NTS: removed "not implemented" on server ca

Hal Murray hmurray at megapathdsl.net
Tue Apr 2 21:59:13 UTC 2019

>> The parser actually does complain.  But if you are like me and put
>> the log file in the config file rather than the command line, the
>> parser errors go to syslog.

> Uh, no:
> kong /usr/local/src/GPS/gpsd/gpsd # fgrep NTP /var/log/messages kong /usr/
> local/src/GPS/gpsd/gpsd #=20 

grep for ntpd

>> Not my problem.  Nobody told me to open anything.
> We just agreed that my bad config file cause NTPD to connect insecurely
> (open) instead of with NTS.  So, noeon told you to open that connection, but
> your NTS software did.  I thought NTS was your problem?  Unless you want to
> have Eric fix the parser... 

Sorry.  My "open" was referring to a file/dir for cert(s).

>> We could consider having ntpd crash if there are any problems parsing
>> the config file.
> At least for anything security related.

The parser can't tell if an error is security related - as your example 

> Another test.  So I put the pi3 fullchain.pem in /tmp.  I still can not
> connect with this config: 

 I haven't worked with the directory mode.  What's in your pem file?  I think 
openssl is expecting the root cert.

These are my opinions.  I hate spam.

More information about the devel mailing list