答复: 答复: 答复: [chrony-users] ipV4 and ipV6 |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]
-----邮件原件----- On Wed, Nov 30, 2022 at 08:44:35AM +0000, chengyechun wrote: > Do the certificates contain a different name? If there are multiple certificates with the same name, the server will provide only one the clients. > Different IP addresses I'm not sure if that is supposed to work. The NTS-KE client doesn't provide the IP address to the server (at least the gnutls_server_name_set() function doesn't allow that), and gnutls as a TLS server probably doesn't check the address of the socket in expectation that there will be a matching address in one of the certificates. Maybe
an RFE could be submitted for that. > This is because one client uses IPv6 to communicate with the server, while the other uses IPv4. This is because ip_address is used to generate a certificate. The template is as follows: > > organization = "xiaoyu" > country = CN > ip_address = "11..11.7.120" > serial = 001 > activation_date = "2022-01-01 00:00:00 UTC" > expiration_date = "2022-12-31 23:59:59 UTC" > signing_key > encryption_key > > > The IPv6 template is to modify ip_address. Can this be unified?-- Yes, you can specify multiple addresses in the certificate. Just add more lines with "ip_address = ...". No need to use separate certificates. Specifying multiple ip_addresses is valid. I found that when I set ntsrefresh to 1, the TLS handshake fails every 24s after the TLS handshake fails. This seems to be regular. Where can I know this from the code? -- Miroslav Lichvar -- To unsubscribe email
chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject. For help email
chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject. Trouble? Email
listmaster@xxxxxxxxxxxxxxxxxxxx. |
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |