Hal Murray via devel writes: > I think we can implement pinning with the current code. > > We need a script to fetch the certificate, follow the chain to see which root > certificate it is using, find that certificate in the local root cert > collection, and copy it to a safe place.
That doesn't do pinning, it reduces the source of trust anchors to just a single one. > Then adjust ntp.conf to include ca <safe place> > ntpd will use that cert to verify the chain. That works only if no other cert chain needs to be validated. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf microQ V2.22R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
