NTS: removed "not implemented" on server ca
Gary E. Miller
gem at rellim.com
Tue Apr 2 22:30:32 UTC 2019
Yo Hal!
On Tue, 02 Apr 2019 14:59:13 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:
> >> We could consider having ntpd crash if there are any problems
> >> parsing the config file.
> > At least for anything security related.
>
> The parser can't tell if an error is security related - as your
> example demonstrates.
If nts in on the server line, any failure should be fatal.
> > Another test. So I put the pi3 fullchain.pem in /tmp. I still can
> > not connect with this config:
>
> I haven't worked with the directory mode. What's in your pem file?
It is the Lets Encrypt fullchain.pem.
> I think openssl is expecting the root cert.
Well, I don't have one. Remember, LE has no "the root cert".
And in the case of ostfalia, I only could get their root cert becuase I
was talking to the guy. Much more common case is I just have the end
cert.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190402/45ea7fad/attachment.bin>
More information about the devel
mailing list