<div dir="auto"><div>So it sounds to me like we would rather keep the existing noisy behavior by default? (Assuming clients in fact have/get a way to specify a certdb and avoid the message validly?)</div><div dir="auto"><br></div><div dir="auto">Would it be acceptable then to add a (non-default) CLI/envvar option to hush this one message? Like "yes I'm shooting meself in da foot, don't keep reminding"?</div><div dir="auto"><br></div><div dir="auto">Looking a bit more in the code context, NSS is initialized anyway if built-in, just without a (custom... hmm, should try system?) certdb.</div><div dir="auto"><br></div><div dir="auto">Jim</div><div dir="auto"><br></div><div dir="auto"><br><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Fri, Sep 16, 2022, 16:58 Manuel Wolfshant via Nut-upsdev <<a href="mailto:nut-upsdev@alioth-lists.debian.net">nut-upsdev@alioth-lists.debian.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
On September 16, 2022 11:08:09 AM GMT+03:00, Roger Price <<a href="mailto:roger@rogerprice.org" target="_blank" rel="noreferrer">roger@rogerprice.org</a>> wrote:<br>
>On Fri, 16 Sep 2022, Jim Klimov via Nut-upsdev wrote:<br>
><br>
>> Hello all,<br>
>> Here's a PR I want to ask community about: should NUT clients like upsc report (log!) or hide the infamous 'Init SSL without certificate<br>
>> database' message?<br>
>> <br>
>> On one hand, it is a reminder that the setup is insecure (plaintext protocol, might be in an externally provided tunnel but we don't<br>
>> know that). On another, it is fairly annoying and if it does clutter syslog/journal from cron jobs etc. - is also somewhat toxic (causes<br>
>> I/O, uses space) if deployment owner is not going to do anything about it anyway for whatever reason (LAN, VPN, SSH tunnel...).<br>
>> <br>
>> That PR proposes to hide the message by default, with debug level 1. One alternative is to use debug level 0 so it always pops up on<br>
>> stderr like now, but does not hit the syslog.<br>
><br>
>It seems to me that the alternative, to use debug level 0 so that the message always appears on stderr but does not go to syslog, is the best compromise.<br>
><br>
>In modern times, plain text transmission is a weakness which should not be ignored. If there is an external solution in place, e.g. a tunnel, then the call to upsc should accompanied by 2>/dev/null.<br>
><br>
>Currently the man page does not mention the stderr message. Perhaps it should, together with a suggestion to use 2>/dev/null if the message is not relevant.<br>
><br>
>The reference to "SSL" could be replaced by "TLS". All SSL protocols are now deprecated (as are TLS 1.0 and 1.1).<br>
><br>
<br>
<br>
+1 to all of Roger's suggestions<br>
<br>
wolfy<br>
>Roger<br>
<br>
_______________________________________________<br>
Nut-upsdev mailing list<br>
<a href="mailto:Nut-upsdev@alioth-lists.debian.net" target="_blank" rel="noreferrer">Nut-upsdev@alioth-lists.debian.net</a><br>
<a href="https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsdev" rel="noreferrer noreferrer" target="_blank">https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsdev</a><br>
</blockquote></div></div></div>