Fw: [Git][NTPsec/ntpsec][master] Implement and document nts noval in config.

Gary E. Miller via devel Fri, 01 Feb 2019 21:31:19 -0800

Yo Eric!

 +nts+::
   Use Network Time Security for authentication and encryption.
-  Request key exchange from the NTP server.
+  Request key exchange from the NTP server.  Following options
+  are revelevant only for nts peers, and are thus tagged with 'nts'.
+  that can be omitted when the option is given.
 
That is just confusing.  Dispensing with the nts keyword makes it
hard to tell what is going on...


And you'll need to tag the other keywords that do not apply, and the
options that changed their meaning.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        g...@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin

Title: GitLab

Eric S. Raymond pushed to branch master at NTPsec / ntpsec

Commits:

c3ffb8a5
by Eric S. Raymond at 2019-02-02T04:43:24Z
```
Implement and document nts noval in config.
```

Changes:

docs/includes/assoc-options.adoc

@@ -74,14 +74,23 @@
  +nts+::
    Use Network Time Security for authentication and encryption.
 -  Request key exchange from the NTP server.
 +  Request key exchange from the NTP server.  Following options
 +  are revelevant only for nts peers, and are thus tagged with 'nts'.
 +  that can be omitted when the option is given.
 -+nts ask+ 'servername'::
 ++nts ask+ 'address'::
    Use Network Time Security for authentication and encryption.
    Ask for a specific NTS server, which may differ from the NTP server.
 +  The +address_ may be a hostname, a FQDN, an IPv4 numeric address, an
 +  IPv6 numeric addresa (in square brackets).  Address may have the suffix
 +  +:port+ to specify a UDP port.
 -+nts require+ 'servername'::
 ++nts require+ 'address'::
    Use Network Time Security for authentication and encryption.
    Require a specific NTS server, which may differ from the NTP server.
 +  Address syntax is as for +ask+.
++
 ++nts noval::
 +  Do not validate the server certificate.
  // end

include/nts.h

@@ -10,6 +10,7 @@
  #define FLAG_NTS	0x01u	/* use NTS (network time security) */
  #define FLAG_NTS_ASK	0x02u	/* NTS, ask for specified server */
  #define FLAG_NTS_REQ	0x04u	/* NTS, ask for specified server */
 +#define FLAG_NTS_NOVAL	0x08u	/* do not validate the server certificate */
  /* Configuration data for an NTS association */
  struct ntscfg_t {

ntpd/keyword-gen.c

@@ -199,6 +199,7 @@ struct key_tok ntp_keywords[] = {
  { "nts",		T_Nts,			FOLLBY_TOKEN },
  { "ask",		T_Ask,			FOLLBY_STRING },
  { "require",		T_Require,		FOLLBY_STRING },
 +{ "noval",		T_Noval,		FOLLBY_TOKEN },
  };
  typedef struct big_scan_state_tag {

ntpd/ntp_config.c

@@ -628,6 +628,10 @@ create_peer_node(
  				my_node->ctl.flags |= FLAG_NOSELECT;
  				break;
 +			case T_Noval:
 +				my_node->ctl.nts_cfg.flags |= FLAG_NTS_NOVAL;
 +				break;
++
  			case T_Nts:
  				my_node->ctl.nts_cfg.flags |= FLAG_NTS;
  				break;

ntpd/ntp_parser.y

@@ -155,6 +155,7 @@
  %token	<Integer>	T_Noserve
  %token	<Integer>	T_Notrap
  %token	<Integer>	T_Notrust
 +%token	<Integer>	T_Noval
  %token	<Integer>	T_Ntp
  %token	<Integer>	T_Ntpport
  %token	<Integer>	T_NtpSignDsocket
@@ -405,6 +406,7 @@ option_flag_keyword
  	:	T_Burst
  	|	T_Iburst
  	|	T_Noselect
 +	|	T_Noval
  	|	T_Nts
  	|	T_Prefer
  	|	T_True

_______________________________________________
vc mailing list
v...@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/vc

pgpJF1f6RM5iJ.pgp
Description: OpenPGP digital signature

_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel

Fw: [Git][NTPsec/ntpsec][master] Implement and document nts noval in config.

Eric S. Raymond pushed to branch master at NTPsec / ntpsec

Commits:

5 changed files:

Changes:

Reply via email to