[Git][NTPsec/ntpsec][master] 2 commits: Line disciple typo fix.

Eric S. Raymond gitlab at mg.gitlab.com
Sun Feb 3 19:54:01 UTC 2019 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
93ea0a5b by Eric S. Raymond at 2019-02-03T19:34:53Z
Line disciple typo fix.

- - - - -
d5697ae3 by Eric S. Raymond at 2019-02-03T19:52:38Z
Merge  a typo fix.

- - - - -


8 changed files:

- docs/includes/auth-commands.adoc
- include/ntp_tty.h
- include/nts.h
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
- ntpd/nts.c
- ntpd/refclock_modem.c


Changes:

=====================================
docs/includes/auth-commands.adoc
=====================================
@@ -49,10 +49,14 @@ The options are as follows:
   mintls and maxtls equal you can force the TLS version for testing.
 
 // https://crypto.stackexchange.com/questions/8964/sending-tls-messages-with-out-encryption-using-openssl-code
-+cipher+ _name_::
-  Disable normal cipher negotiation, forcing one by name. Intended
-  for testing.  The cipher "null" disables encryption.
-
++tlsciphers+ _string_::
+   An OpenSSL cipher list to configure the allowed ciphers for TLS
+   versions up to and including TLS 1.2. An empty string disables encryption.
+
++tlsciphersuites+ _string_::
+   An OpenSSL ciphersuite list to configure the allowed ciphersuites for
+   TLS 1.3. An empty string disables encryption.
+   
 The following options of the +server+ command configure NTS.
 
 +nts+::
@@ -66,7 +70,7 @@ The following options of the +server+ command configure NTS.
   for a specific NTS server, which may differ from the NTP server.
   Conforms to RFC3896 section 3.2.2 prescription for the Host part of
   a URI: that is, the +address_ may be a hostname, a FQDN, an IPv4
-  numeric address, an IPv6 numeric addresa (in square brackets).
+  numeric address, an IPv6 numeric address (in square brackets).
   Address may have the suffix +:port+ to specify a UDP port.
 
 +require+ 'address'::


=====================================
include/ntp_tty.h
=====================================
@@ -17,18 +17,18 @@
 #endif
 
 /*
- * Line discipline flags.  The depredated ones required line discipline
+ * Line discipline flags.  The deprecated ones required line discipline
  * or streams modules to be installed/loaded in the kernel and are now
  * ignored.  Leave the LDISC_CLK and other deprecated symbols defined
  * until 2013 or 2014 to avoid complicating the use of newer drivers on
  * older ntpd, which is often as easy as dropping in the refclock *.c.
  */
 #define LDISC_STD	0x000	/* standard */
-#define LDISC_CLK	0x001	/* depredated tty_clk \n */
-#define LDISC_CLKPPS	0x002	/* depredated tty_clk \377 */
-#define LDISC_ACTS	0x004	/* depredated tty_clk #* */
-#define LDISC_CHU	0x008	/* depredated */
-#define LDISC_PPS	0x010	/* depredated */
+#define LDISC_CLK	0x001	/* deprecated tty_clk \n */
+#define LDISC_CLKPPS	0x002	/* deprecated tty_clk \377 */
+#define LDISC_MODEM	0x004	/* deprecated tty_clk #* */
+#define LDISC_CHU	0x008	/* deprecated */
+#define LDISC_PPS	0x010	/* deprecated */
 #define LDISC_RAW	0x020	/* raw binary */
 #define	LDISC_REMOTE	0x080	/* remote mode */
 #define	LDISC_7O1	0x100	/* 7-bit, odd parity for Z3801A */


=====================================
include/nts.h
=====================================
@@ -14,7 +14,13 @@
 
 extern float mintls;		/* minimum TLS version allowed */
 extern float maxtls;		/* maximum TLS version allowed */
+<<<<<<< HEAD
+extern bool enclair;		/* if on, disable TLS and talk en clair */
+extern char *tlsciphers;	/* allowed TLS 1.2 ciphers */
+extern char *tlsciphersuites;	/* allowed TLS 1.3 ciphersuites */
+=======
 extern char *cipher;		/* force cipher; NULL for negotiation */
+>>>>>>> 0390a6ec28dcaa7371819f7c8e004f959937429e
 
