tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SoC: Improve syslogd

On Mon, May 26, 2008 at 07:22:36PM +0200, Martin Sch?tte wrote:
>> A sane default behaviour would be to use
>> the entry and protocol from the config file and match that against the
>> certificate. E.g. look for sctp:// as common name.
> I do not think the used transport protocol should be part of a x.509 
> certificate. Checks will be against the common name and the subjectAltName 
> with DNS and IP entries.

If you derive the data to check against from the configuration file that
is fine. If you do a reverse lookup or other magic, it isn't.


Home | Main Index | Thread Index | Old Index