes since 1.14: +18 -8 lines
Diff to previous 1.14 (colored)
Rework rpki-client documentation OK Ingo Schwarze
Revision 1.14 / (download) - annotate - [select for diffs], Sat Nov 30 22:55:22 2019 UTC (4 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)
- no -r option - man page is bgpd, not openbgpd ok deraadt
Revision 1.13 / (download) - annotate - [select for diffs], Sat Nov 30 02:39:22 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +34 -15 lines
Diff to previous 1.12 (colored)
Document new flag and output arrangement better
Revision 1.12 / (download) - annotate - [select for diffs], Sat Nov 30 02:31:12 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
Tweak rpki-client to create all 4 output file formats from a single compute, based upon flags. OpenBGPD compatible format by default if no options, to integrate with bgpd.conf and bgpctl reload. Adapt mtree and stuff. This will receive further refactoring... ok benno job
Revision 1.11 / (download) - annotate - [select for diffs], Fri Nov 29 17:30:05 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.10: +4 -5 lines
Diff to previous 1.10 (colored)
Improve the programs description a little
Revision 1.10 / (download) - annotate - [select for diffs], Fri Nov 29 05:52:27 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.9: +7 -3 lines
Diff to previous 1.9 (colored)
document use of /var/db/rpki-client/ and /var/cache/rpki-client/
Revision 1.9 / (download) - annotate - [select for diffs], Fri Nov 29 04:04:08 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +5 -3 lines
Diff to previous 1.8 (colored)
If run as root, priv-drop to _rpki-client. If no output file is specified, output to the bgpd/bgpd.conf-compatible /var/db/rpki-client/roa file. ok claudio and benno
Revision 1.8 / (download) - annotate - [select for diffs], Thu Nov 28 18:46:32 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.7: +1 -4 lines
Diff to previous 1.7 (colored)
Remove -r flag and associated plumbing. We are always checking CRLs from now on. ok claudio@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Oct 16 21:43:41 2019 UTC (4 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.6: +16 -15 lines
Diff to previous 1.6 (colored)
tweak previous; help/ok claudio
Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 16 17:43:29 2019 UTC (4 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.5: +18 -3 lines
Diff to previous 1.5 (colored)
Add an output format for bird and one doing CSV. Also update the manpage to include all the changes.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Aug 20 16:02:57 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.4: +25 -18 lines
Diff to previous 1.4 (colored)
Adjust manpage. Document -t tal and the new output argument. Also remove some of the comments for sections that will never ever be used here.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Aug 9 09:50:44 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.3: +8 -2 lines
Diff to previous 1.3 (colored)
Add -b bind_addr as argument which is passed to rsync as --address to use as source address for connecting to the rsync daemons. OK sthen@ benno@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jun 18 13:28:37 2019 UTC (4 years, 11 months ago) by job
Branch: MAIN
Changes since 1.2: +8 -6 lines
Diff to previous 1.2 (colored)
Use correct terminilogy in rpki-client manpage
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jun 18 05:48:54 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)
missing ,
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 17 14:46:35 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
should be rpki-client(8)