Edit

IABSD.fr/src/usr.sbin/syslogd

Branch :

  • Show log

    Commit

  • Author : henning
    Date : 2025-01-23 12:27:42
    Hash : 167edc97
    Message : when acting as logserver with TLS (-S) and client-certificates are used for authentication (-K), use the CN from the client's certificate as hostname. A typical setup would use a dedicated, private CA issuing certificates with the hostname as CN to each host, and those use @tls://loghost as destination. This setup allows encrypted, authenticated logging over untrusted networks like the internet, now with correct hostnames in the logs - even with roaming hosts and hosts behind NAT (including telling multiple hosts behind the same NAT IP apart). uses tls_peer_cert_common_name(), thus needs a recent libtls. with & ok bluhm