[Nut-upsdev] [Nut-upsuser] Fwd: [networkupstools/nut] Hide 'Init SSL without certificate database' message for upsc (PR #1662)

Jim Klimov jimklimov+nut at gmail.com
Fri Sep 16 15:41:01 BST 2022


Cheers,

Thanks for suggestions, chaining my responses below:

* The downside of blanket `2>/dev/null` (and so of keeping it as 0-level
debug) is that it hides any other stderr (if any). For original poster of
the PR, unfiltered stderr of upsc ended up as stderr and so system log of
the monitoring system.

* Code near the message emitter does not seem to indicate it does
specifically SSL (but it was written long ago so it could plausibly be
costrained like that). IIRC there was a PR for awareness about TLSv1_2 as
minimal accepted by default if supported, or some such. So I guess
rewording for TLS is not a big deal (not misleading).

* Regarding "how?" - good question, not sure at the moment. Might be
unfinished work in libupsclient and/or its consumers like
upsc/upscnd/upsrw/upsmon(?)/... or just not documented - gotta check in
code.

FWIW the C++ libnutclient lifted much of the same code from it, but did not
at that time lift the crypto and some other parts as I recently found while
updating the lib. Neither does PyNUT offer any native crypto awareness...

I believe this was also part of discrepancy between openssl vs. libnss as
the crypto backend. At least, they 99% certainly were not on par.

Like anywhere, volunteers to propose, test and document, and post PRs with
results, are very much welcome! :)

Jim

On Fri, Sep 16, 2022, 14:11 Roger Price <roger at rogerprice.org> wrote:

> On Fri, 16 Sep 2022, Jim Klimov via Nut-upsuser wrote:
>
> > Hello all,
> >   Here's a PR I want to ask community about: should NUT clients like
> upsc report (log!) or hide the infamous 'Init SSL without certificate
> > database' message?
>
> How should upsc be used in order to get SSL/TLS protection?  There is no
> configuration file with a CERTFILE declaration.  Is there some other way
> to say
> where the public key certificate is?
>
> Perhaps the man page should explain this.
>
> Roger_______________________________________________
> Nut-upsuser mailing list
> Nut-upsuser at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/nut-upsdev/attachments/20220916/946b4393/attachment.htm>


More information about the Nut-upsdev mailing list