rpki-client 9.3

This release includes the following changes to the previous release:

• Avoid a quadratic complexity issue in ibuf_realloc() due to misuse of recallocarray(). Transferring a manifest with a large FileAndHash list across a privsep boundary could cost significant resources.

• RRDP sessions are periodically reinitialized to snapshot at random intervals. RRDP deltas and snapshots can diverge content-wise over time, leaving stale files in the cache. Reinitialization is triggered at random with increasing probability with increasing snapshot age, at least once every three months. This helps garbage collection.

• The internal state file format changed. The first run after an upgrade may produce harmless warning messages about invalid last_reset.

• Signed Prefix List statistics are now only emitted when rpki-client is run with -x. This changes the JSON output: without -x some keys are missing from 'metadata'.

• The -r command line option formerly enabling RRDP has long been the default and is now removed.

• The CRL number extension in CRLs is checked to be in the range [0..2^159-1] and otherwise the CRL is considered invalid, see https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-crl-numbers

rpki-client 9.2

This release includes the following changes to the previous release:

• Ensure synchronization jobs are stopped when the timeout is reached.

• Fix a corner case in repository handling. If the last RRDP repository failed to load, rpki-client would fail to fall back to rsync due to an ordering bug in the event loop.

• Improve detection of duplicate file paths. Only trigger a duplicate error if a valid path is revisited otherwise a bad CA could prevent legitimate files from being considered valid.

• Normalize internal representation of the caRepository to have a trailing slash and ensure that the rpkiManifest is a file inside it.

rpki-client 9.1

This release includes the following changes to the previous release:

• Impose same-origin policy for RRDP

  This addresses an oversight in the original RRDP specification (RFC8182) which allowed any publication server to cause load on another server by tricking RPs into making cross-origin requests. Imposing a same-origin policy in RRDP client/server communication isolates resources such as Delta and Snapshot files from different Repository Servers, reducing possible attack vectors. draft-ietf-sidrops-rrdp-same-origin

• Introduce tiebreaking for trust anchors

  Instead of always using newly-retrieved trust anchors, compare a fetched TA with one stored in the cache. Later notBefore and earlier notAfter are used to identify a trust anchor certificate as newer. This prevents certain forms of replay attack. draft-spaghetti-sidrops-rpki-ta-tiebreaker

• Fix internal identification of CA resource certificates

  The rpki-client utility tracks CA certificates across privilege separation boundaries. The original design was to use the subject key
  identifier, which is problematic because the SKI is not guaranteed to be globally unique. On the one hand, operators could choose to reuse their keys for multiple CAs and on the other hand, publishing a CA cert in the RPKI requires no proof of possession: anyone can publish CA certificates with any public key they please.

• Verify self-signage for trust anchors

  In other PKIs, trust anchors come from a trusted source and contain little to no important information apart from the public key. Therefore, libcrypto's chain verifier does not check their signatures by default because this "doesn't add any security and just wastes time". None of this is true in the RPKI and therefore trust anchors need an extra verification step.

• Introduce a check for filenames as presented by publication points

  Filenames presented by publication points are unsigned data, they must match the location in the signed object's EE certificate SIA extension which is signed data. This prevents some forms of replay attack. draft-ietf-sidrops-manifest-numbers

• Improved compliance with RFCs 6487 and 8209 for certificates and CRLs

  The issuer field of certificates and CRLs is checked to comply with section 4.4 of RFC 6487. Various aspects of URIs provided in SIA, AIA and CRL distribution points were improved. Criticality of key usage is now enforced and the extension is inspected for all certificate types.

• Presence of CMS signing-time is now enforced and presence of CMS binary-signing-time is disallowed, per RFC 9589.

• Lowered the maximum acceptable manifest number to 2^159 - 1, per draft-ietf-sidrops-manifest-numbers

• Limit number of validated ASPAs per customer ASID, per draft-ietf-sidrops-aspa-profile

• Ignore the CRL Number extension in CRLs, per draft-spaghetti-sidrops-rpki-crl-numbers

• Various minor bug fixes and improvements in logging and error reporting

v8.2

This release includes the following changes to the previous release:

• Add a new '-H' command line option to create a shortlist of repositories to synchronize to. For example, when invoking rpki-client -H rpki.ripe.net -H chloe.sobornost.net, the utility will not connect to any other hosts other than the two specified through the -H option.

• Add support for validating Geofeed (RFC 9092) authenticators. To see an example download https://sobornost.net/geofeed.csv and run rpki-client -f geofeed.csv

• Add support for validating Trust Anchor Key (TAK) objects. TAK objects can be used to produce new Trust Anchor Locators (TALs) signed by and verified against the previous Trust Anchor. See draft-ietf-sidrops-signed-tal for the full specification.

