[Nut-upsdev] Fwd: [networkupstools/nut] Hide 'Init SSL without certificate database' message for upsc (PR #1662)
Manuel Wolfshant
manuel.wolfshant at gmail.com
Fri Sep 16 15:32:53 BST 2022
On September 16, 2022 11:08:09 AM GMT+03:00, Roger Price <roger at rogerprice.org> wrote:
>On Fri, 16 Sep 2022, Jim Klimov via Nut-upsdev wrote:
>
>> Hello all,
>> Here's a PR I want to ask community about: should NUT clients like upsc report (log!) or hide the infamous 'Init SSL without certificate
>> database' message?
>>
>> On one hand, it is a reminder that the setup is insecure (plaintext protocol, might be in an externally provided tunnel but we don't
>> know that). On another, it is fairly annoying and if it does clutter syslog/journal from cron jobs etc. - is also somewhat toxic (causes
>> I/O, uses space) if deployment owner is not going to do anything about it anyway for whatever reason (LAN, VPN, SSH tunnel...).
>>
>> That PR proposes to hide the message by default, with debug level 1. One alternative is to use debug level 0 so it always pops up on
>> stderr like now, but does not hit the syslog.
>
>It seems to me that the alternative, to use debug level 0 so that the message always appears on stderr but does not go to syslog, is the best compromise.
>
>In modern times, plain text transmission is a weakness which should not be ignored. If there is an external solution in place, e.g. a tunnel, then the call to upsc should accompanied by 2>/dev/null.
>
>Currently the man page does not mention the stderr message. Perhaps it should, together with a suggestion to use 2>/dev/null if the message is not relevant.
>
>The reference to "SSL" could be replaced by "TLS". All SSL protocols are now deprecated (as are TLS 1.0 and 1.1).
>
+1 to all of Roger's suggestions
wolfy
>Roger
More information about the Nut-upsdev
mailing list