CVSROOT: /cvs
Module name: src
Changes by: henn...@cvs.openbsd.org 2025/01/23 05:27:42
Modified files:
usr.sbin/syslogd: syslogd.c
Log message:
when acting as logserver with TLS (-S) and client-certificates are used for
authentication (-K), use the CN from the client's certificate as hostname.
A typical setup would use a dedicated, private CA issuing certificates with
the hostname as CN to each host, and those use @tls://loghost as destination.
This setup allows encrypted, authenticated logging over untrusted networks
like the internet, now with correct hostnames in the logs - even with roaming
hosts and hosts behind NAT (including telling multiple hosts behind the same
NAT IP apart).
uses tls_peer_cert_common_name(), thus needs a recent libtls.
with & ok bluhm
