Certificate pinning

Achim Gratz Stromeko at nexgo.de
Mon Nov 1 16:21:11 UTC 2021


Hal Murray via devel writes:
> I think we can implement pinning with the current code.
>
> We need a script to fetch the certificate, follow the chain to see which root 
> certificate it is using, find that certificate in the local root cert 
> collection, and copy it to a safe place.

That doesn't do pinning, it reduces the source of trust anchors to just a single one.

> Then adjust ntp.conf to include ca <safe place>
> ntpd will use that cert to verify the chain.

That works only if no other cert chain needs to be validated.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptation for Waldorf microQ V2.22R2:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada



More information about the devel mailing list