[Git][NTPsec/ntpsec][master] Config support for nts expire.
Eric S. Raymond
gitlab at mg.gitlab.com
Sat Feb 2 10:21:25 UTC 2019
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
57b20fae by Eric S. Raymond at 2019-02-02T10:20:25Z
Config support for nts expire.
- - - - -
6 changed files:
- devel/nts.adoc
- docs/includes/assoc-options.adoc
- include/nts.h
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
Changes:
=====================================
devel/nts.adoc
=====================================
@@ -240,16 +240,17 @@ New options for an NTS client:
*ntpport YYY* Request an NTPD server on UDP port YYY.
-*ask [address]* Request a particular NTPD server, but do not require
-it. [address] is an ASCII-encoded [ANSI.X3-4.1986] string conforming to
-the syntax of the Host subcomponent of a URI (Section 3.2.2 of RFC3986).
-*address* may be a hostname, a FQDN, an IPv4 numeric address, an IPv6
-numeric address (in square brackets).
+*ask [address]* (IMPLEMENTED) Request a particular NTPD server, but do
+not require it. [address] is an ASCII-encoded [ANSI.X3-4.1986] string
+conforming to the syntax of the Host subcomponent of a URI (Section
+3.2.2 of RFC3986). *address* may be a hostname, a FQDN, an IPv4
+numeric address, an IPv6 numeric address (in square brackets).
-*require [address]* Require a particular NTPD server, fail if it is not
-the NTPD sevver address returned. Otherwise same as *ask*.
+*require [address]* (IMPLEMENTED) Require a particular NTPD server,
+fail if it is not the NTPD sevver address returned. Otherwise same as
+*ask*.
-*noval* do not validate the server certificate
+*noval* (IMPLEMENTED) Do not validate the server certificate
*cert [file]* Present the certificate in *file* as our client certificate
@@ -270,8 +271,8 @@ separately as OpenSSL needs them separately.
*ntpciphers [list]* List of ciphers to negotiate, in prefered order for
the NTPD connection. The server must support AEAD_AES_SIV_CMAC_256.
-*expire [seconds]* How long to use an NTPD association before rekeying
-with the NTS-KE server.
+*expire [seconds]* (IMPLEMENTED) How long to use an NTPD association
+before rekeying with the NTS-KE server.
== NTS-KE Server Configuration parameters ==
=====================================
docs/includes/assoc-options.adoc
=====================================
@@ -93,4 +93,7 @@
+nts noval::
Do not validate the server certificate.
++nts expire::
+ Do not validate the server certificate.
+
// end
=====================================
include/nts.h
=====================================
@@ -16,6 +16,7 @@
struct ntscfg_t {
char *server;
uint32_t flags;
+ uint32_t expire;
};
/* Client-side state per connection to server */
=====================================
ntpd/keyword-gen.c
=====================================
@@ -200,6 +200,7 @@ struct key_tok ntp_keywords[] = {
{ "ask", T_Ask, FOLLBY_STRING },
{ "require", T_Require, FOLLBY_STRING },
{ "noval", T_Noval, FOLLBY_TOKEN },
+{ "expire", T_Expire, FOLLBY_TOKEN },
};
typedef struct big_scan_state_tag {
=====================================
ntpd/ntp_config.c
=====================================
@@ -646,6 +646,10 @@ create_peer_node(
}
break;
+ case T_Expire:
+ my_node->ctl.nts_cfg.expire = option->value.u;
+ break;
+
case T_Minpoll:
if (option->value.i < NTP_MINPOLL ) {
msyslog(LOG_INFO,
=====================================
ntpd/ntp_parser.y
=====================================
@@ -76,6 +76,7 @@
%token <Integer> T_Driftfile
%token <Integer> T_Drop
%token <Integer> T_Dscp
+%token <Integer> T_Expire
%token <Integer> T_Ellipsis /* "..." not "ellipsis" */
%token <Integer> T_Enable
%token <Integer> T_End
@@ -429,7 +430,8 @@ option_int
;
option_int_keyword
- : T_Key
+ : T_Expire
+ | T_Key
| T_Minpoll
| T_Maxpoll
| T_Mode
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/57b20fae7d2ee708bf213c00be98e2b44620a691
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/57b20fae7d2ee708bf213c00be98e2b44620a691
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190202/877f22eb/attachment-0001.html>
More information about the vc
mailing list