$TTL 86400
@ IN SOA thyrsus.com. root.thyrsus.com. (
8 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
;; Her
Step one is to get nts_probe() far enough along to check certificates. This
is mostly copying over the details from my hack client and making it build on
older versions of OpenSSL.
We can test that code in ntpd by testing the NTS flag just before the current
code tests the DNS flag and calli
Yo Richard!
On Fri, 08 Feb 2019 00:26:27 +
Matt Selsky via vc wrote:
> dc2827a3 by Richard Laager at 2019-02-07T18:42:59Z
> nts.adoc: Make AEAD_AES_SIV_CMAC_256 not implicit
>
> If the user specifies a NTPCipherSuite string, they need to include
> AEAD_AES_SIV_CMAC_256 if they want it. Oth
Hal Murray :
>
> > Do you want me to write those?
>
> They are second on my list. If you do it, it will save me time.
OK. Got kung fu class tonight, but I'll work on them.
--
http://www.catb.org/~esr/";>Eric S. Raymond
My work is funded by the Internet Civil Engineering Insti
> Do you want me to write those?
They are second on my list. If you do it, it will save me time.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
matthew.sel...@twosigma.com said:
>> Has anybody tried tests/option-tester.sh on macos?
> I haven't, but that wouldn't have helped here. The CI system caught it in
> the first commit (yours) that broke it.
> I think this worked out the way that we intended.
Yes. I was wondering if option-tes
On 2/3/19 9:50 AM, Richard Laager wrote:
> On 2/3/19 12:34 AM, Richard Laager wrote:
> So, given the current design of the NTS cookie replacement algorithm,
> it's not going to be possible to _statelessly_ (which is a hard
> requirement) maintain a counter-based nonce.
I gave this some more thought
On Thu, Feb 07, 2019 at 05:28:33AM -0800, Hal Murray via devel wrote:
>
> I pushed the start of NTS-KE-client code, partly in order to find things like
> this.
>
>
> Job #157857979 (
> https://secure-web.cisco.com/16UbTIDf3-JpOVrQQQf2Lji3hOcnSngcm8aSRfJb9Y7vqNRqMTOrDAM-dEeUuENnnKgsbBlt5T1kxk0t
Hal Murray :
> I'd probably put an NTS_KE_ in front of all the record_types, IANA_ on the
> crypto list, and NTP_EX_ on the NTP extension types.
No objection from here.
> Maybe:
> ntp_append_record(&buffer-blk, type, length, &data, pad)
> It would byte-swap and append the type and length, copy
Hal Murray via devel :
>
> I pushed the start of NTS-KE-client code, partly in order to find things like
> this.
>
>
> Job #157857979 ( https://gitlab.com/NTPsec/ntpsec/-/jobs/157857979 )
>
> Stage: build
> Name: macos-basic
> Trace: "_res_9_init", referenced from:
> _open_TCP_socket i
Hal Murray :
>
> e...@thyrsus.com said:
> >> That program would probably be handy for debugging so maybe we should write
> >> it anyway.
>
> > This sounds like you volunteering to write and test the code.
>
> I added some ugly code to my hack client to generate a canned request, and
> similar
On 2/6/19 11:32 AM, Eric S. Raymond wrote:
> Please file this as an RFE, with some explanation of what
> get_some_date_thing()
> needs to be doing - I can't quite get it from this.
get_some_date_thing() was to convert to a time_t or ntp time or
something else we can compare. I dug into the implem
I pushed the start of NTS-KE-client code, partly in order to find things like
this.
Job #157857979 ( https://gitlab.com/NTPsec/ntpsec/-/jobs/157857979 )
Stage: build
Name: macos-basic
Trace: "_res_9_init", referenced from:
_open_TCP_socket in nts_client.c.1.o
ld: symbol(s) not found f
On Wed, Feb 06, 2019 at 10:31:39PM -0800, Hal Murray wrote:
>
> k...@roeckx.be said:
> > Please use 0 instead of TLS_MAX_VERSION, it means the same. I've marked
> > TLS_MAX_VERSION for deprecation.
>
> Thanks for the heads up.
>
> Is there any documentation on that? (man page?)
There is SSL_C
14 matches
Mail list logo
