[Git][NTPsec/ntpsec][master] Implent and document enclair.
Eric S. Raymond
gitlab at mg.gitlab.com
Sun Feb 3 10:38:12 UTC 2019
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
1d0a3eca by Eric S. Raymond at 2019-02-03T10:37:37Z
Implent and document enclair.
- - - - -
7 changed files:
- docs/asciidoc.include
- docs/includes/auth-commands.adoc
- include/nts.h
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
- ntpd/nts.c
Changes:
=====================================
docs/asciidoc.include
=====================================
@@ -24,4 +24,5 @@
:ntpwaitman: ntpwait(8)
:ntpdigman: ntpdig(1)
:ntpvizman: ntpviz(1)
+:ntsdman: ntsd(8)
=====================================
docs/includes/auth-commands.adoc
=====================================
@@ -36,7 +36,7 @@ The following command controls NTS authentication. It overrides
normal TLS protocol negotiation, which is not usually necessary.
[[crypto]]
-+crypto+ [+mintls+ _version_] [+maxtls+ _version_]
++crypto+ [+mintls+ _version_] [+maxtls+ _version_] [+enclair+]
The options are as follows:
@@ -48,6 +48,12 @@ The options are as follows:
Set the highest allowable TLS version to negotiate. By setting
mintls and maxtls equal you can force the TLS version for testing.
++enclair+ _bool_::
+ Turning this on disables crypto. Code requiring installed
+ certificates is bypassed. Useful for testing if you have a
+ cooperating implementation on the other end that can also
+ disable crypto. {ntsdman} will do this.
+
The following options of the +server+ command configure NTS.
+nts+::
=====================================
include/nts.h
=====================================
@@ -13,7 +13,8 @@
#define FLAG_NTS_NOVAL 0x08u /* do not validate the server certificate */
extern float mintls; /* minimum TLS version allowed */
-extern float maxtls; /* force this version for testing */
+extern float maxtls; /* maximum TLS version allowed */
+extern bool enclair; /* if on, disable TLS and talk en clair */
/* Configuration data for an NTS association */
struct ntscfg_t {
=====================================
ntpd/keyword-gen.c
=====================================
@@ -206,6 +206,7 @@ struct key_tok ntp_keywords[] = {
{ "crypto", T_Crypto, FOLLBY_TOKEN },
{ "mintls", T_Mintls, FOLLBY_TOKEN },
{ "maxtls", T_Maxtls, FOLLBY_TOKEN },
+{ "enclair", T_Enclair, FOLLBY_TOKEN },
};
typedef struct big_scan_state_tag {
=====================================
ntpd/ntp_config.c
=====================================
@@ -2001,6 +2001,9 @@ config_crypto(
mintls = crypto->value.d;
break;
+ case T_Enclair:
+ enclair = (bool)crypto->value.i;
+ break;
}
}
}
=====================================
ntpd/ntp_parser.y
=====================================
@@ -79,6 +79,7 @@
%token <Integer> T_Driftfile
%token <Integer> T_Drop
%token <Integer> T_Dscp
+%token <Integer> T_Enclair
%token <Integer> T_Expire
%token <Integer> T_Ellipsis /* "..." not "ellipsis" */
%token <Integer> T_Enable
@@ -1122,6 +1123,8 @@ crypto_option_list
crypto_option
: crypto_option_keyword number
{ $$ = create_attr_dval($1, $2); }
+ | T_Enclair boolean
+ { $$ = create_attr_ival($1, 1); }
;
crypto_option_keyword
=====================================
ntpd/nts.c
=====================================
@@ -16,7 +16,8 @@
#include "ntpd.h"
float mintls = 1.2; /* minimum TLS version allowed */
-float maxtls; /* force this version for testing */
+float maxtls; /* maximum TLS version allowed */
+bool enclair; /* if on, disable TLS and talk en clair */
/* By design, there is no per-client-side state on the server */
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/1d0a3eca8a4fe6cc4b9de5ac27cb3be37cbdf8fc
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/1d0a3eca8a4fe6cc4b9de5ac27cb3be37cbdf8fc
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190203/8d31db46/attachment-0001.html>
More information about the vc
mailing list