NTS: removed "not implemented" on server ca
Hal Murray
hmurray at megapathdsl.net
Tue Apr 2 21:59:13 UTC 2019
>> The parser actually does complain. But if you are like me and put
>> the log file in the config file rather than the command line, the
>> parser errors go to syslog.
> Uh, no:
> kong /usr/local/src/GPS/gpsd/gpsd # fgrep NTP /var/log/messages kong /usr/
> local/src/GPS/gpsd/gpsd #=20
grep for ntpd
>> Not my problem. Nobody told me to open anything.
> We just agreed that my bad config file cause NTPD to connect insecurely
> (open) instead of with NTS. So, noeon told you to open that connection, but
> your NTS software did. I thought NTS was your problem? Unless you want to
> have Eric fix the parser...
Sorry. My "open" was referring to a file/dir for cert(s).
>> We could consider having ntpd crash if there are any problems parsing
>> the config file.
> At least for anything security related.
The parser can't tell if an error is security related - as your example
demonstrates.
> Another test. So I put the pi3 fullchain.pem in /tmp. I still can not
> connect with this config:
I haven't worked with the directory mode. What's in your pem file? I think
openssl is expecting the root cert.
--
These are my opinions. I hate spam.
More information about the devel
mailing list