 /* Configuration data for an NTS association */
 struct ntscfg_t {


=====================================
ntpd/keyword-gen.c
=====================================
@@ -206,7 +206,8 @@ struct key_tok ntp_keywords[] = {
 { "crypto",		T_Crypto,		FOLLBY_TOKEN },
 { "mintls",		T_Mintls,		FOLLBY_TOKEN },
 { "maxtls",		T_Maxtls,		FOLLBY_TOKEN },
-{ "cipher",		T_Cipher,		FOLLBY_STRING },
+{ "tlsciphers",		T_Tlsciphers,		FOLLBY_STRING },
+{ "tlsciphersuites",	T_Tlsciphersuites,	FOLLBY_STRING },
 };
 
 typedef struct big_scan_state_tag {


=====================================
ntpd/ntp_config.c
=====================================
@@ -2001,8 +2001,12 @@ config_crypto(
 		    	mintls = crypto->value.d;
 			break;
 
-		case T_Cipher:
-			cipher = estrdup(crypto->value.s);
+		case T_Tlsciphers:
+			tlsciphers = estrdup(crypto->value.s);
+			break;
+
+		case T_Tlsciphersuites:
+			tlsciphersuites = estrdup(crypto->value.s);
 			break;
 		}
 	}


=====================================
ntpd/ntp_parser.y
=====================================
@@ -69,7 +69,6 @@
 %token	<Integer>	T_Cohort
 %token	<Integer>	T_ControlKey
 %token	<Integer>	T_Crypto
-%token	<Integer>	T_Cipher
 %token	<Integer>	T_Ctl
 %token	<Integer>	T_Day
 %token	<Integer>	T_Default
@@ -211,6 +210,8 @@
 %token	<Integer>	T_Timer
 %token	<Integer>	T_Timingstats
 %token	<Integer>	T_Tinker
+%token	<Integer>	T_Tlsciphers
+%token	<Integer>	T_Tlsciphersuites
 %token	<Integer>	T_Tos
 %token	<Integer>	T_True
 %token	<Integer>	T_Trustedkey
@@ -1123,7 +1124,9 @@ crypto_option_list
 crypto_option
 	:	crypto_option_keyword number
 			{ $$ = create_attr_dval($1, $2); }
-	|	T_Cipher T_String
+	|	T_Tlsciphers T_String
+			{ $$ = create_attr_sval($1, $2); }
+	|	T_Tlsciphersuites T_String
 			{ $$ = create_attr_sval($1, $2); }
 	;
 


=====================================
ntpd/nts.c
=====================================
@@ -17,7 +17,8 @@
 
 float mintls = 1.2;		/* minimum TLS version allowed */
 float maxtls;			/* maximum TLS version allowed */
-char *cipher;			/* force cipher; NULL for negotiation */
+char *tlsciphers;		/* allowed TLS 1.2 ciphers */
+char *tlsciphersuites;		/* allowed TLS 1.3 ciphersuites */
 
 /* By design, there is no per-client-side state on the server */
 


=====================================
ntpd/refclock_modem.c
=====================================
@@ -515,7 +515,7 @@ modem_timeout(
 		snprintf(device, sizeof(device), DEVICE, up->unit);
 		fd = refclock_open(peer->cfg.path ? peer->cfg.path : device,
 				   peer->cfg.baud ? peer->cfg.baud : SPEED232,
-				   LDISC_ACTS | LDISC_RAW | LDISC_REMOTE);
+				   LDISC_MODEM | LDISC_RAW | LDISC_REMOTE);
 		if (fd < 0) {
 			msyslog(LOG_ERR, "REFCLOCK: modem: open fails %m");
 			return;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/0390a6ec28dcaa7371819f7c8e004f959937429e...d5697ae3d69a6da1648858dafc443d71cf6438a8

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/0390a6ec28dcaa7371819f7c8e004f959937429e...d5697ae3d69a6da1648858dafc443d71cf6438a8
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190203/1cd37314/attachment-0001.html>

More information about the vc mailing list