[Git][NTPsec/ntpsec][master] 2 commits: Keep compiler happy with OpenSSL 4.0

Tue Mar 24 08:59:39 UTC 2026


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
56ecf809 by Hal Murray at 2026-03-23T23:44:34-07:00
Keep compiler happy with OpenSSL 4.0

More work needed in ntpd/nts_client.c
  SSL_set1_host() has been deprecated

- - - - -
95b8bc15 by Hal Murray at 2026-03-24T01:55:26-07:00
Fix counting servers for maxclock
  It used to count the pool slots.
  This only matters if you use "tos maxclock" in your config file.
  (It now also skips servers configured with noselect.)

- - - - -


6 changed files:

- NEWS.adoc
- docs/miscopt.adoc
- include/ntpd.h
- ntpd/ntp_peer.c
- ntpd/ntp_proto.c
- ntpd/nts_client.c


Changes:

=====================================
NEWS.adoc
=====================================
@@ -12,6 +12,10 @@ on user-visible changes.
 
 ## Repository Head
 
+  maxclock now skips the POOL slots when counting servers.
+  This is relevant if you use "tos maxclock nn" in your config file.
+  (It also skips servers with noselect on the config line.)
+
   Major update to HPGPS driver
     Fix gps WNRO glitch in Z3801A
     "scpi >" eliminated from clockstats


=====================================
docs/miscopt.adoc
=====================================
@@ -46,11 +46,10 @@ include::includes/misc-options.adoc[]
     discovery schemes. The default is 10, which should typically be changed.
     This should be an odd number (to most effectively outvote
     link:ntpspeak.html[falsetickers]) typically two or three more than
-    +minclock+, plus the number of +pool+ entries.  The pool entries
-    must be added as +maxclock+, but not +minclock+, also counts the +pool+
-    entries themselves.  For example, +tos maxclock 11+ with four +pool+ lines
-    would keep 7 associations.  See the link:discover.html[Automatic Server
-    Discovery] page for further details.
+    +minclock+. [The slots created by pool config lines are no longer
+    counted.  Neither are noselect slots.)
+    See the link:discover.html[Automatic Server Discovery] page for
+    further details.
   +maxdist+ 'maxdistance';;
     Specify the synchronization distance threshold used by the clock
     selection algorithm. The default is 1.5 s. This determines both the


=====================================
include/ntpd.h
=====================================
@@ -395,7 +395,7 @@ extern struct peer *peer_list;		/* peer structures list */
 /*
  * Miscellaneous statistic counters which may be queried.
  */
-extern int	peer_associations;	/* mobilized associations */
+extern int peer_active;	/* Active clients, skip POOL slot and noselect */
 
 /* ntp_proto.c */
 /*


=====================================
ntpd/ntp_peer.c
=====================================
@@ -55,13 +55,14 @@ static associd_t initial_association_ID; /* association ID */
 /*
  * Miscellaneous statistic counters which may be queried.
  */
+int	peer_active;	/* active clients: skip POOL, noselect */
+
 static unsigned long	peer_timereset;		/* time stat counters zeroed */
 static unsigned long	findpeer_calls;		/* calls to findpeer */
 static unsigned long	assocpeer_calls;	/* calls to findpeerbyassoc */
 static unsigned long	peer_allocations;	/* allocations from free list */
 static unsigned long	peer_demobilizations;	/* structs freed to free list */
 static int		total_peer_structs;	/* peer structs */
-int			peer_associations;	/* mobilized associations */
 static int		peer_preempt;		/* preemptible associations */
 static struct peer init_peer_alloc[INIT_PEER_ALLOC]; /* init alloc */
 
@@ -423,7 +424,9 @@ unpeer(
 	unrestrict_source(peer);
 	set_peerdstadr(peer, NULL);
 	peer_demobilizations++;
-	peer_associations--;
+	if (!(FLAG_NOSELECT & peer->cfg.flags)
+	    && !(MDF_POOL & peer->cast_flags))
+		peer_active--;
 	if (FLAG_PREEMPT & peer->cfg.flags)
 		peer_preempt--;
 #ifdef REFCLOCK
@@ -605,7 +608,9 @@ newpeer(
 	}
 	UNLINK_HEAD_SLIST(peer, peer_free, p_link);
 	peer_free_count--;
-	peer_associations++;
+	if (!(FLAG_NOSELECT & peer->cfg.flags)
+	    && !(MDF_POOL & peer->cast_flags))
+		peer_active++;
 	if (FLAG_PREEMPT & ctl->flags)
 		peer_preempt++;
 


=====================================
ntpd/ntp_proto.c
=====================================
@@ -893,8 +893,8 @@ transmit(
 	 */
 	if (peer->cast_flags & MDF_POOL) {
 		peer->outdate = current_time;
-		if ((peer_associations <= 2 * sys_maxclock) &&
-		    (peer_associations < sys_maxclock ||
+		if ((peer_active <= 2 * sys_maxclock) &&
+		    (peer_active < sys_maxclock ||
 		     sys_survivors < sys_minclock))
 			if (!dns_probe(peer)) {
 			    /* DNS thread busy, try again soon */
@@ -986,7 +986,7 @@ transmit(
 				return;
 			}
 			if ((peer->cfg.flags & FLAG_PREEMPT) &&
-			    (peer_associations > sys_maxclock) &&
+			    (peer_active > sys_maxclock) &&
 			    score_all(peer)) {
 				msyslog(LOG_INFO, "Drop extra pool server %s",
 					socktoa(&peer->srcadr));
@@ -1334,7 +1334,7 @@ peer_clear(
 	 */
 	peer->nextdate = peer->update = peer->outdate = current_time;
 	if (initializing1) {
-		peer->nextdate += (unsigned long)peer_associations;
+		peer->nextdate += (unsigned long)peer_active;
 	} else {
 	    /*
 	     * Randomizing the next poll interval used to be done with


=====================================
ntpd/nts_client.c
=====================================
@@ -7,6 +7,10 @@
  * https://tools.ietf.org/html/rfc8915
  *
  */
+
+#define OPENSSL_SUPPRESS_DEPRECATED 1
+// SSL_set1_host is deprecated in 4.0
+
 #include "config.h"
 
 #include <ctype.h>
@@ -481,7 +485,8 @@ void set_hostname(SSL *ssl, const char *hostname) {
  * prohibited in an RFC
  */
 	SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
-	SSL_set1_host(ssl, host);
+/* FIXME FIXME FIXME */
+	SSL_set1_host(ssl, host);  /* DEPRECATED in OpenSSL 4.0 */
 	SSL_set_tlsext_host_name(ssl, host);
 	msyslog(LOG_DEBUG, "NTSc: set cert host: %s", host);
 
@@ -493,7 +498,7 @@ void set_hostname(SSL *ssl, const char *hostname) {
 
 bool check_certificate(SSL *ssl, struct peer* peer) {
 	X509 *cert = SSL_get_peer_certificate(ssl);
-	X509_NAME *certname;
+	const X509_NAME *certname;
 	GENERAL_NAMES *gens;
 	char name[200];
 	int certok;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/fd40e4b8ab0e3a364dff22bdd636f830ba697186...95b8bc1549ac4e6c3c8a1d5d58bbec5cfe316485

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/fd40e4b8ab0e3a364dff22bdd636f830ba697186...95b8bc1549ac4e6c3c8a1d5d58bbec5cfe316485
You're receiving this email because of your account on gitlab.com. Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20260324/2001d5b8/attachment-0001.htm>
