Hi,
This totally hosed all of my systems!!
I think relying on the internal "server_random" member of the ssl data
structure is error prone and to me it's not unexpected that a server would
randomize the timestamp part of their random ssl seed. The erroroneous code is
in "src/tlsdate-helper.c" line 1207.
My suggestion is that instead of changing the default server, instead default
to using the HTTP Date header. This header is intended to contain the current
time.
I achieved this by changing the DAEMON_OPTS in /etc/default/tlsdated
DAEMON_OPTS="-- /usr/bin/tlsdate -w"
You also have to change how DAEMON_ARGS is set in /etc/init.d/tlsdated. Add
this line after the line that sourced /etc/default/tlsdated:
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
DAEMON_ARGS="-f /etc/tlsdate/tlsdated.conf $DAEMON_OPTS"
Thanks,
Rian
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]