NTS: config and initialization
Gary E. Miller
gem at rellim.com
Sat Mar 9 03:20:59 UTC 2019
Yo Hal!
On Fri, 08 Mar 2019 19:03:06 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> > Here's a proposal off the top of my head:
> > 1) server private key = SYSCONFDIR/ntp/nts.key
> > 2) server certificate = SYSCONFDIR/ntp/nts.crt
> > 3) cookie key file = LOCALSTATEDIR/lib/ntpkeys
>
> We would have to add things like SYSCONFDIR to config.h.
Yup. waf already has support for it:
https://waf.io/apidocs/tools/gnu_dirs.html?highlight=sysconfdir
Sadly, they follow the GNU, not FHS, standard. We could live with
that...
> The certificate and private key should probably have a pem suffix
> and/or maybe I need to add code to support other formats.
Some info here:
https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
Easy to convert to/from other formats, but .pem seems to be the big one.
I could live with just .pem.
A .key is just a .pem which has just a key.
.p12 looks interesting, but I've never seen it in practice.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190308/0221585f/attachment.bin>
More information about the devel
mailing list