[Git][NTPsec/ntpsec][master] Fix/tweak NTS error messages.
Hal Murray
gitlab at mg.gitlab.com
Tue Nov 12 03:49:36 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
7d8dec5b by Hal Murray at 2019-11-12T03:47:13Z
Fix/tweak NTS error messages.
There was no error message if ntpd couldn't open the cert file.
A few printed (null) rather than a hostname when the
name was numeric.
- - - - -
4 changed files:
- NEWS
- ntpd/ntp_dns.c
- ntpd/ntp_proto.c
- ntpd/nts.c
Changes:
=====================================
NEWS
=====================================
@@ -12,6 +12,11 @@ on user-visible changes.
== Repository head ==
+Fix bug in NTS-KE client so that NTP server names work.
+
+Fix/tweak several NTS logging messages.
+
+
== 2019-09-02: 1.1.7 ==
The numeric literal argument of the 'time1' fudge option on a clock
=====================================
ntpd/ntp_dns.c
=====================================
@@ -45,7 +45,9 @@ static struct addrinfo *answer;
static void* dns_lookup(void* arg);
-
+/* Initially, this was only used for DNS where pp=>hostname was valid.
+ * With NTS, it also gets used for numerical IP Addresses.
+ */
bool dns_probe(struct peer* pp)
{
int rc;
@@ -91,10 +93,14 @@ void dns_check(void)
{
int rc;
struct addrinfo *ai;
+ const char *hostname = active->hostname;
DNS_Status status;
+ if (NULL == hostname) {
+ hostname = socktoa(&active->srcadr);
+ }
msyslog(LOG_INFO, "DNS: dns_check: processing %s, %x, %x",
- active->hostname, active->cast_flags, (unsigned int)active->cfg.flags);
+ hostname, active->cast_flags, (unsigned int)active->cfg.flags);
rc = pthread_join(worker, NULL);
if (0 != rc) {
=====================================
ntpd/ntp_proto.c
=====================================
@@ -2463,8 +2463,14 @@ dns_take_pool(
* (API is broken, no way to get TTL)
*/
void dns_take_status(struct peer* peer, DNS_Status status) {
- const char *txt;
uint8_t hpoll = peer->hpoll;
+ const char *txt;
+ const char *hostname = peer->hostname;
+
+ if (NULL == hostname) {
+ hostname = socktoa(&peer->srcadr);
+ }
+
if (hpoll < 8)
hpoll = 8; /* min retry: 256 seconds, ~5 min */
switch (status) {
@@ -2503,7 +2509,7 @@ void dns_take_status(struct peer* peer, DNS_Status status) {
(MDF_UCAST & peer->cast_flags) && !(FLAG_LOOKUP & peer->cfg.flags))
hpoll = 0; /* server: no more */
msyslog(LOG_INFO, "DNS: dns_take_status: %s=>%s, %d",
- peer->hostname, txt, hpoll);
+ hostname, txt, hpoll);
if (0 == hpoll)
return; /* hpoll already in use by new server */
peer->hpoll = hpoll;
=====================================
ntpd/nts.c
=====================================
@@ -242,6 +242,7 @@ void nts_reload_certificate(SSL_CTX *ctx) {
bool nts_load_certificate(SSL_CTX *ctx) {
const char *cert = NTS_CERT_FILE;
const char *key = NTS_KEY_FILE;
+ char errbuf[100];
if (NULL != ntsconfig.cert)
cert = ntsconfig.cert;
@@ -249,8 +250,11 @@ bool nts_load_certificate(SSL_CTX *ctx) {
key = ntsconfig.key;
/* for reload checking */
- if (0 != stat(cert, &certfile_stat))
+ if (0 != stat(cert, &certfile_stat)) {
+ ntp_strerror_r(errno, errbuf, sizeof(errbuf));
+ msyslog(LOG_ERR, "NTSs: can't stat certificate (chain) from %s: %s", cert, errbuf);
return false;
+ }
if (1 != SSL_CTX_use_certificate_chain_file(ctx, cert)) {
msyslog(LOG_ERR, "NTSs: can't load certificate (chain) from %s", cert);
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/7d8dec5b5ec8a37cfde93cb9c36776b7751b5a4a
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/7d8dec5b5ec8a37cfde93cb9c36776b7751b5a4a
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20191112/747c9210/attachment-0001.htm>
More information about the vc
mailing list