[Git][NTPsec/ntpsec][master] Implement and document nts noval in config.
Eric S. Raymond
gitlab at mg.gitlab.com
Sat Feb 2 04:43:34 UTC 2019
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
c3ffb8a5 by Eric S. Raymond at 2019-02-02T04:43:24Z
Implement and document nts noval in config.
- - - - -
5 changed files:
- docs/includes/assoc-options.adoc
- include/nts.h
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
Changes:
=====================================
docs/includes/assoc-options.adoc
=====================================
@@ -74,14 +74,23 @@
+nts+::
Use Network Time Security for authentication and encryption.
- Request key exchange from the NTP server.
+ Request key exchange from the NTP server. Following options
+ are revelevant only for nts peers, and are thus tagged with 'nts'.
+ that can be omitted when the option is given.
-+nts ask+ 'servername'::
++nts ask+ 'address'::
Use Network Time Security for authentication and encryption.
Ask for a specific NTS server, which may differ from the NTP server.
+ The +address_ may be a hostname, a FQDN, an IPv4 numeric address, an
+ IPv6 numeric addresa (in square brackets). Address may have the suffix
+ +:port+ to specify a UDP port.
-+nts require+ 'servername'::
++nts require+ 'address'::
Use Network Time Security for authentication and encryption.
Require a specific NTS server, which may differ from the NTP server.
+ Address syntax is as for +ask+.
+
++nts noval::
+ Do not validate the server certificate.
// end
=====================================
include/nts.h
=====================================
@@ -10,6 +10,7 @@
#define FLAG_NTS 0x01u /* use NTS (network time security) */
#define FLAG_NTS_ASK 0x02u /* NTS, ask for specified server */
#define FLAG_NTS_REQ 0x04u /* NTS, ask for specified server */
+#define FLAG_NTS_NOVAL 0x08u /* do not validate the server certificate */
/* Configuration data for an NTS association */
struct ntscfg_t {
=====================================
ntpd/keyword-gen.c
=====================================
@@ -199,6 +199,7 @@ struct key_tok ntp_keywords[] = {
{ "nts", T_Nts, FOLLBY_TOKEN },
{ "ask", T_Ask, FOLLBY_STRING },
{ "require", T_Require, FOLLBY_STRING },
+{ "noval", T_Noval, FOLLBY_TOKEN },
};
typedef struct big_scan_state_tag {
=====================================
ntpd/ntp_config.c
=====================================
@@ -628,6 +628,10 @@ create_peer_node(
my_node->ctl.flags |= FLAG_NOSELECT;
break;
+ case T_Noval:
+ my_node->ctl.nts_cfg.flags |= FLAG_NTS_NOVAL;
+ break;
+
case T_Nts:
my_node->ctl.nts_cfg.flags |= FLAG_NTS;
break;
=====================================
ntpd/ntp_parser.y
=====================================
@@ -155,6 +155,7 @@
%token <Integer> T_Noserve
%token <Integer> T_Notrap
%token <Integer> T_Notrust
+%token <Integer> T_Noval
%token <Integer> T_Ntp
%token <Integer> T_Ntpport
%token <Integer> T_NtpSignDsocket
@@ -405,6 +406,7 @@ option_flag_keyword
: T_Burst
| T_Iburst
| T_Noselect
+ | T_Noval
| T_Nts
| T_Prefer
| T_True
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/c3ffb8a5befc0fb9bbe03f7a492a3b79cf4a7e6e
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/c3ffb8a5befc0fb9bbe03f7a492a3b79cf4a7e6e
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190202/73264606/attachment-0001.html>
More information about the vc
mailing list