Introduce a validated cache which holds all the files that have
successfully been verified by rpki-client.
!
Add a new option '-f ' to validate a signed object in a file
against the RPKI cache.
Add various RFC 6488 compliance checks to improve the CMS parser.
Improve RRDP replication through less aggressive cache cleanup.
Add a check whether a given Manifest EE certificate is listed on the
applicable CRL.
For forward compatibility permit ASPA object to appear on Manifests.
!
Various improvements to the '-f ' diagnostic option to
now also validate files containing Trust Anchor certs and CRLs.
Do not apply timezone offsets when converting X509 times. X509
times are in UTC and comparing them to times in different timezones
--- 918,931 ----
Improve cleanup of rrdp directory contents.
Introduce a validated cache which holds all the files that have
successfully been verified by rpki-client.
!
Add a new option '-f <file>' to validate a signed object in a file
against the RPKI cache.
Add various RFC 6488 compliance checks to improve the CMS parser.
Improve RRDP replication through less aggressive cache cleanup.
Add a check whether a given Manifest EE certificate is listed on the
applicable CRL.
For forward compatibility permit ASPA object to appear on Manifests.
!
Various improvements to the '-f <file>' diagnostic option to
now also validate files containing Trust Anchor certs and CRLs.
Do not apply timezone offsets when converting X509 times. X509
times are in UTC and comparing them to times in different timezones
***************
*** 982,994 ****
Added OSC 7 capability to tmux(1) for setting titles.
!
OpenSMTPD version XXX
Stopped smtpd(8) from verifying the cert or CA for a relay using opportunistic TLS.
Enabled TLS verify by default for outbound "smtps://" and "smtp+tls://", restoring documented smtpd(8) behavior.
!
LibreSSL version XXX
New Features
--- 983,995 ----
Added OSC 7 capability to tmux(1) for setting titles.
!
OpenSMTPD version XXX
Stopped smtpd(8) from verifying the cert or CA for a relay using opportunistic TLS.
Enabled TLS verify by default for outbound "smtps://" and "smtp+tls://", restoring documented smtpd(8) behavior.
!
LibreSSL version XXX
New Features
***************
*** 1263,1269 ****
!
OpenSSH version XXX
Security
--- 1264,1270 ----
!
OpenSSH version XXX
Security
***************
*** 1651,1653 ****
--- 1652,1656 ----
would like to know more, the mailing list
ports@openbsd.org is a good place to know.
+
+