Hal Murray via devel writes: >>> Does your testing include NTS? >> Only as client, and it doesn't work. > > Well, there isn't any reason to fix your initial problem if NTS doesn't > work.
It may not be fixable gtiven that libressl targets v2 ABI compatibility only, but then waf shouldn't accept it as a valid configuration either. Also, BSD will have this as a standard library instead of OpenSSL I think. > The client side does lots of logging. Is there anything interesting in > your logs? --8<---------------cut here---------------start------------->8--- Okt 18 22:38:24 Gertrud ntpd[55336]: NTSc: DNS lookup of ntp1.glypnod.com (0) took 0.043 sec Okt 18 22:38:24 Gertrud ntpd[55336]: NTSc: connecting to ntp1.glypnod.com+4460 => 104.131.155.175:4460 Okt 18 22:38:24 Gertrud ntpd[55336]: NTSc: set cert host: ntp1.glypnod.com Okt 18 22:38:25 Gertrud ntpd[55336]: NTSc: Using TLSv1.3, TLS_AES_256_GCM_SHA384 (256) Okt 18 22:38:25 Gertrud ntpd[55336]: NTSc: certificate subject name: /CN=ntp.glypnod.com Okt 18 22:38:25 Gertrud ntpd[55336]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=R12 Okt 18 22:38:25 Gertrud ntpd[55336]: NTSc: SAN:DNS ntp.glypnod.com, ntp1.glypnod.com Okt 18 22:38:25 Gertrud ntpd[55336]: NTSc: certificate invalid: 20=>unable to get local issuer certificate Okt 18 22:38:25 Gertrud ntpd[55336]: NTSc: NTS-KE req to ntp1.glypnod.com took 0.389 sec, fail Okt 18 22:38:25 Gertrud ntpd[55336]: DNS: dns_check: processing ntp1.glypnod.com, 1, 21a01 Okt 18 22:38:25 Gertrud ntpd[55336]: DNS: dns_take_status: ntp1.glypnod.com=>error, 12 --8<---------------cut here---------------end--------------->8--- After switching back to OpenSSL: --8<---------------cut here---------------start------------->8--- Okt 19 10:12:50 Gertrud ntpd[3882]: DNS: dns_probe: ntp1.glypnod.com, cast_flags:1, flags:21a01 Okt 19 10:12:50 Gertrud ntpd[3882]: NTSc: DNS lookup of ntp1.glypnod.com (0) took 0.001 sec Okt 19 10:12:50 Gertrud ntpd[3882]: NTSc: connecting to ntp1.glypnod.com+4460 => 104.131.155.175:4460 Okt 19 10:12:50 Gertrud ntpd[3882]: NTSc: set cert host: ntp1.glypnod.com Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: Using TLSv1.3, TLS_AES_256_GCM_SHA384 (256) Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: certificate subject name: /CN=ntp.glypnod.com Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=R12 Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: SAN:DNS ntp.glypnod.com, ntp1.glypnod.com Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: certificate is valid. Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: Good ALPN ntske/1 (7) from ntp1.glypnod.com Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: read 886 bytes Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: Using port 8123 Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: Got 8 cookies, length 104, aead=15. Okt 19 10:12:51 Gertrud ntpd[3882]: NTSc: NTS-KE req to ntp1.glypnod.com took 0.702 sec, OK Okt 19 10:12:51 Gertrud ntpd[3882]: DNS: dns_check: processing ntp1.glypnod.com, 1, 21a01 Okt 19 10:12:51 Gertrud ntpd[3882]: DNS: Server taking: 104.131.155.175:8123 Okt 19 10:12:51 Gertrud ntpd[3882]: DNS: dns_take_status: ntp1.glypnod.com=>good, 0 --8<---------------cut here---------------end--------------->8--- Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Blofeld: _______________________________________________ devel mailing list [email protected] https://lists.ntpsec.org/mailman/listinfo/devel
