Skip to content

Releases: rpki-client/rpki-client-portable

v7.4

15 Dec 17:15
@cjeker cjeker
7.4
fb0f8f1
Compare
Choose a tag to compare
v7.4

This release includes the following changes to the previous release:

  • Added support for validating BGPsec Router Public Keys.
  • Fix issues with chunked transfer encoding in the RRDP HTTP client.
  • Cleanup and improvement of how IO is handled.
  • Improvements in the way X509 certificates are verified.
  • Make rpki-client more resilient regarding untrusted input:
    • Limit the allowed character set for filename listings on
      Manifests.
    • Limit the length of SIA URIs.
    • Limit the size of certain untrusted inputs.
    • Don't exit on failures to parse x509 objects.
    • Limit the size of objects retreived via RRDP or RSYNC.
    • Limit the number of FileAndHash entries on a manifest.
    • Constrain RRDP such that the delta/snapshot files must be hosted
      at the same host as the notification file.
Assets 5
Loading

v7.3

15 Dec 17:17
@cjeker cjeker
7.3
0bf531a
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.3

This release includes the following changes to the previous release:

  • Improve the HTTP client code (status code handling, http proxy support, keep-alive).
  • In RRDP, do not access URI with userinfo (@-sign)
  • Improve RRDP syncing by considering a notification file serial jumping backwards as synced repository.
  • Make -R (rsync only) also apply to the fetching of TA files.
  • Only sync *.{cer,crl,gbr,mft,roa} files via rsync and exclude all others.
  • When producing output for OpenBGPd, make use of the 'roa-set expires' attribute to prevent machines from loading outdated roa-sets.
  • In RRDP, limit the number of deltas to 300 per repo. If more deltas exist, downloading a full snapshot is faster.
  • Limit the validation depth of X509 certificate chains to 12, double the current depth seen in RPKI.
Assets 5
Loading

v7.2

15 Dec 17:18
@cjeker cjeker
7.2
49729f2
Compare
Choose a tag to compare
v7.2

This release includes the following changes to the previous release:

  • Use RRDP as default protocol for syncronizing the RPKI repository
    data, with rsync used as secondary.
  • At startup, warn if the filesystem containing the cache directory
    is probably too small. 500 MB is the suggested minimum size.
  • Handle running out of disk space more gracefully, including cleanup
    of temporary and old files before exiting.
  • Improve the HTTP/1.1 request headers being sent.
  • Improved validation checks for ROA and MFT objects.
Assets 5
Loading