diff --git a/conf.c b/conf.c index 8bc59a4..442f833 100644 --- a/conf.c +++ b/conf.c @@ -223,8 +223,8 @@ static char *leapsec_tz = NULL; /* Name of the user to which will be dropped root privileges. */ static char *user; -/* NTS cache dir, certificates, private key, and port */ -static char *nts_cachedir = NULL; +/* NTS dump dir, certificates, private key, and port */ +static char *nts_dump_dir = NULL; static char *nts_server_cert_file = NULL; static char *nts_server_key_file = NULL; static int nts_server_port = 11443; @@ -404,7 +404,7 @@ CNF_Finalise(void) Free(mail_user_on_change); Free(tempcomp_sensor_file); Free(tempcomp_point_file); - Free(nts_cachedir); + Free(nts_dump_dir); Free(nts_server_cert_file); Free(nts_server_key_file); Free(nts_trusted_cert_file); @@ -551,8 +551,9 @@ CNF_ParseLine(const char *filename, int number, char *line) parse_string(p, &ntp_signd_socket); } else if (!strcasecmp(command, "ntstrustedcerts")) { parse_string(p, &nts_trusted_cert_file); - } else if (!strcasecmp(command, "ntscachedir")) { - parse_string(p, &nts_cachedir); + } else if (!strcasecmp(command, "ntscachedir") || + !strcasecmp(command, "ntsdumpdir")) { + parse_string(p, &nts_dump_dir); } else if (!strcasecmp(command, "ntsport")) { parse_int(p, &nts_server_port); } else if (!strcasecmp(command, "ntsprocesses")) { @@ -2069,9 +2070,9 @@ CNF_GetHwTsInterface(unsigned int index, CNF_HwTsInterface **iface) /* ================================================== */ char * -CNF_GetNtsCacheDir(void) +CNF_GetNtsDumpDir(void) { - return nts_cachedir; + return nts_dump_dir; } /* ================================================== */ diff --git a/conf.h b/conf.h index 697f111..6510fbd 100644 --- a/conf.h +++ b/conf.h @@ -139,7 +139,7 @@ typedef struct { extern int CNF_GetHwTsInterface(unsigned int index, CNF_HwTsInterface **iface); -extern char *CNF_GetNtsCacheDir(void); +extern char *CNF_GetNtsDumpDir(void); extern char *CNF_GetNtsServerCertFile(void); extern char *CNF_GetNtsServerKeyFile(void); extern int CNF_GetNtsServerPort(void); diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc index e65b7da..86cc28f 100644 --- a/doc/chrony.conf.adoc +++ b/doc/chrony.conf.adoc @@ -1390,7 +1390,7 @@ process will be started and all NTS-KE requests will be handled by the main This directive specifies the maximum number of concurrent NTS-KE connections per process that the NTS server will accept. The default value is 100. -[[ntscachedir]]*ntscachedir* _directory_:: +[[ntsdumpdir]]*ntsdumpdir* _directory_:: This directive specifies a directory to save the keys which the NTS server uses to encrypt NTS cookies in order to prevent a storm of NTS-KE handshakes when the server is restarted. By default, the server does not save the keys. diff --git a/nts_ke_server.c b/nts_ke_server.c index 522aaaa..77efeff 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -447,14 +447,14 @@ save_keys(void) { char hex_key[SIV_MAX_KEY_LENGTH * 2 + 1]; int i, index, key_length; - char *cachedir; + char *dump_dir; FILE *f; - cachedir = CNF_GetNtsCacheDir(); - if (!cachedir) + dump_dir = CNF_GetNtsDumpDir(); + if (!dump_dir) return; - f = UTI_OpenFile(cachedir, "ntskeys", ".tmp", 'w', 0600); + f = UTI_OpenFile(dump_dir, "ntskeys", ".tmp", 'w', 0600); if (!f) return; @@ -474,7 +474,7 @@ save_keys(void) fclose(f); - if (!UTI_RenameTempFile(cachedir, "ntskeys", ".tmp", NULL)) + if (!UTI_RenameTempFile(dump_dir, "ntskeys", ".tmp", NULL)) ; } @@ -484,15 +484,15 @@ static void load_keys(void) { int i, index, line_length, key_length, n; - char *cachedir, line[1024]; + char *dump_dir, line[1024]; FILE *f; uint32_t id; - cachedir = CNF_GetNtsCacheDir(); - if (!cachedir) + dump_dir = CNF_GetNtsDumpDir(); + if (!dump_dir) return; - f = UTI_OpenFile(cachedir, "ntskeys", NULL, 'r', 0); + f = UTI_OpenFile(dump_dir, "ntskeys", NULL, 'r', 0); if (!f) return; diff --git a/test/unit/nts_ke_server.c b/test/unit/nts_ke_server.c index 0ca35eb..b3460f3 100644 --- a/test/unit/nts_ke_server.c +++ b/test/unit/nts_ke_server.c @@ -138,7 +138,7 @@ test_unit(void) uint32_t sum, sum2; char conf[][100] = { - "ntscachedir .", + "ntsdumpdir .", "ntsport 0", "ntsprocesses 0", "ntsserverkey nts_ke.key",