Yo Hal! On Fri, 08 Mar 2019 19:03:06 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> > Here's a proposal off the top of my head: > > 1) server private key = SYSCONFDIR/ntp/nts.key > > 2) server certificate = SYSCONFDIR/ntp/nts.crt > > 3) cookie key file = LOCALSTATEDIR/lib/ntpkeys > > We would have to add things like SYSCONFDIR to config.h. Yup. waf already has support for it: https://waf.io/apidocs/tools/gnu_dirs.html?highlight=sysconfdir Sadly, they follow the GNU, not FHS, standard. We could live with that... > The certificate and private key should probably have a pem suffix > and/or maybe I need to add code to support other formats. Some info here: https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file Easy to convert to/from other formats, but .pem seems to be the big one. I could live with just .pem. A .key is just a .pem which has just a key. .p12 looks interesting, but I've never seen it in practice. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpTBlG9jjCwj.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
