Contributed by rueda on from the key-toning dept.
Sebastian Benoit (benno@
)
announced
the release of
version 8.9
of
rpki-client.
Updating is recommended for "improved reliability".
Excerpt from the release announcement:
This release includes the following changes to the previous release: - The handling of manifests fetched via rsync or RRDP was reworked to fully conform to RFC 9286. The issuance date and manifest number of the purported new manifest file must have been increased, otherwise the cached version is used. - As a consequence of the above changes, some warnings for .mft files were reworded. The notion of a stale manifest is no longer used. The following counters will be removed in rpki-client 9.0: - The stalemanifest counter in JSON output. - The "stale" state for manifest objects in Open Metrics output. - A race condition between closing an idle connection and scheduling a new request on it could trigger an assert in rare circumstances. - The evaluation time specified with -P now also applies to trust anchor certificates. - Check that the entire CMS eContent was consumed. Previously, trailing data would be silently discarded on deserialization of products. - In file mode do not consider overclaiming intermediate CA certificates as invalid. A warning is still issued. - Print the revocation time of certificates in file mode. - Be more careful when converting OpenSSL numeric identifiers (NIDs) to strings.
(Comments are closed)