• Log lines related to RRDP/HTTPS connection problems now include the IP address of the problematic endpoint (in brackets).

• Improve the error message when an invalid filename is encountered in the rpkiManifest field in the Subject Access Information (SIA) extension.

• Emit a warning when unexpected X.509 extensions are encountered.

• Restrict the ROA ipAddrBlocks field to only allow two ROAIPAddressFamily structures (one per address family). See draft-ietf-sidrops-rfc6482bis.

• Check the absence of the Path Length constraint in the Basic Constraints extension.

• Restrict the SIA extension to only allow the signedObject and rpkiNotify accessMethods.

• Check that the Signed Object access method is present in ROA, MFT, ASPA, TAK, and GBR End-Entity certificates.

• In addition to the 'rsync://' scheme, also permit other schemes (such as 'https://') in the SIA signedObject access method.

• Check that the KeyUsage extension is set to nothing but digitalSignature on End-Entity certificates.

• Chect that the KeyUsage extension is set to nothing but keyCertSign and CRLSign on CA certificates.

• Check that the ExtendedKeyUsage extension is absent on CA certificates.

• Fix a bug in the handling of the port of http_proxy.

• The -r command line option has been deprecated.

• Filemode -f output is now presented as a text based table.

v8.0

This release includes the following changes to the previous release:

• Add suport for validating Autonomous System Provider Authorization
  (ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
  Validated ASPA payloads are visible in JSON and filemode (-f) output.
• Set rsync connection I/O idle timeout to 15 seconds.
• Unify the maximum idle I/O and connect timeouts for RSYNC & HTTPS.
• Rpki-client now performs stricter EE certificate validation:
  • Disallow AS Resources extensions in ROA EE certificates.
  • Disallow Subject Information Access (SIA) extensions in RPKI
    Signed Checklist (RSC) EE certs.
  • Check the resources in ROAs and RSCs against EE certs.
• Improve readability and add various information being printed in
  verbose mode.
• Extend filemode (-f) output and print X.509 certificates in PEM
  format when increased verbosity (-vv) is specified.
• Shorten the RRDP I/O idle timeout.
• Introduce a deadline timer that aborts all repository synchronization
  after seven eights of timeout (-s). With this rpki-client has improved
  chances to complete and produce an output even when a CA is excessivly
  slow.
• Abort a currently running RRDP request process when the per-repository
  timeout is reached.
• Permit multiple AccessDescription entries in SIA X.509 extensions. While
  fetching from secondary locations is not yet supported, rpki-client will
  not treat occurence as a fatal error.
• Resolve a potential for a race condition in non-atomic RRDP deltas.
• Fix some memory leaks.
• Improve compliance with the HTTP protocol specification.

v7.9

This release includes the following changes to the previous release:

• Add support for an operator-configurable skiplist facility. Operators
  can specify a list of FQDNs which should not be contacted when
  synchronizing the local cache to the network.

• Emit a warning when a RRDP session serial number decreases.

• DER decoding functions were refactored to leverage ASN.1 templates.

• Add support to validate & inspect .sig files containing RPKI Signed
  Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)

• Print various statistics after the completion of the main process.

• Add support to decode & print TAL (RFC 8630) details in filemode (-f).

• Emit objects in Concatenated JSON format when filemode (-f) and the JSON
  output flag (-j) are combined.

v7.8

This release includes the following changes to the previous release:

• Do not apply timezone offsets when converting X509 times. X509
  times are in UTC and comparing them to times in different timezones
  would cause validity problems.

v7.7

his release includes the following changes to the previous release:

• Add various RFC 6488 compliance checks to improve the CMS parser.
• Improve RRDP replication through less aggressive cache cleanup.
• Add a check whether a given Manifest EE certificate is listed on the
  applicable CRL.
• For forward compatibility permit ASPA object to appear on Manifests.
• Various improvements to the '-f ' diagnostic option to
  now also validate files containing Trust Anchor certs and CRLs.

v7.6

This release includes the following changes to the previous release:

• Enforce the correct namespace of rrdp files.
• Fail certificate verification if a certificate contains unknown
  critical extensions.
• Improve cleanup of rrdp directory contents.
• Introduce a validated cache which holds all the files that have
  successfully been verified by rpki-client.
• Add a new option '-f ' to validate a signed object in a file
  against the RPKI cache.

v7.5

This release includes the following changes to the previous release:

• Make rpki-client more resilient regarding untrusted input:
  • fail repository synchronisation after 15min runtime
  • limit the number of repositories per TAL
  • don't allow DOCTYPE definitions in RRDP XML files
  • fix detection of HTTP redirect loops.
• limit the number of concurrent rsync processes.
• fix CRLF in tal files.