OpenBSD Journal

rpki-client 9.3 released

Contributed by rueda on from the key my routes not my car dept.

Sebastian Benoit (benno@) announced the release of version 9.3 of rpki-client, the essential component for routing security.

See the full announcement for further details.

Key excerpts from the release announcement:

This release includes the following changes to the previous release:

- Avoid a quadratic complexity issue in ibuf_realloc() due to misuse of
  recallocarray(). Transferring a manifest with a large FileAndHash
  list across a privsep boundary could cost significant resources.

- RRDP sessions are periodically reinitialized to snapshot at random
  intervals. RRDP deltas and snapshots can diverge content-wise over
  time, leaving stale files in the cache. Reinitialization is triggered
  at random with increasing probability with increasing snapshot age, at
  least once every three months. This helps garbage collection.

- The internal state file format changed. The first run after an upgrade
  may produce harmless warning messages about invalid last_reset.

- Signed Prefix List statistics are now only emitted when rpki-client
  is run with -x.
  This changes the JSON output: without -x some keys are missing from

- The -r command line option formerly enabling RRDP has long been the
  default and is now removed.

- The CRL number extension in CRLs is checked to be in the range [0..2^159-1]
  and otherwise the CRL is considered invalid, see

(Comments are closed)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]