rpki-client 7.0 released
15 April, 2021 by email@example.com | openbsd
rpki-client 7.0 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon. rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system and outputs Validated ROA Payloads in the configuration format of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by other routing stacks. See RFC 6811 for a description of how BGP Prefix Origin Validation secures the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, and Sebastian Benoit as part of the OpenBSD Project and gets released as a base component of OpenBSD every six months, and follows the OpenBSD release numbering scheme. This release includes the following changes to the previous release: * Added RRDP (The RPKI Repository Delta Protocol, RFC 8182) support as a 'technology preview'. To use it, the "-r" flag needs to be used. * Support the use of more than one URI in the TAL file sorting with a preference for https. * Validation of ghostbuster records (RFC 6493) * Fixed checks of the manifest validity interval. * The rsync connection is now killed when the rsync server stalls. * Limited the URL embedded in .cer files to alphanumeric characters and punctuation. * Added a "-V" option to show version. * Included the default cert.pem file path in tls_load_file error messages. * Use of the ibuf (imsg) API for data exchange between the rpki-client processes. In the portable version, * Emit all output formats, no need to choose with options. * Changes to for using github actions forautomatic testing. * The RRDP support requires HTTPS connections, necessitating a dependency for libtls from LibreSSL. * Support for building rpki-client on MacOSX. * Added expat as an extra dependency, needed for RRDP support. Finally, with this release, we will change the way in which we release rpki-client updates: Instead of tracking OpenBSD releases every 6 months and providing patches for bugfixes in the intervening time, we will produce full releases more often. We hope that this will give users on other operating systems earlier access to new features. If security bugs necessitate an update, a full release will be provided that may also include new features that were developed up to that point. rpki-client is known to compile and run on at least the following operating systems: Alpine 3.12, Debian 9, 10, Fedora 31, 32, 33, macOS Catalina, RHEL/CentOS 7, 8, Windows Subsystem for Linux 2. It is our hope that packagers take interest and help adapt rpki-client-portable to more distributions. The mirrors where rpki-client can be found are on https://www.rpki-client.org/portable.html Reporting Bugs: =============== General bugs may be reported to firstname.lastname@example.org Portable bugs may be filed at https://github.com/rpki-client/rpki-client-portable We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.