Certificates
Any openssl command line wizards? What do I type to find out when my certificate expires? We should make a script that can be called from cron. What do I type to figure out which cert in the root collection for my OS/distro that a NTS-KE server is using? I'd like some code I can cut-paste to do that and/or a script that will do that for all the servers in ntp.conf that are using nts. I'm pretty sure their man pages have all the info and with enough work I can work out the details. But I won't bother if somebody is familiar with that area. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Certificates
On Wed, Sep 11, 2019 at 7:43 PM Hal Murray via devel
wrote:
>
> Any openssl command line wizards?
>
Probably, not me though.
> What do I type to find out when my certificate expires? We should make a
> script that can be called from cron.
>
generally something like the following works fairly well
> # openssl x509 -issuer -dates -in /etc/ntp/cert-chain.pem
> issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> notBefore=Aug 25 07:36:19 2019 GMT
> notAfter=Nov 23 07:36:19 2019 GMT
> -BEGIN CERTIFICATE-
:::snip:::
> -END CERTIFICATE-
-in tells OpenSSL to use a file instead of stdin
-dates tells OpenSSL to print the not{Before,After} dates
-issuer gets that information printed
All this and more is readily available by invoking "openssl x509"
What do I type to figure out which cert in the root collection for my
> OS/distro that a NTS-KE server is using? I'd like some code I can
> cut-paste
> to do that and/or a script that will do that for all the servers in
> ntp.conf
> that are using nts.
>
> I'm pretty sure their man pages have all the info and with enough work I
> can
> work out the details. But I won't bother if somebody is familiar with
> that
> area.
>
Man pages? in virtual open offices, we do not need man pages.
Fun factoid: it takes developer '15 minutes' to properly get back on task
after being interrupted
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
Re: 'ntpq -c ":config"' does not work (it probably never did)
Matthew Selsky via devel : > On Mon, Sep 09, 2019 at 08:46:26AM -0700, James Browning via devel wrote: > >While working on a script, I stumbled across this issue. the cmd.Cmd > >class does not call its precmd function from its onecmd function in > >either Python 2.7 or 3.6. I see several possible paths forward. > > > >1. Ignore the issue and hope it goes away. > >2. Report it upstream. > >3. Change over to hot_config option exclusively. > >4. Add a wrapper to onecmd that fixes things. > >5. More extensive fixes to cmd.Cmd. > >6. Change to a new command-line interpreter. > >7. Another path I am not even considering. > > > >I would advocate for the wrapper or changing to hot_config as the least > >not good options at this time. Ignoring it stacks up technical debt for > >later. Upstream would probably say it works as intended. Changing to a > >new interpreter would throw away all the good work on this one. More > >extensive work is possible but probably beyond my capabilities. > > Yes, please talk to upstream and see what they recommend. And this change > should be documented in our incompatible changes list until we have a > compatible function (or we decide to leave the feature out) Or there's the simplest possible fix, which I just pushed. The expression used to process the argument of -c just changed from interpreter.onecmd(command) to interpreter.onecmd(interpreter.precmd(command)) Thanks for catching this. If anything goes sproing, bug me. -- http://www.catb.org/~esr/";>Eric S. Raymond ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
