NTS: removed "not implemented" on server ca
Gary E. Miller
gem at rellim.com
Wed Apr 3 20:20:09 UTC 2019
Yo Richard!
On Wed, 3 Apr 2019 00:35:07 -0500
Richard Laager via devel <devel at ntpsec.org> wrote:
> > If I delete the hash to chain.pem then it fails again. So the hash
> > to cert.pem does not help.
>
> Perfect. That's exactly how it should work. The "ca" option specifies
> CAs, not end certificates.
Fine, but I want and need a way to anchor to end certificates.
> Does it work with "ca chain.pem" (specifying a file, as opposed to a
> directory)? If you already tested this earlier in the thread and I
> missed it, ignore me.
I just tried it, no joy. The cert.pem that worked when I hashed it
and "ca /tmp" does not work with "ca /tmp/cert.pem".
>
> > Of the things I'd like to force, cert.pem is
> > the top of my list.
>
> Pinning the end cert is a separate issue.
Yes, but what I want is in addition, or in place of, pinning.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190403/270f616f/attachment.bin>
More information about the devel
mailing list