mlichvar · May 15, 2025 11:40
diff --git a/chrony-tls-test.sh b/chrony-tls-test.sh
 #!/bin/bash

 set -e

 tmp=$(mktemp -d)
 echo "$tmp"

 cert="$tmp/nts.crt"
 key="$tmp/nts.key"
 conf="$tmp/chrony.conf"
 sock="$tmp/chronyd.sock"
 log="$tmp/chronyd.log"

 trap "rm -rf \"$tmp\"" EXIT

 #keytype=mldsa65
 keytype=rsa:2048

 openssl req \
        -x509 \
        -newkey "$keytype" \
        -keyout "$key" \
        -subj /CN=localhost \
        -addext subjectAltName=DNS:localhost \
        -days 30 \
        -nodes \
        -out "$cert"

 cat > "$conf" <<EOF
 server localhost iburst nts ntsport 34460
 ntsserverkey $key
 ntsservercert $cert
 ntstrustedcerts $cert
 pidfile $tmp/chronyd.pid
 bindcmdaddress $sock
 cmdport 0
 port 33123
 ntsport 34460
 local
 allow
 EOF

 chronyd -u root -t 3 -f "$conf" -d -d -L -1 -l "$log"
 grep ' E:' "$log" || :
 grep Handshake "$log"
 grep testABCD=1110 "$log"
	#!/bin/bash

	set -e

	tmp=$(mktemp -d)
	echo "$tmp"

	cert="$tmp/nts.crt"
	key="$tmp/nts.key"
	conf="$tmp/chrony.conf"
	sock="$tmp/chronyd.sock"
	log="$tmp/chronyd.log"

	trap "rm -rf \"$tmp\"" EXIT

	#keytype=mldsa65
	keytype=rsa:2048

	openssl req \
	-x509 \
	-newkey "$keytype" \
	-keyout "$key" \
	-subj /CN=localhost \
	-addext subjectAltName=DNS:localhost \
	-days 30 \
	-nodes \
	-out "$cert"

	cat > "$conf" <<EOF
	server localhost iburst nts ntsport 34460
	ntsserverkey $key
	ntsservercert $cert
	ntstrustedcerts $cert
	pidfile $tmp/chronyd.pid
	bindcmdaddress $sock
	cmdport 0
	port 33123
	ntsport 34460
	local
	allow
	EOF

	chronyd -u root -t 3 -f "$conf" -d -d -L -1 -l "$log"
	grep ' E:' "$log" \|\| :
	grep Handshake "$log"
	grep testABCD=1110 "$log"