diff --git a/configure.ac b/configure.ac
index d93599c3..6159ac94 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ([2.69])
-AC_INIT([fort],[1.6.1],[validadorfort@fortproject.net])
+AC_INIT([fort],[1.6.2],[validadorfort@fortproject.net])
AC_CONFIG_SRCDIR([src/main.c])
AM_INIT_AUTOMAKE([subdir-objects])
diff --git a/docs/_config.yml b/docs/_config.yml
index 735fc3fe..6df0b48a 100644
--- a/docs/_config.yml
+++ b/docs/_config.yml
@@ -8,7 +8,7 @@ defaults:
layout: "default"
image: "/img/logo_validador_og.png"
-fort-latest-version: 1.6.1
+fort-latest-version: 1.6.2
plugins:
- jekyll-seo-tag
- jekyll-sitemap
diff --git a/docs/index.md b/docs/index.md
index 3994a19b..ea183314 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,13 +1,12 @@
---
title: Home
-descrption: FORT validator is an RPKI Relying Party, a tool offered as part of the FORT project. It performs the validation of the entire RPKI repository and serves the resulting ROAs for easy access by your routers.
---
# {{ page.title }}
## Introduction
-The FORT validator is an MIT-licensed RPKI Relying Party, offered as part of the [FORT project](https://www.fortproject.net/). It is a service that performs the validation of the entire RPKI repository, and which serves the resulting ROAs for easy access by your routers.
+FORT validator is an MIT-licensed RPKI Relying Party, offered as part of the [FORT project](https://www.fortproject.net/). It is a service that performs the validation of the entire RPKI repository, and which serves the resulting ROAs for easy access by your routers.
## Status
diff --git a/docs/intro-fort.md b/docs/intro-fort.md
index ccc4735b..834c4028 100644
--- a/docs/intro-fort.md
+++ b/docs/intro-fort.md
@@ -13,40 +13,45 @@ Fort is an MIT-licensed RPKI Relying Party. It is a service that downloads the R
The Validator is a timer that, [every once in a while](usage.html#--serverintervalvalidation), resynchronizes its [local cache of the RPKI Repository](usage.html#--local-repository), validates the resulting [certificate chains](intro-rpki.html) and stores the resulting valid ROAs in memory. The RTR [Server](usage.html#--serveraddress) (which is part of the same binary) delivers these ROAs to any requesting routers.
-Fort is a command-line application intended for UNIX operating systems, written in C. (It requires a compiler that supports `-std=gnu11`.)
-
-## Standards Compliance
-
-Further information can be found in the subsections below.
-
-| RFC | Implemented |
-|----------------------------------------------------------------------------|-------------|
-| [3779](https://tools.ietf.org/html/rfc3779) (IP & AS Extensions) | 100% |
-| [6350](https://tools.ietf.org/html/rfc6350) (vCard) | 0% |
-| [6482](https://tools.ietf.org/html/rfc6482) (ROA) | 100% |
-| [6486](https://tools.ietf.org/html/rfc6486) (Manifests) | 100% |
-| [6487](https://tools.ietf.org/html/rfc6487) (Resource Certificates & CRLs) | 100% |
-| [6488](https://tools.ietf.org/html/rfc6488) (Signed Objects) | 100% |
-| [6493](https://tools.ietf.org/html/rfc6493) (Ghostbusters) | 100% |
-| [6810](https://tools.ietf.org/html/rfc6810) (RTR Version 0) | 100% |
-| [7318](https://tools.ietf.org/html/rfc7318) (Policy Qualifiers) | 100% |
-| [7935](https://tools.ietf.org/html/rfc7935) (RPKI algorithms) | 100% |
-| [8182](https://tools.ietf.org/html/rfc8182) (RRDP) | 100% |
-| [8209](https://tools.ietf.org/html/rfc8209) (BGPSec Certificates) | 0% (This code was [disabled](https://github.com/NICMx/FORT-validator/issues/58#issuecomment-941977925) in version 1.5.2) |
-| [8210](https://tools.ietf.org/html/rfc8210) (RTR Version 1) | 100% |
-| [8360](https://tools.ietf.org/html/rfc8360) (Validation Reconsidered) | 100% |
-| [8416](https://tools.ietf.org/html/rfc8416) (SLURM) | 100% |
-| [8608](https://tools.ietf.org/html/rfc8608) (BGPsec algorithms) | 100% |
-| [8630](https://tools.ietf.org/html/rfc8630) (TALs with HTTPS URIs) | 100% |
-
-### RFC 6350 (vCard)
-
-The vCard format is only used by Ghostbusters records. 6350 defines the basic vCard format, while 6493 defines additional requirements for Ghostbusters-specific vCard.
