<div dir="auto"><div style="font-size:12.8px" dir="auto">Cheers,</div><div dir="auto" style="font-size:12.8px"><br></div><div dir="auto" style="font-size:12.8px">Thanks for suggestions, chaining my responses below:</div><div dir="auto" style="font-size:12.8px"><br></div><div dir="auto" style="font-size:12.8px">* The downside of blanket `2>/dev/null` (and so of keeping it as 0-level debug) is that it hides any other stderr (if any). For original poster of the PR, unfiltered stderr of upsc ended up as stderr and so system log of the monitoring system.</div><div dir="auto" style="font-size:12.8px"><br></div><div dir="auto" style="font-size:12.8px">* Code near the message emitter does not seem to indicate it does specifically SSL (but it was written long ago so it could plausibly be costrained like that). IIRC there was a PR for awareness about TLSv1_2 as minimal accepted by default if supported, or some such. So I guess rewording for TLS is not a big deal (not misleading).</div><div dir="auto" style="font-size:12.8px"><br></div><div dir="auto" style="font-size:12.8px">* Regarding "how?" - good question, not sure at the moment. Might be unfinished work in libupsclient and/or its consumers like upsc/upscnd/upsrw/upsmon(?)/... or just not documented - gotta check in code.</div><div dir="auto" style="font-size:12.8px"><br></div><div dir="auto" style="font-size:12.8px">FWIW the C++ libnutclient lifted much of the same code from it, but did not at that time lift the crypto and some other parts as I recently found while updating the lib. Neither does PyNUT offer any native crypto awareness...</div><div dir="auto" style="font-size:12.8px"><br></div><div dir="auto" style="font-size:12.8px">I believe this was also part of discrepancy between openssl vs. libnss as the crypto backend. At least, they 99% certainly were not on par.</div><div dir="auto" style="font-size:12.8px"><br></div><div dir="auto" style="font-size:12.8px">Like anywhere, volunteers to propose, test and document, and post PRs with results, are very much welcome! :)</div><div style="color:rgb(136,136,136);font-size:12.8px" dir="auto"><div dir="auto"><br></div></div><div dir="auto" style="font-size:12.8px"><div style="color:rgb(136,136,136)">Jim</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 16, 2022, 14:11 Roger Price <<a href="mailto:roger@rogerprice.org">roger@rogerprice.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, 16 Sep 2022, Jim Klimov via Nut-upsuser wrote:<br>
<br>
> Hello all,<br>
> Here's a PR I want to ask community about: should NUT clients like upsc report (log!) or hide the infamous 'Init SSL without certificate<br>
> database' message?<br>
<br>
How should upsc be used in order to get SSL/TLS protection? There is no <br>
configuration file with a CERTFILE declaration. Is there some other way to say <br>
where the public key certificate is?<br>
<br>
Perhaps the man page should explain this.<br>
<br>
Roger_______________________________________________<br>
Nut-upsuser mailing list<br>
<a href="mailto:Nut-upsuser@alioth-lists.debian.net" target="_blank" rel="noreferrer">Nut-upsuser@alioth-lists.debian.net</a><br>
<a href="https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser" rel="noreferrer noreferrer" target="_blank">https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser</a><br>
</blockquote></div>