Author :
henning
Date :
2025-01-23 12:27:42
Hash :167edc97 Message :when acting as logserver with TLS (-S) and client-certificates are used for
authentication (-K), use the CN from the client's certificate as hostname.
A typical setup would use a dedicated, private CA issuing certificates with
the hostname as CN to each host, and those use @tls://loghost as destination.
This setup allows encrypted, authenticated logging over untrusted networks
like the internet, now with correct hostnames in the logs - even with roaming
hosts and hosts behind NAT (including telling multiple hosts behind the same
NAT IP apart).
uses tls_peer_cert_common_name(), thus needs a recent libtls.
with & ok bluhm