Yo Hal! > At least it is no longer silently failing to insecure, now it is just > silently failing.
Following up on my last post. 2 minutes and 30 seconds later, I finally got
this in my ntp.log:
2019-04-02T14:11:19 ntpd[10524]: DNS: dns_probe: pi3.rellim.com, cast_flags:1, f
lags:21801
2019-04-02T14:11:19 ntpd[10524]: NTSc: DNS lookup of pi3.rellim.com took 0.000 s
ec
2019-04-02T14:11:19 ntpd[10524]: NTSc: nts_probe connecting to pi3.rellim.com:12
3 => 204.17.205.23:123
2019-04-02T14:11:19 ntpd[10524]: NTSc: Using dir /tmp for root certificates.
2019-04-02T14:11:19 ntpd[10524]: NTSc: set cert host: pi3.rellim.com
2019-04-02T14:11:19 ntpd[10524]: NTSc: Using TLSv1.2, AES256-GCM-SHA384 (256)
2019-04-02T14:11:19 ntpd[10524]: NTSc: certificate subject name: /CN=pi3.rellim.
com
2019-04-02T14:11:19 ntpd[10524]: NTSc: certificate issuer name: /C=US/O=Let's En
crypt/CN=Let's Encrypt Authority X3
2019-04-02T14:11:19 ntpd[10524]: NTSc: certificate invalid: 20=>unable to get lo
cal issuer certificate
2019-04-02T14:11:19 ntpd[10524]: NTSc: NTS-KE req to pi3.rellim.com took 0.023 s
ec, fail
2019-04-02T14:11:19 ntpd[10524]: DNS: dns_check: processing pi3.rellim.com, 1, 2
1801
2019-04-02T14:11:19 ntpd[10524]: DNS: dns_take_status: pi3.rellim.com=>error, 12
So it does report something, just not what it should. "ca" should not need
a "root" or "issuer" cert to work.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpMm_ancb9Lt.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
