cloudflare refers NTS users to wrong page

Udo van den Heuvel udovdh at xs4all.nl
Fri Dec 13 11:45:35 UTC 2019


On 13-12-2019 12:37, Hal Murray wrote:
> Are you using a chroot jail?  If so, does it let ntpd see the root certs?

The chroot is the root cause I guess.
Thanks for tipping me abotu taht one.

I copied over /etc/pki to /chroot/ntpd/etc and stuff starts to see certs
and such:

Dec 13 12:42:57 sp2 ntpd[1589263]: NTSc: read 880 bytes
Dec 13 12:42:57 sp2 ntpd[1589263]: NTSc: Got 8 cookies, length 104, aead=15.
Dec 13 12:42:57 sp2 ntpd[1589263]: NTSc: NTS-KE req to ntp1.glypnod.com
took 0.659 sec, OK
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: DNS lookup of ntp2.glypnod.com
took 0.001 sec
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: nts_probe connecting to
ntp2.glypnod.com:123 => [2a03:b0c0:1:d0::1f9:f001]:123
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: Using TLSv1.3,
TLS_AES_256_GCM_SHA384 (256)
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: certificate subject name:
/CN=ntp2.glypnod.com
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: certificate issuer name:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: certificate is valid.
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: read 880 bytes
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: Got 8 cookies, length 104, aead=15.
Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: NTS-KE req to ntp2.glypnod.com
took 0.106 sec, OK

Looks better to me...

Thanks again for the tip!

Kind regards,
Udo


More information about the devel mailing list