CVSROOT: /cvs Module name: src Changes by: henn...@cvs.openbsd.org 2025/01/23 05:27:42
Modified files: usr.sbin/syslogd: syslogd.c Log message: when acting as logserver with TLS (-S) and client-certificates are used for authentication (-K), use the CN from the client's certificate as hostname. A typical setup would use a dedicated, private CA issuing certificates with the hostname as CN to each host, and those use @tls://loghost as destination. This setup allows encrypted, authenticated logging over untrusted networks like the internet, now with correct hostnames in the logs - even with roaming hosts and hosts behind NAT (including telling multiple hosts behind the same NAT IP apart). uses tls_peer_cert_common_name(), thus needs a recent libtls. with & ok bluhm