rpki-client 6.8p1

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisations (ROAs) and finally outputs Validated ROA Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by other routing stacks.

Tags rpki bgp routing security bird openbgpd
License ISC
State stable

Recent Releases

6.8p112 Nov 2020 20:33 security: Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. Add compat code for the LibreSSL ASN1_time_parse() and ASN1_time_tm_cmp() functions. Those are needed to properly check the validity of MFT files.
6.8p020 Oct 2020 21:07 major feature: Improve how repositories are downloaded: do not fetch symlinks and clean extraneous files in the repositories after download using the cryptographically signed RPKI manifest listings. Fix a bug where rpki-client could hang after calling rsync. Remove the -f option, no longer needed. Improved validation of the trust anchors. Add new option '-s timeout' to make rpki-client automatically terminate after a timeout (default 1 hour). This helps when rpki-client is run via cron to prevent a hanging process to cause problems. Portability improvements: Replace warnc() with warnx() + strerror(), replace b64_pton() with code using the libcrypto EVP_Decode* functionality, adjust for OpenSSL 1.1.x compatible use of the EVP_ENCODE_CTX struct.
6.7p130 Jul 2020 22:54 security: Incorrect use of "EVP_PKEY_cmp" allowed an authentication bypass.
6.7p019 May 2020 00:38 major bugfix: Document the suggested interval for running rpki-client in man page. Always initialize cachedir and outputdir. Print statistics as comments at the top of the output files which can take comments, including the date and time when the files were produced, and runtime statistics when producing them. Improve log messages to clarify what's happening. Fix a bug where rpki-client would not properly wait for exiting rsync processes, causing rpki-client to hang.