BSDSec

deadsimple BSD Security Advisories and Announcements

rpki-client 7.7 has just been released

7 April, 2022 by benno@openbsd.org | openbsd 

rpki-client 7.7 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of a BGP announcement. The program queries the
global RPKI repository system and outputs validated ROA payloads and
BGPsec Router keys in the configuration format of OpenBGPD, BIRD, and
also as CSV or JSON objects for consumption by other routing stacks.

See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the Internet's global routing system.

rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.

This release includes the following changes to the previous release:

  - Add various RFC 6488 compliance checks to improve the CMS parser.
  - Improve RRDP replication through less aggressive cache cleanup.
  - Add a check whether a given Manifest EE certificate is listed on the
    applicable CRL.
  - For forward compatibility permit ASPA object to appear on Manifests.
  - Various improvements to the '-f <file>' diagnostic option to
    now also validate files containing Trust Anchor certs and CRLs.

rpki-client works on all operating systems with a libcrypto library
based on OpenSSL 1.1 or LibreSSL 3.3, and a libtls library compatible
with LibreSSL 3.4 or later.

rpki-client is known to compile and run on at least the following
operating systems: Alpine, CentOS, Debian, Fedora, FreeBSD, Red Hat,
Rocky, Ubuntu, macOS, and of course OpenBSD!

It is our hope that packagers take interest and help adapt
rpki-client-portable to more distributions.

The mirrors where rpki-client can be found are on
https://www.rpki-client.org/portable.html

Reporting Bugs:
===============

General bugs may be reported to tech@openbsd.org

Portable bugs may be filed at
https://github.com/rpki-client/rpki-client-portable

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.

Assistance to coordinate security issues is available via
security@openbsd.org.