-
-The specific validations have been implemented, while the basic ones have not.
-
-## TO-DO
-
-- Reach 100% RFC compliance
-- Trigger revalidation and SLURM reload on SIGHUP.
-- Configurable origin address for outgoing requests.
+Fort is a command-line application intended for UNIX operating systems, written in C.
+
+## Roadmap
+
+
+
+| Issue | Title | Urgency | Due release |
+|-------|-------|---------|-------------|
+| [issue122](https://github.com/NICMx/FORT-validator/issues/122) | New invocation mode: Decode and print RPKI file in standard output | Very High | 1.6.2 |
+| [issue82](https://github.com/NICMx/FORT-validator/issues/82) | Reach 100% RFC 9286 compliance | Critical | 1.6.3 |
+| [issue112](https://github.com/NICMx/FORT-validator/issues/112) | Enforce same origin for RRDP files | High | 1.6.3 |
+| [issue113](https://github.com/NICMx/FORT-validator/issues/113) | Detect and properly respond to subtler RRDP session desynchronization | Medium | 1.6.3 |
+| [issue114](https://github.com/NICMx/FORT-validator/issues/114) | Support automatic TA key rollover | Very High | 1.6.4 |
+| [issue50](https://github.com/NICMx/FORT-validator/issues/50) | Provide prometheus endpoint | Very High | 1.6.5 |
+| [issue58](https://github.com/NICMx/FORT-validator/issues/58) | Fort's validation produces no router keys | Very High | 1.6.6 |
+| [issue74](https://github.com/NICMx/FORT-validator/issues/74) | Kill rsync if a timeout is exceeded | Very High | 1.6.7 |
+| [issue116](https://github.com/NICMx/FORT-validator/issues/116) | SLURM review | High | - |
+| [issue118](https://github.com/NICMx/FORT-validator/issues/118) | Implement validation re-reconsidered | High | - |
+| [issue119](https://github.com/NICMx/FORT-validator/issues/119) | Review IRIs to file names transition | High | - |
+| [issue120](https://github.com/NICMx/FORT-validator/issues/120) | Error messages review | High | - |
+| [issue121](https://github.com/NICMx/FORT-validator/issues/121) | Refactor validation and operation logging | High | - |
+| [issue72](https://github.com/NICMx/FORT-validator/issues/72) | Encrypt RTR | Medium | - |
+| [issue73](https://github.com/NICMx/FORT-validator/issues/73) | Minimize probability of RTR session ID and serial reuse | Medium | - |
+| [issue90](https://github.com/NICMx/FORT-validator/issues/90) | Add "metadata" section to json output | Medium | - |
+| [issue91](https://github.com/NICMx/FORT-validator/issues/91) | Add "ta" field to ROAs in json output | Medium | - |
+| [issue97](https://github.com/NICMx/FORT-validator/issues/97) | Add "incidence" fields for every nonfatal RFC incompliance | Medium | - |
+| [issue117](https://github.com/NICMx/FORT-validator/issues/117) | Warn on maxLength defined on SLURM | Medium | - |
+| [issue124](https://github.com/NICMx/FORT-validator/issues/124) | Atomize output files (`--output.roa` and `--output.bgpsec`) | Medium | - |
+| [issue125](https://github.com/NICMx/FORT-validator/issues/125) | ASN.1 review | Medium | - |
+| [issue126](https://github.com/NICMx/FORT-validator/issues/126) | Exhaustive URL validation | Medium | - |
+| [issue127](https://github.com/NICMx/FORT-validator/issues/127) | Stream RRDP files | Medium | - |
+| [issue128](https://github.com/NICMx/FORT-validator/issues/128) | Reuse TCP connections for HTTP requests to same server | Medium | - |
+| [issue129](https://github.com/NICMx/FORT-validator/issues/129) | Rethink the thread pools | Medium | - |
+| [issue130](https://github.com/NICMx/FORT-validator/issues/130) | Improve documentation | Medium | - |
+| [issue40](https://github.com/NICMx/FORT-validator/issues/40) | failure scenarios, monitoring and glibc recommendations | Low | - |
+| [issue42](https://github.com/NICMx/FORT-validator/issues/42) | reload feature: restart validation on SIGHUP | Low | - |
+| [issue70](https://github.com/NICMx/FORT-validator/issues/70) | Do a quick temporary offline validation to prevent `No Data Available` | Low | - |
+| [issue123](https://github.com/NICMx/FORT-validator/issues/123) | New invocation mode: Validate single file | Low | - |
