Fw: [Git][NTPsec/ntpsec][master] Implement nts ca and cert options in parser.

Gary E. Miller via devel Sat, 02 Feb 2019 12:31:27 -0800

Yo Eric!

     char *server;      /* if NUL, use the peer itself (normal case)
*/
+    char *ca;          /* if NUL, use the system default (normal
case) */
+    char *cert;                /* if NUL, use the system default


NULL, not NUL.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        g...@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin

Title: GitLab

Eric S. Raymond pushed to branch master at NTPsec / ntpsec

Commits:

45a1e3cb
by Eric S. Raymond at 2019-02-02T20:26:16Z
```
Implement nts ca and cert options in parser.
```

Changes:

devel/nts.adoc

@@ -248,11 +248,6 @@ Eventually, look into how openssl-ciphers does this and autoconfigure.
  Per-server options now implemented in the config parser are now
  described in docs/includes/assoc-options.txt
 -*cert [file]*  Present the certificate in *file* as our client certificate
+-
 -*ca [location]*  Use the file, or directory, specified by *location* to
 -validate the NTS-KE server certificate.  Do not use any other CA.
+-
  == NTS-KE Server Configuration parameters ==
  == TLS Options ==

docs/includes/assoc-options.adoc

@@ -98,4 +98,12 @@
    How long to use a secured NTP association before rekeying with the
    NTS-KE server.
 ++nts cert +file+::
 +  Present the certificate in +file+ as our client certificate
++
 ++nts ca+ +location+::
 +  Use the file, or directory, specified by +location+ to
 +  validate the NTS-KE server certificate.  Do not use any other CA.
++
++
  // end

include/nts.h

@@ -15,6 +15,8 @@
  /* Configuration data for an NTS association */
  struct ntscfg_t {
      char *server;	/* if NUL, use the peer itself (normal case) */
 +    char *ca;		/* if NUL, use the system default (normal case) */
 +    char *cert;		/* if NUL, use the system default (normal case) */
      uint32_t flags;
      uint32_t expire;
  };

ntpd/keyword-gen.c

@@ -201,6 +201,8 @@ struct key_tok ntp_keywords[] = {
  { "require",		T_Require,		FOLLBY_STRING },
  { "noval",		T_Noval,		FOLLBY_TOKEN },
  { "expire",		T_Expire,		FOLLBY_TOKEN },
 +{ "cert",		T_Cert,			FOLLBY_TOKEN },
 +{ "ca",			T_Ca,			FOLLBY_TOKEN },
  };
  typedef struct big_scan_state_tag {

ntpd/ntp_config.c

@@ -650,6 +650,14 @@ create_peer_node(
  		    my_node->ctl.nts_cfg.expire = option->value.u;
  		    break;
 +		case T_Ca:
 +		    my_node->ctl.nts_cfg.ca = option->value.s;
 +		    break;
++
 +		case T_Cert:
 +		    my_node->ctl.nts_cfg.cert = option->value.s;
 +		    break;
++
  		case T_Minpoll:
  			if (option->value.i < NTP_MINPOLL ) {
  				msyslog(LOG_INFO,

ntpd/ntp_parser.y

@@ -61,7 +61,9 @@
  %token	<Integer>	T_Bias
  %token	<Integer>	T_Burst
  %token	<Integer>	T_Calibrate
 +%token	<Integer>	T_Ca
  %token	<Integer>	T_Ceiling
 +%token	<Integer>	T_Cert
  %token	<Integer>	T_Clock
  %token	<Integer>	T_Clockstats
  %token	<Integer>	T_Cohort
@@ -462,6 +464,10 @@ option_string
  			{ $$ = create_attr_sval($1, $2); }
  	|	T_Require T_String
  			{ $$ = create_attr_sval($1, $2); }
 +	|	T_Ca T_String
 +			{ $$ = create_attr_sval($1, $2); }
 +	|	T_Cert T_String
 +			{ $$ = create_attr_sval($1, $2); }
+ 	;
  option_double_keyword

_______________________________________________
vc mailing list
v...@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/vc

pgpjy_2obPdAz.pgp
Description: OpenPGP digital signature

_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel

Fw: [Git][NTPsec/ntpsec][master] Implement nts ca and cert options in parser.

Eric S. Raymond pushed to branch master at NTPsec / ntpsec

Commits:

6 changed files:

Changes:

Reply via email to