NTS: removed "not implemented" on server ca

Gary E. Miller gem at rellim.com
Tue Apr 2 22:30:32 UTC 2019

Yo Hal!

On Tue, 02 Apr 2019 14:59:13 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:

> >> We could consider having ntpd crash if there are any problems
> >> parsing the config file.  
> > At least for anything security related.  
> The parser can't tell if an error is security related - as your
> example demonstrates.

If nts in on the server line, any failure should be fatal.

> > Another test.  So I put the pi3 fullchain.pem in /tmp.  I still can
> > not connect with this config:   
>  I haven't worked with the directory mode.  What's in your pem file?

It is the Lets Encrypt fullchain.pem.

> I think openssl is expecting the root cert.

Well, I don't have one.  Remember, LE has no "the root cert".

And in the case of ostfalia, I only could get their root cert becuase I
was talking to the guy.  Much more common case is I just have the end

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190402/45ea7fad/attachment.bin>

More information about the devel mailing list