+| [issue131](https://github.com/NICMx/FORT-validator/issues/131) | Implement vCard validation | Low | - |
+| [issue132](https://github.com/NICMx/FORT-validator/issues/132) | Implement RTRv2 | Low | - |
+| [issue134](https://github.com/NICMx/FORT-validator/issues/134) | Implement draft-ietf-sidrops-cms-signing-time | Low | - |
+
diff --git a/docs/roadmap.md b/docs/roadmap.md
deleted file mode 100644
index ba10e040..00000000
--- a/docs/roadmap.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Roadmap
----
-
-# Roadmap
-
-
-
-| Issue | Title | Urgency | Due release |
-|-------|-------|---------|-------------|
-| [issue122](https://github.com/NICMx/FORT-validator/issues/122) | New invocation mode: Decode and print RPKI file in standard output | Very High | 1.6.2 |
-| [issue82](https://github.com/NICMx/FORT-validator/issues/82) | Reach 100% RFC 9286 compliance | Critical | 1.6.3 |
-| [issue112](https://github.com/NICMx/FORT-validator/issues/112) | Enforce same origin for RRDP files | High | 1.6.3 |
-| [issue113](https://github.com/NICMx/FORT-validator/issues/113) | Detect and properly respond to subtler RRDP session desynchronization | Medium | 1.6.3 |
-| [issue50](https://github.com/NICMx/FORT-validator/issues/50) | Provide prometheus endpoint | Very High | - |
-| [issue58](https://github.com/NICMx/FORT-validator/issues/58) | Fort's validation produces no router keys | Very High | - |
-| [issue74](https://github.com/NICMx/FORT-validator/issues/74) | Kill rsync if a timeout is exceeded | Very High | - |
-| [issue114](https://github.com/NICMx/FORT-validator/issues/114) | Support automatic TA key rollover | Very High | - |
-| [issue116](https://github.com/NICMx/FORT-validator/issues/116) | SLURM review | High | - |
-| [issue118](https://github.com/NICMx/FORT-validator/issues/118) | Implement validation re-reconsidered | High | - |
-| [issue119](https://github.com/NICMx/FORT-validator/issues/119) | Review IRIs to file names transition | High | - |
-| [issue120](https://github.com/NICMx/FORT-validator/issues/120) | Error messages review | High | - |
-| [issue121](https://github.com/NICMx/FORT-validator/issues/121) | Refactor validation and operation logging | High | - |
-| [issue72](https://github.com/NICMx/FORT-validator/issues/72) | Encrypt RTR | Medium | - |
-| [issue73](https://github.com/NICMx/FORT-validator/issues/73) | Minimize probability of RTR session ID and serial reuse | Medium | - |
-| [issue90](https://github.com/NICMx/FORT-validator/issues/90) | Add "metadata" section to json output | Medium | - |
-| [issue91](https://github.com/NICMx/FORT-validator/issues/91) | Add "ta" field to ROAs in json output | Medium | - |
-| [issue97](https://github.com/NICMx/FORT-validator/issues/97) | Add "incidence" fields for every nonfatal RFC incompliance | Medium | - |
-| [issue117](https://github.com/NICMx/FORT-validator/issues/117) | Warn on maxLength defined on SLURM | Medium | - |
-| [issue124](https://github.com/NICMx/FORT-validator/issues/124) | Atomize output files (`--output.roa` and `--output.bgpsec`) | Medium | - |
-| [issue125](https://github.com/NICMx/FORT-validator/issues/125) | ASN.1 review | Medium | - |
-| [issue126](https://github.com/NICMx/FORT-validator/issues/126) | Exhaustive URL validation | Medium | - |
-| [issue127](https://github.com/NICMx/FORT-validator/issues/127) | Stream RRDP files | Medium | - |
-| [issue128](https://github.com/NICMx/FORT-validator/issues/128) | Reuse TCP connections for HTTP requests to same server | Medium | - |
-| [issue129](https://github.com/NICMx/FORT-validator/issues/129) | Rethink the thread pools | Medium | - |
-| [issue130](https://github.com/NICMx/FORT-validator/issues/130) | Improve documentation | Medium | - |
-| [issue40](https://github.com/NICMx/FORT-validator/issues/40) | failure scenarios, monitoring and glibc recommendations | Low | - |
-| [issue42](https://github.com/NICMx/FORT-validator/issues/42) | reload feature: restart validation on SIGHUP | Low | - |
