![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.9 / (download) - annotate - [select for diffs], Thu May 19 13:12:35 2022 UTC (2 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
HEAD
Changes since 1.8: +1 -3 lines
Diff to previous 1.8 (colored)
Remove unused macro (log_debuginfo)
Revision 1.8 / (download) - annotate - [select for diffs], Thu Feb 3 18:19:32 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
Enforce the RRDP XMLNS to "http://www.ripe.net/rpki/rrdp" Missing check reported by Ties de Kock OK tb@ benno@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Nov 24 15:24:16 2021 UTC (2 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.6: +15 -7 lines
Diff to previous 1.6 (colored)
Move some functions from rrdp.c to rrdp_util.c and hex_decode to encoding.c. This will make it easier to write a RRDP regress test. OK job@ deraadt@
Revision 1.1.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.1: +23 -5 lines
Diff to previous 1.1 (colored) next main 1.2 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.3.4.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.3: +20 -2 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.6 / (download) - annotate - [select for diffs], Fri Oct 29 09:27:36 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.5: +3 -2 lines
Diff to previous 1.5 (colored)
Ensure that RRDP snapshot and delta files are fetched from the same host as the notification file. OK tb@ job@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Oct 28 11:57:00 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
Limit the size of the base64 blob inside the RRDP XML to be less than MAX_FILE_SIZE after base64 decoding it. This way hostile RRDP servers do less damage. OK beck@ tb@
Revision 1.4 / (download) - annotate - [select for diffs], Sun Oct 24 17:16:09 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.3: +17 -0 lines
Diff to previous 1.3 (colored)
Add $OpenBSD$ header and add a licence to rrdp.h which was lacking it.
Revision 1.3 / (download) - annotate - [select for diffs], Sun May 9 11:19:30 2021 UTC (3 years, 1 month ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
two whitespace tweaks
Revision 1.2 / (download) - annotate - [select for diffs], Tue Apr 20 03:37:25 2021 UTC (3 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
more KNF
Revision 1.1 / (download) - annotate - [select for diffs], Thu Apr 1 16:04:48 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Initial commit of RRDP (The RPKI Repository Delta Protocol - RFC8182) support in rpki-client. For now it is off by default. All XML processing is done in its own process with minimal pledge rights. It uses the already present https process to fetch the xml files and uses the master porcess to handle the file IO into the repositories. RRDP data is stored in the cache under ./rrdp/ and the first directory is the SHA256 hash of the notify URI. Fetching snapshots and deltas works to bring the cache up to date. If something goes wrong rpki-client will fall back to rsync. RRDP was implemented by Nils Fisher and integrated into rpki-client by myself. "Time to get it in" deraadt@