NTS: removed "not implemented" on server ca

Gary E. Miller gem at rellim.com
Tue Apr 2 22:35:22 UTC 2019

Yo Hal!

On Tue, 02 Apr 2019 15:02:20 -0700
Hal Murray <hmurray at megapathdsl.net> wrote:

> > Any way to get that into ntp.log?  My /var/log/messages grows
> > massively by the second...   
> You can switch the log file from the command line.  I haven't tried
> it.

I'd prefer a sane default.

> > So it found the moved -4 flag, but missed the other problems.  
> > Apr  2 11:25:42 kong ntpd[12859]: CONFIG: line 46 column 20 syntax
> > error, unexpected T_Ipv4_flag, expecting T_EOC Apr  2 11:25:42 kong
> > ntpd[12859]: CONFIG: syntax error in /etc/ntp.conf line 46, column
> > 20   
> What does line 46 look like?

As you noted, it had the -4 after the servername, not before.

On that note, when NTS returns "pi3.rellim.com", how do I tell
NTPD to use the IPv4 or IPv6?

Also, still broken for me when the fullchain.pem is in /tmp:

server -4 pi3.rellim.com nts maxpoll 5 ca /tmp  # pi3

2019-04-02T15:33:02 ntpd[12998]: DNS: dns_probe: pi3.rellim.com, cast_flags:1, f
2019-04-02T15:33:02 ntpd[12998]: NTSc: DNS lookup of pi3.rellim.com took 0.000 s
2019-04-02T15:33:02 ntpd[12998]: NTSc: nts_probe connecting to pi3.rellim.com:12
3 =>
2019-04-02T15:33:02 ntpd[12998]: NTSc: Using dir /tmp for root certificates.
2019-04-02T15:33:02 ntpd[12998]: NTSc: set cert host: pi3.rellim.com
2019-04-02T15:33:02 ntpd[12998]: NTSc: Using TLSv1.2, AES256-GCM-SHA384 (256)
2019-04-02T15:33:02 ntpd[12998]: NTSc: certificate subject name: /CN=pi3.rellim.
2019-04-02T15:33:02 ntpd[12998]: NTSc: certificate issuer name: /C=US/O=Let's En
crypt/CN=Let's Encrypt Authority X3
2019-04-02T15:33:02 ntpd[12998]: NTSc: certificate invalid: 20=>unable to get lo
cal issuer certificate
2019-04-02T15:33:02 ntpd[12998]: NTSc: NTS-KE req to pi3.rellim.com took 0.023 s
ec, fail
2019-04-02T15:33:02 ntpd[12998]: DNS: dns_check: processing pi3.rellim.com, 1, 2
2019-04-02T15:33:02 ntpd[12998]: DNS: dns_take_status: pi3.rellim.com=>error, 12

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190402/628fbae1/attachment.bin>

More information about the devel mailing list