forked from ioerror/tlsdate
secure parasitic rdate replacement
License
nmathewson/tlsdate
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
tlsdate: secure parasitic rdate replacement tlsdate sets the local clock by securely connecting with TLS to remote servers and extracting the remote time out of the secure handshake. Unlike ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS enabled service, and provides some protection against adversaries that try to feed you malicious time information. On Debian GNU/Linux and related systems, we provide an init.d script that controls the tlsdated daemon. It will notice network changes and regularly invoke tlsdate to keep the clock in sync. Start it like so: /etc/init.d/tlsdate start Here is an example an unprivileged user fetching the remote time: % tlsdate -V -n -H encrypted.google.com Fri Apr 19 17:56:46 PDT 2013 This is an example run - starting as root and dropping to nobody, setting the clock and printing it: % sudo tlsdate -V Fri Apr 19 17:57:49 PDT 2013 Here is an example with a custom host and custom port without verification: % sudo tlsdate -v --skip-verification -p 80 -H rgnx.net V: tlsdate version 0.0.6 V: We were called with the following arguments: V: disable SSL certificate check host = rgnx.net:80 WARNING: Skipping certificate verification! V: time is currently 1366419507.456647065 V: time is greater than RECENT_COMPILE_DATE V: using TLSv1_client_method() V: Using OpenSSL for SSL V: opening socket to rgnx.net:80 V: Certificate verification skipped! V: public key is ready for inspection V: key type: EVP_PKEY_RSA V: keybits: 1024 V: key length appears safe V: server time 1366419508 (difference is about -1 s) was fetched in 338 ms V: setting time succeeded Here is an example where a system may not have any kind of RTC at boot. Do the time warp to restore sanity and do so with a leap of faith: % sudo tlsdate -V -l -t Fri Apr 19 18:08:03 PDT 2013
About
secure parasitic rdate replacement
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- C 97.0%
- Objective-C 1.6%
- Shell 1.1%
- Ruby 0.3%