-| [issue70](https://github.com/NICMx/FORT-validator/issues/70) | Do a quick temporary offline validation to prevent `No Data Available` | Low | - |
-| [issue123](https://github.com/NICMx/FORT-validator/issues/123) | New invocation mode: Validate single file | Low | - |
-| [issue131](https://github.com/NICMx/FORT-validator/issues/131) | Implement vCard validation | Low | - |
-| [issue132](https://github.com/NICMx/FORT-validator/issues/132) | Implement RTRv2 | Low | - |
-
diff --git a/docs/usage.md b/docs/usage.md
index 59f529fc..9c3dfb3a 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -943,12 +943,11 @@ The configuration options are mostly the same as the ones from the `argv` interf
{
"tal": "/tmp/fort/tal/",
"local-repository": "/tmp/fort/repository",
- "work-offline": false,
"maximum-certificate-depth": 32,
+ "slurm": "/tmp/fort/test.slurm",
"mode": "server",
+ "work-offline": false,
"daemon": false,
- "slurm": "/tmp/fort/test.slurm",
- "asn1-decode-max-stack": 4096,
"server": {
"address": [
@@ -968,43 +967,6 @@ The configuration options are mostly the same as the ones from the `argv` interf
}
},
- "log": {
- "enabled": true,
- "output": "console",
- "level": "info",
- "tag": "Operation",
- "facility": "daemon",
- "file-name-format": "global-url",
- "color-output": false
- },
-
- "validation-log": {
- "enabled": false,
- "output": "console",
- "level": "warning",
- "tag": "Validation",
- "facility": "daemon",
- "file-name-format": "global-url",
- "color-output": false
- },
-
- "http": {
- "enabled": true,
- "priority": 60,
- "retry": {
- "count": 1,
- "interval": 4
- },
- "user-agent": "{{ page.command }}/{{ site.fort-latest-version }}",
- "max-redirs": 10,
- "connect-timeout": 30,
- "transfer-timeout": 0,
- "low-speed-limit": 100000,
- "low-speed-time": 10,
- "max-file-size": 1000000000,
- "ca-path": "/usr/local/ssl/certs"
- },
-
"rsync": {
"enabled": true,
"priority": 50,
@@ -1032,28 +994,60 @@ The configuration options are mostly the same as the ones from the `argv` interf
]
},
+ "http": {
+ "enabled": true,
+ "priority": 60,
+ "retry": {
+ "count": 1,
+ "interval": 4
+ },
+ "user-agent": "fort/1.6.2",
+ "max-redirs": 10,
+ "connect-timeout": 30,
+ "transfer-timeout": 0,
+ "low-speed-limit": 100000,
+ "low-speed-time": 10,
+ "max-file-size": 1000000000,
+ "ca-path": "/usr/local/ssl/certs"
+ },
+
+ "log": {
+ "enabled": true,
+ "output": "console",
+ "level": "info",
+ "tag": "Operation",
+ "facility": "daemon",
+ "file-name-format": "global-url",
+ "color-output": false
+ },
+
+ "validation-log": {
+ "enabled": false,
+ "output": "console",
+ "level": "warning",
+ "tag": "Validation",
+ "facility": "daemon",
+ "file-name-format": "global-url",
+ "color-output": false
+ },
+
"incidences": [
{
"name": "incid-hashalg-has-params",
"action": "ignore"
- },
- {
+ }, {
"name": "incid-obj-not-der-encoded",
"action": "ignore"
- },
- {
+ }, {
"name": "incid-file-at-mft-not-found",
"action": "error"
- },
- {
+ }, {
"name": "incid-file-at-mft-hash-not-match",
"action": "error"
- },
- {
+ }, {
"name": "incid-mft-stale",
"action": "error"
- },
- {
+ }, {
"name": "incid-crl-stale",
"action": "error"
}
@@ -1065,6 +1059,8 @@ The configuration options are mostly the same as the ones from the `argv` interf
"format": "csv"
},
+ "asn1-decode-max-stack": 4096,
+
"thread-pool": {
"server": {
"max": 20
diff --git a/man/fort.8 b/man/fort.8
index d64fcd65..803a65f2 100644
--- a/man/fort.8
+++ b/man/fort.8
@@ -1,4 +1,4 @@
-.TH fort 8 "2023-12-15" "v1.6.1" "FORT validator"
+.TH fort 8 "2024-05-24" "v1.6.2" "FORT validator"
.SH NAME
fort \- RPKI validator and RTR server
@@ -18,19 +18,19 @@ fort \- RPKI validator and RTR server
.SH DESCRIPTION
-Fort is an RPKI "Relying Party" (RP). It's an artifact that validates Route
-Origin Attestations (ROAs) and BGPsec Router Keys, by way of a Public Key
+Fort is an RPKI "Relying Party" (RP), an artifact that validates Route
+Origin Attestations (ROAs) by way of a Public Key
Infrastructure (PKI). ROAs are employed by routers, to verify BGP routing
attestations.
