Roger Price
2022-Sep-16 12:11 UTC
[Nut-upsuser] Fwd: [networkupstools/nut] Hide 'Init SSL without certificate database' message for upsc (PR #1662)
On Fri, 16 Sep 2022, Jim Klimov via Nut-upsuser wrote:> Hello all, > ? Here's a PR I want to ask community about: should NUT clients like upsc report (log!) or hide the infamous 'Init SSL without certificate > database' message?How should upsc be used in order to get SSL/TLS protection? There is no configuration file with a CERTFILE declaration. Is there some other way to say where the public key certificate is? Perhaps the man page should explain this. Roger
Jim Klimov
2022-Sep-16 14:41 UTC
[Nut-upsuser] Fwd: [networkupstools/nut] Hide 'Init SSL without certificate database' message for upsc (PR #1662)
Cheers, Thanks for suggestions, chaining my responses below: * The downside of blanket `2>/dev/null` (and so of keeping it as 0-level debug) is that it hides any other stderr (if any). For original poster of the PR, unfiltered stderr of upsc ended up as stderr and so system log of the monitoring system. * Code near the message emitter does not seem to indicate it does specifically SSL (but it was written long ago so it could plausibly be costrained like that). IIRC there was a PR for awareness about TLSv1_2 as minimal accepted by default if supported, or some such. So I guess rewording for TLS is not a big deal (not misleading). * Regarding "how?" - good question, not sure at the moment. Might be unfinished work in libupsclient and/or its consumers like upsc/upscnd/upsrw/upsmon(?)/... or just not documented - gotta check in code. FWIW the C++ libnutclient lifted much of the same code from it, but did not at that time lift the crypto and some other parts as I recently found while updating the lib. Neither does PyNUT offer any native crypto awareness... I believe this was also part of discrepancy between openssl vs. libnss as the crypto backend. At least, they 99% certainly were not on par. Like anywhere, volunteers to propose, test and document, and post PRs with results, are very much welcome! :) Jim On Fri, Sep 16, 2022, 14:11 Roger Price <roger at rogerprice.org> wrote:> On Fri, 16 Sep 2022, Jim Klimov via Nut-upsuser wrote: > > > Hello all, > > Here's a PR I want to ask community about: should NUT clients like > upsc report (log!) or hide the infamous 'Init SSL without certificate > > database' message? > > How should upsc be used in order to get SSL/TLS protection? There is no > configuration file with a CERTFILE declaration. Is there some other way > to say > where the public key certificate is? > > Perhaps the man page should explain this. > > Roger_______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20220916/946b4393/attachment.htm>