>> So to sum up, my best impression presently is that time validation >> should be disabled for TLS certificates within NTPD. > > Not going to change.
Ok! For a user to add to his installer or maybe even boot scripts, a NTPD invocation that is foolproof so that it will succeed with sync even if the time is badly off, how would such an NTPD invocation look - would there be any reason to add an "ignore TLS certificate time on connect to constraint server" argument to NTPD, or should I just do "echo servers pool.ntp.org | ntpd -d -f /dev/stdin -s"? (Actually this NTPD invocation doesn't work, something about the stdin reading fails, would need to debug, any further pointer on a foolproof command line would be appreciated.) Btw also, can NTPD be run in any way so that it terminates after its first successful time sync? Thanks
