[Nut-upsdev] Fwd: [networkupstools/nut] Hide 'Init SSL without certificate database' message for upsc (PR #1662)
Roger Price
roger at rogerprice.org
Fri Sep 16 21:02:20 BST 2022
On Fri, 16 Sep 2022, Rob Crittenden wrote:
> On 9/16/22 14:30, Jim Klimov via Nut-upsdev wrote:
>> So it sounds to me like we would rather keep the existing noisy behavior
>> by default? (Assuming clients in fact have/get a way to specify a certdb
>> and avoid the message validly?)
>>
>> Would it be acceptable then to add a (non-default) CLI/envvar option to
>> hush this one message? Like "yes I'm shooting meself in da foot, don't
>> keep reminding"?
>>
>> Looking a bit more in the code context, NSS is initialized anyway if
>> built-in, just without a (custom... hmm, should try system?) certdb.
>
> The trick would be to determine where is the default system DB, if any.
> On Fedora, RHEL and derivatives it is /etc/pki/nssdb. Other distros I
> have no idea. It could be another config option I suppose.
That looks as if upsc, upsrw, upscmd and maybe others would need
1) options to cover at least the CERTPATH as a minimum, and possibly the
CERTIDENT, CERTHOST as well as CERTVERIFY and FORCESSL directives found in
upsmon.conf .
2) an option --noSSLwarning or maybe --noTLSwarning
Roger
More information about the Nut-upsdev
mailing list