[Nut-upsdev] Fwd: [networkupstools/nut] Hide 'Init SSL without certificate database' message for upsc (PR #1662)

[Roger Price]

On Fri, 16 Sep 2022, Jim Klimov via Nut-upsdev wrote:

> Hello all,
>   Here's a PR I want to ask community about: should NUT clients like upsc report (log!) or hide the infamous 'Init SSL without certificate
> database' message?
> 
>   On one hand, it is a reminder that the setup is insecure (plaintext protocol, might be in an externally provided tunnel but we don't
> know that). On another, it is fairly annoying and if it does clutter syslog/journal from cron jobs etc. - is also somewhat toxic (causes
> I/O, uses space) if deployment owner is not going to do anything about it anyway for whatever reason (LAN, VPN, SSH tunnel...).
> 
>   That PR proposes to hide the message by default, with debug level 1. One alternative is to use debug level 0 so it always pops up on
> stderr like now, but does not hit the syslog.

It seems to me that the alternative, to use debug level 0 so that the message 
always appears on stderr but does not go to syslog, is the best compromise.

In modern times, plain text transmission is a weakness which should not be 
ignored.  If there is an external solution in place, e.g. a tunnel, then the 
call to upsc should accompanied by 2>/dev/null.

Currently the man page does not mention the stderr message.  Perhaps it should, 
together with a suggestion to use 2>/dev/null if the message is not relevant.

The reference to "SSL" could be replaced by "TLS".  All SSL protocols are now 
deprecated (as are TLS 1.0 and 1.1).

Roger