[Git][NTPsec/ntpsec][master] Implement nts ca and cert options in parser.
Eric S. Raymond
gitlab at mg.gitlab.com
Sat Feb 2 20:26:57 UTC 2019
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
45a1e3cb by Eric S. Raymond at 2019-02-02T20:26:16Z
Implement nts ca and cert options in parser.
- - - - -
6 changed files:
- devel/nts.adoc
- docs/includes/assoc-options.adoc
- include/nts.h
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
Changes:
=====================================
devel/nts.adoc
=====================================
@@ -248,11 +248,6 @@ Eventually, look into how openssl-ciphers does this and autoconfigure.
Per-server options now implemented in the config parser are now
described in docs/includes/assoc-options.txt
-*cert [file]* Present the certificate in *file* as our client certificate
-
-*ca [location]* Use the file, or directory, specified by *location* to
-validate the NTS-KE server certificate. Do not use any other CA.
-
== NTS-KE Server Configuration parameters ==
== TLS Options ==
=====================================
docs/includes/assoc-options.adoc
=====================================
@@ -98,4 +98,12 @@
How long to use a secured NTP association before rekeying with the
NTS-KE server.
++nts cert +file+::
+ Present the certificate in +file+ as our client certificate
+
++nts ca+ +location+::
+ Use the file, or directory, specified by +location+ to
+ validate the NTS-KE server certificate. Do not use any other CA.
+
+
// end
=====================================
include/nts.h
=====================================
@@ -15,6 +15,8 @@
/* Configuration data for an NTS association */
struct ntscfg_t {
char *server; /* if NUL, use the peer itself (normal case) */
+ char *ca; /* if NUL, use the system default (normal case) */
+ char *cert; /* if NUL, use the system default (normal case) */
uint32_t flags;
uint32_t expire;
};
=====================================
ntpd/keyword-gen.c
=====================================
@@ -201,6 +201,8 @@ struct key_tok ntp_keywords[] = {
{ "require", T_Require, FOLLBY_STRING },
{ "noval", T_Noval, FOLLBY_TOKEN },
{ "expire", T_Expire, FOLLBY_TOKEN },
+{ "cert", T_Cert, FOLLBY_TOKEN },
+{ "ca", T_Ca, FOLLBY_TOKEN },
};
typedef struct big_scan_state_tag {
=====================================
ntpd/ntp_config.c
=====================================
@@ -650,6 +650,14 @@ create_peer_node(
my_node->ctl.nts_cfg.expire = option->value.u;
break;
+ case T_Ca:
+ my_node->ctl.nts_cfg.ca = option->value.s;
+ break;
+
+ case T_Cert:
+ my_node->ctl.nts_cfg.cert = option->value.s;
+ break;
+
case T_Minpoll:
if (option->value.i < NTP_MINPOLL ) {
msyslog(LOG_INFO,
=====================================
ntpd/ntp_parser.y
=====================================
@@ -61,7 +61,9 @@
%token <Integer> T_Bias
%token <Integer> T_Burst
%token <Integer> T_Calibrate
+%token <Integer> T_Ca
%token <Integer> T_Ceiling
+%token <Integer> T_Cert
%token <Integer> T_Clock
%token <Integer> T_Clockstats
%token <Integer> T_Cohort
@@ -462,6 +464,10 @@ option_string
{ $$ = create_attr_sval($1, $2); }
| T_Require T_String
{ $$ = create_attr_sval($1, $2); }
+ | T_Ca T_String
+ { $$ = create_attr_sval($1, $2); }
+ | T_Cert T_String
+ { $$ = create_attr_sval($1, $2); }
;
option_double_keyword
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/45a1e3cbb9227e368600715e05b1f26c105e85c1
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/45a1e3cbb9227e368600715e05b1f26c105e85c1
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190202/92bdbe68/attachment-0001.html>
More information about the vc
mailing list