626 Commits (f8b2b5d3a291ed5f2d68166370ea423da79afea3)

Author SHA1 Message Date
  otto 062f16708b Typo in log message 4 years ago
  otto c1869dec59 If constraints are configured but do not work for whatever reason ntpd 4 years ago
  schwarze 710f7b7cc1 Standardize argument naming for "sourceaddr" and unify the wording a bit, 4 years ago
  schwarze cc18f18839 briefly mention /etc/examples/ in the FILES section of all the 4 years ago
  otto 0e2d622180 Properly determine era 0 or era 1, making it possible to move past 4 years ago
  jmc ed16e2b6fa tweak previous; ok deraadt 5 years ago
  otto d090b243af sensors can als be marked trusted; ok deraadt@ 5 years ago
  schwarze 458c49a176 tweak previous: delete stray .Pp 5 years ago
  deraadt 17a1cbd42d trusted sub-option works on sensors also now; ok otto 5 years ago
  otto 00f92e8d8c Also implement "trusted" for sensors; do not do constraint validation 5 years ago
  deraadt e3b7366f35 remove -s and -S documentation, and explain the boot-time startup mode 5 years ago
  deraadt 796283a2f8 Disable -s and -S functionality. -s would force time using NTP packets without 5 years ago
  deraadt 739d84ff90 document server/servers "trusted" sub-option. Indicates a particular 5 years ago
  otto 21c48e24ae Introduce a "trusted" modifier, for peers that should be on a local net 5 years ago
  deraadt e66cf3a761 alphatically order sub-options for sensors, and make the explanations 5 years ago
  deraadt 434126328c typo 5 years ago
  otto 016dfd7256 - validate sensor values against constraints 5 years ago
  otto df4870ab11 Allow the singular constraint clause to list multiple addresses; 5 years ago
  otto b6720974c4 1) Re-resolve and re-get constraints once the clock is synced. Constraints 5 years ago
  otto 005e327f50 fix printing when the pool is specified as an IP address; reported by and 5 years ago
  otto ac3128b975 proper level of two messages, prompted by deraadt@ 5 years ago
  otto 4faedbcd1c Sometimes ntp peers are unreliable (looking at you pool.ntp.org!) 5 years ago
  otto 27174b5b44 Forgotten va_copy/va_end; on some archs that is really needed. ok benno@ 5 years ago
  deraadt e5e55cd690 When system calls indicate an error they return -1, not some arbitrary 5 years ago
  otto c47029baaf Allow logging to both stderr and syslog; don't reset the log level if 5 years ago
  otto 5ad888ab62 tweaks with help from jmc@ 5 years ago
  otto 56e1091d6d Tell a bit about automatic mode; ok jmc@ 5 years ago
  otto 6f5c796c99 Do a quick DNS probe to decide to stay in the forground and attempt 5 years ago
  otto 391b236846 Be more aggressive retrying dns while in settime mode. The constraint 5 years ago
  otto 46a918abc5 Fix init of syslog for childs and teach dns process about synced state. 5 years ago
  otto 0225e4f1d7 Introducing autmatic settime mode: if some preconditions are met 5 years ago
  otto 11942d45dc Use proper algorithm for median computation; use fabs() for computing 5 years ago
  otto 349011c612 If a DBS resolve was done with the Checking Disabled flag, re-resolve 5 years ago
  otto 89bf75c4ef A step in solving the bootstrap problem in a dnssec environement. 5 years ago
  deraadt 247cc87989 (unsigned) means (unsigned int) which on ptrdiff_t or size_t or other 5 years ago
  jsing 37b88a442e Improve logging for TLS certificate validity checking. 6 years ago
  jsing 64715c5af0 Explicitly check timegm() return value. 6 years ago
  jsing ec351717c5 Perform manual validity checking of the X.509 certificate for constraints. 6 years ago
  otto 7a31e61809 Don't use *a - *b as compare idiom, it does not work as expected for 6 years ago
  florian ea28228b66 Prevent multiple ntpds from tripping over each other. 6 years ago
  tedu b233898e51 log dns failures, even if temporary. ok benno 6 years ago
  tedu d1794e488e update for libtls default cert changes. 6 years ago
  jsing 3fab6cbb08 Use TLS_CA_CERT_FILE instead of a separate define. 6 years ago
  jsing cf2ba9bd55 Be stricter with TLS configuration for ntpd constraints. 6 years ago
  sashan 6d2498c22d - odd condition/test in PF lexer 6 years ago
  kn 183780a91b Make host_*() AF-agnostic 6 years ago
  deraadt 48ecc0761d the main process must chdir to /, since it cannot have daemon() do the 6 years ago
  deraadt a27b872488 ntpd unveils the cert.pem "r" file (which is passed-over-socket to the 6 years ago
  mestre 7b9d9ca1a6 Revert back previous commit, we have decided that socket files don't cause any 6 years ago
  mestre b448df251e ntpd(8) has logic in place to delete its control socket on shutdown, but it 6 years ago