Re: Release, wildcards, etc

2022-04-21 Thread Richard Laager via devel
On 4/21/22 03:17, Hal Murray via devel wrote: There are 8 cases. I think I tested them all. If it will make you happy, I'll test again, being careful to check all 8 cases. 8 cases? I thought it was one setting, which would be 2 cases. Can you expand upon what you're actually proposing? Ideal

Re: Getting ready for a release, wildcards

2022-04-21 Thread countkase--- via devel
On Thursday, April 21, 2022, 09:20:06 AM PDT, Matt Selsky wrote: > Hi James, > > I'm not sure if you're being serious or not with the "nah" :) > > The potential mac truncation seems serious. I'm not sure about the other 2 > issues. > > Let me know what you think. Serious on all three and hey s

Re: Getting ready for a release, wildcards

2022-04-21 Thread Matt Selsky via devel
Hi James, I'm not sure if you're being serious or not with the "nah" :) The potential mac truncation seems serious. I'm not sure about the other 2 issues. Let me know what you think. Thanks, -Matt ___ devel mailing list devel@ntpsec.org https://lists

Re: Getting ready for a release, wildcards

2022-04-21 Thread Richard Laager via devel
+1 to NOT making this a knob. On 4/20/22 15:07, Matt Selsky via devel wrote: Hi Hal, If you're sufficiently happy with my code change, then you can click "approve" and "merge" on https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1264 I would rather not add knobs unless someone asks for this t

Re: Release, wildcards, etc

2022-04-21 Thread Hal Murray via devel
[Eric: There are a couple of preceding messages to devel in the mail someplace.] > I'd like to get https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1264 merged > and then do the release. > Is there anything else that we want in the release? I'm sorry that we have gotten off on the wrong foot (

Re: Getting ready for a release, wildcards

2022-04-21 Thread Hal Murray via devel
Richard Laager said: > Sure, that's all true. But, I'm not sure why you felt the need to mention > this. That is how everything works. In general, it's not even guaranteed > that a TLS-speaking daemon knows its own (external) hostname. It obviously > can't know what is in the client's trust stor

Re: Getting ready for a release, wildcards

2022-04-21 Thread James Browning via devel
On Apr 20, 2022 7:50 AM, Matt Selsky via devel wrote:Hi Hal, I don't think we should have a knob for disabling wildcards. This is not the sort of knob that operators expect (what other software provides such a knob?) and we're just adding another code path to test. Are there any other releas

Re: Getting ready for a release, wildcards

2022-04-21 Thread Hal Murray via devel
> I would rather not add knobs unless someone asks for this to be a knob. Nobody outside is ever going to ask for this knob. It's a grubby detail. Only geeks know that the concept exists. I want this knob so I/we can experiment. -- These are my opinions. I hate spam. ___

Re: Getting ready for a release, wildcards

2022-04-21 Thread Richard Laager via devel
On 4/19/22 17:01, Hal Murray via devel wrote: One is to update the nts cert documentation to say that it doesn't do any checking on the certificate. - Present the certificate in _file_ as our certificate. + Present the certificate (chain) in _file_ as our certificate. + + + Note that there

Re: Getting ready for a release, wildcards

2022-04-21 Thread Matt Selsky via devel
Hi Hal, If you're sufficiently happy with my code change, then you can click "approve" and "merge" on https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1264 I would rather not add knobs unless someone asks for this to be a knob. Thanks, -Matt From: Hal Murray S