openntpd-openbsd

Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.

jsing f819d84119 Harden TLS for ntpd constraints - stop disabling server name verification, ensure that we load the CA certificates and use tls_connect_servername() so that we can verify the server we are connecting to (even though we've already resolved the hostname). Also add additional warnings for TLS connect and TLS write failures so that we know what is happening and why. Lack of server name verification also reported by Luis M. Merino <luismiguelmerino at gmail dot com> - thanks! ok deraadt@ reyk@	8 years ago
src	Harden TLS for ntpd constraints - stop disabling server name verification,	8 years ago

jsing f819d84119 Harden TLS for ntpd constraints - stop disabling server name verification,

ensure that we load the CA certificates and use tls_connect_servername()
so that we can verify the server we are connecting to (even though we've
already resolved the hostname). Also add additional warnings for TLS
connect and TLS write failures so that we know what is happening and why.
Lack of server name verification also reported by Luis M. Merino
<luismiguelmerino at gmail dot com> - thanks!
ok deraadt@ reyk@

8 years ago

src

Harden TLS for ntpd constraints - stop disabling server name verification,

8 years ago