(I found some more notes...)
We should test the config file stuff to see that all the options at least get past the parser. Better would be to actually run the code. We should check FIPS mode. Do any of the CI options include FIPS? I got half way there by building OpenSSL to include FIPS mode but I haven't made the config file to use it. I'd like a script that checks the certificates. When do they expire? I'd like a script that finds out who signed a certificate and pokes around in my local certificate collection and tells me a filename so I can add that to a server line in the config file. The idea is to make sure that we are using the right root-cert rather than one from a CA that was arm twisted by your local repressive govt or broken into by the KBG or NSA. I'd like some code that goes through the NTS-KE dance and prints the answer. Extra credit if it can request various options. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
