Re: SoC: Improve syslogd

[Joerg Sonnenberger <joerg%britannica.bec.de@localhost>]

On Mon, May 26, 2008 at 07:22:36PM +0200, Martin Sch?tte wrote:
>> A sane default behaviour would be to use
>> the entry and protocol from the config file and match that against the
>> certificate. E.g. look for sctp://example.net as common name.
>
> I do not think the used transport protocol should be part of a x.509 
> certificate. Checks will be against the common name and the subjectAltName 
> with DNS and IP entries.

If you derive the data to check against from the configuration file that
is fine. If you do a reverse lookup or other magic, it isn't.

Joerg