CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/02/09 23:40:08
Modified files:
etc/examples : ntpd.conf
usr.sbin/ntpd : Makefile client.c config.c control.c ntp.c
ntpctl.8 ntpd.c ntpd.conf.5 ntpd.h parse.y
util.c
Added files:
usr.sbin/ntpd : constraint.c
Log message:
Add support for "constraints": when configured, ntpd(8) will query the
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
