NTS: removed "not implemented" on server ca

Gary E. Miller gem at rellim.com
Wed Apr 3 21:33:52 UTC 2019

Yo Richard!

On Wed, 3 Apr 2019 15:54:39 -0500
Richard Laager via devel <devel at ntpsec.org> wrote:

> On 4/3/19 3:20 PM, Gary E. Miller via devel wrote:
> >> Does it work with "ca chain.pem" (specifying a file, as opposed to
> >> a directory)? If you already tested this earlier in the thread and
> >> I missed it, ignore me.  
> > I just tried it, no joy.  The cert.pem that worked when I hashed it
> > and "ca /tmp" does not work with "ca /tmp/cert.pem".  
> cert.pem did not work (and was not expected to work).

Sorry, I mistyped.  It was chain.pem that failed failed.

> chain.pem
> worked. Did you test with "ca /tmp/cert.pem" or "ca /tmp/chain.pem"?
> The former should not work, while the latter should (and needs
> testing).

So, more methodically, using this prefix:

server -4 pi3.rellim.com nts maxpoll 5

Fail - ca /tmp/cert.pem
Fail - ca /tmp/chain.pem
Fail - ca /tmp/fullchain.pem
Fail - ca /tmp           - with hash for cert.pem
Fail - ca /tmp           - with hash for chain.pem
Fail - ca /tmp/ISRG_Root_X1.pem       - the LE root
Fail - ca /tmp           - with hash for ISRG_Root_X1.pem
Fail - ca /tmp/letsencryptauthorityx3.pem       - LE intermediate
Fail - ca /tmp/lets-encrypt-x3-cross-signed.pem - LE cross intermediate
Fail - ca /tmp           _ all the above hashed

That is zero for ten...

I can't say why the results differ from previous tests.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190403/5be78870/attachment.bin>

More information about the devel mailing list