v1.2.0
The main updates at this release are:
- RFC 8182 "The RPKI Repository Delta Protocol (RRDP)" support.
- RFC 8630 "Resource Public Key Infrastructure (RPKI) Trust Anchor Locator" support.
- New incidence
incid-obj-not-der-encodedto validate DER encoding of a signed object (see RFC 6488 section 3 bullet 1.l). - Remember last valid SLURM in case of syntax error with newer SLURMs(s).
- Setup script to ease ARINs TAL download (see more).
sync-strategywill be deprecated, log a warning and invite to usersync.strategyinstead.
The public key to verify the tarball is here (it isn't certified yet).
Changes since v1.1.3:
-
Bug fixes
- Solve issue #9 "Use previous valid SLURM configuration on SLURM error": whenever there's an error, apply the last valid SLURM version.
- If an empty value was sent to arguments that expect paths (eg.
fort --tal=), this was treated as valid; now this isn't allowed. - rsync execution logs didn't logged to syslog, now they do.
- Allow reuse server address/port on restart.
- Try to fetch the trust anchor certificate from another URI whenever the previous TAL URI wasn't fetched due to an error.
- Standard output wasn't flushed when the console logs where piped, now it is flushed.
-
Updates
- Support RRDP (solves issue #20).
- Support HTTPS URIs in TALs (solves issue #19).
- Add new incidence
incid-obj-not-der-encodedto validate signed objects DER encoding. - Log additional information on start/end of a validation cycle, the information is printed at log level
info:- When a client starts/ends a connection, or when the connection is killed (print its address and an internal ID).
- When a new validation cycle is started and finished (includes number of valid Prefixes and Router Keys, current/new serial number, and real execution time).
- Add setup script to ease ARINs TAL download, explicitly accepting their RPA. The script does the following:
- Invites to agree ARIN RPA and downloads ARIN's TAL.
- Downloads the rest of the TALS from github repository.
- Creates a local repository directory, and an example configuration file.
- Create
examplesdirectory:- Move
taldirectory to this new directory. - Add a valid configuration file.
- Add a valid SLURM file.
- Move
- New configuration arguments added:
work-offline: Disables outgoing requests to work only with local files fromlocal-repository.http.user-agent: User-Agent header set at HTTP requests.http.connect-timeout: Timeout in seconds for the connect phase at HTTP requests.http.transfer-timeout: Maximum allowed time that an HTTP request can take.http.idle-timeout: Maximum idle time during an HTTP request.http.ca-path: Directory where CA certs to verify peers are found.rrdp.enabled: Enables RRDP files processing.rrdp.priority: Priority to use this protocol whenever a CA has another option to access the repository files.rrdp.retry.count: Maximum number of retries on requests error.rrdp.retry.interval: Interval (in seconds) between each retry.rsync.enabled: Enables RSYNC execution.rsync.priority: Priority to use this protocol whenever a CA has another option to access the repository files.rsync.strategy: Synchronization download strategy (replacessync-strategy).rsync.retry.count: Maximum number of retries whenever there's an execution error.rsync.retry.interval: Interval (in seconds) between each retry.asn1-decode-max-stack: indicates the max stack size that can be utilized when decoding ASN1 objects (mainly to avoid a stack overflow).
- Update unit tests.
-
Docs
- Indicate full RFC 8182 and RFC 8630 compliance.
- Add docs for new configuration parameters (at web docs module 'Program arguments' and user man).
- Add the usage of the setup script at Installation module, as well as the new dependencies of
libcurlandlibxml2. - Add new section 'Routers', contains a basic explanation of data exchange with routers.
- Update 'Incidences' module to include DER encoding validation (
incid-obj-not-der-encoded). - Update RFC compliance of RFC 6488 to 100%.
- Update READMEs to use relative paths instead of always use master URLs.
- Replace '2019' year refs to '2020'.