NTS: removed "not implemented" on server ca

Hal Murray hmurray at megapathdsl.net
Tue Apr 2 23:10:35 UTC 2019

> If nts in on the server line, any failure should be fatal.

If the "nts" is after the error, the parser won't see it.

>> You can switch the log file from the command line.
> I'd prefer a sane default. 

The default is syslog.

I think most distros have some way to split the syslog stuff into various 
piles (files).

> On that note, when NTS returns "pi3.rellim.com", how do I tell NTPD to use
> the IPv4 or IPv6? 

That's what the -4 or -6 after "server" does.  Works for NTS the same way it 
does for DNS.

> Also, still broken for me when the fullchain.pem is in /tmp:

No (easy/reasonable) way that I know of to fix that.  The API I'm using works 
with root certs.

> Well, I don't have one.  Remember, LE has no "the root cert". 

Sure it does.  It's already installed on your system so the normal case works.

> Well, that is wrong.  I want a cert in the chain of the server I'm trying to
> NTS to.  Specifically NOT a system root cert. 

Sorry.  I don't see how to provide that.

These are my opinions.  I hate spam.

More information about the devel mailing list