.P
-The main validation input is one or more Trust Anchor Locator (TAL) files
+Its main input is one or more Trust Anchor Locator (TAL) files
(\fI--tal\fR), which point to the RPKI Trust Anchors (ie. root certificates).
Fort downloads all the resources governed by the trust anchors into a local
cache (\fI--local-repository\fR), and proceeds to validate their entirety. The
-output of the validation is a set of trusted ROAs and Router Keys, which are
-printed to files (\fI--output.roa\fR and \fI--output.bgpsec\fR) and/or served to
+output of the validation is a set of VRPs (Validated ROA Payloads), which are
+served to
routers (\fI--mode=server\fR, \fI--server.address\fR, \fI--server.port\fR)
-through the RTR protocol (version 0 or 1).
+through the RTR protocol (RFC 6810).
.SH OPTIONS
.TP
@@ -1200,12 +1200,11 @@ to a specific value:
{
"tal": "/tmp/fort/tal/",
"local-repository": "/tmp/fort/repository",
- "work-offline": false,
"maximum-certificate-depth": 32,
+ "slurm": "/tmp/fort/test.slurm",
"mode": "server",
+ "work-offline": false,
"daemon": false,
- "slurm": "/tmp/fort/test.slurm",
- "asn1-decode-max-stack": 4096,
"server": {
"address": [
@@ -1225,43 +1224,6 @@ to a specific value:
}
},
- "log": {
- "enabled": true,
- "output": "console",
- "level": "info",
- "tag": "Operation",
- "facility": "daemon",
- "file-name-format": "global-url",
- "color-output": false
- },
-
- "validation-log": {
- "enabled": false,
- "output": "console",
- "level": "warning",
- "tag": "Validation",
- "facility": "daemon",
- "file-name-format": "global-url",
- "color-output": false
- },
-
- "http": {
- "enabled": true,
- "priority": 60,
- "retry": {
- "count": 1,
- "interval": 4
- },
- "user-agent": "fort/1.6.0",
- "max-redirs": 10,
- "connect-timeout": 30,
- "transfer-timeout": 0,
- "low-speed-limit": 100000,
- "low-speed-time": 10,
- "max-file-size": 1000000000,
- "ca-path": "/usr/local/ssl/certs"
- },
-
"rsync": {
"enabled": true,
"priority": 50,
@@ -1289,28 +1251,60 @@ to a specific value:
]
},
+ "http": {
+ "enabled": true,
+ "priority": 60,
+ "retry": {
+ "count": 1,
+ "interval": 4
+ },
+ "user-agent": "fort/1.6.2",
+ "max-redirs": 10,
+ "connect-timeout": 30,
+ "transfer-timeout": 0,
+ "low-speed-limit": 100000,
+ "low-speed-time": 10,
+ "max-file-size": 1000000000,
+ "ca-path": "/usr/local/ssl/certs"
+ },
+
+ "log": {
+ "enabled": true,
+ "output": "console",
+ "level": "info",
+ "tag": "Operation",
+ "facility": "daemon",
+ "file-name-format": "global-url",
+ "color-output": false
+ },
+
+ "validation-log": {
+ "enabled": false,
+ "output": "console",
+ "level": "warning",
+ "tag": "Validation",
+ "facility": "daemon",
+ "file-name-format": "global-url",
+ "color-output": false
+ },
+
"incidences": [
{
"name": "incid-hashalg-has-params",
"action": "ignore"
- },
- {
+ }, {
"name": "incid-obj-not-der-encoded",
"action": "ignore"
- },
- {
+ }, {
"name": "incid-file-at-mft-not-found",
"action": "error"
- },
- {
+ }, {
"name": "incid-file-at-mft-hash-not-match",
"action": "error"
- },
- {
+ }, {
"name": "incid-mft-stale",
"action": "error"
- },
- {
+ }, {
"name": "incid-crl-stale",
"action": "error"
}
@@ -1322,6 +1316,8 @@ to a specific value:
"format": "csv"
},
+ "asn1-decode-max-stack": 4096,
+
"thread-pool": {
"server": {
"max": 20