Re: SoC: Improve syslogd

["Rainer Gerhards" <rgerhards%gmail.com@localhost>]

On Mon, May 26, 2008 at 10:20 PM, Joerg Sonnenberger
<joerg%britannica.bec.de@localhost> wrote:
> On Mon, May 26, 2008 at 09:59:39PM +0200, Rainer Gerhards wrote:
>> The standard demands that each server is
>> authenticated. It doesn't demand that operators really use that, but
>> the implementation must support it and do so by default.
>
> That's fine. I mean that each host running syslogd has a single
> certificate to authenticate itself to others. That should be good enough
> for most purposes.

I fully agree. The rest should be very special cases.

>> Is it actually the only TLS library or is it the default one (so no
>> GnuTLS or NSS)?
>
> NetBSD provides out-of-the-box only OpenSSL and is unlikely to change
> that. For practical purposes, OpenSSL is by far the most important
> library to worry about here.

OK, good to know. Looks like I am up for another stream driver. Maybe
I hold that until Martin has done his implementation, I guess that
makes things easier :) As rsyslog is an add-on, I am currently fine
with the requirement to add another add-on in order to get it go. But
the stream driver concept was introduced to take care of different
operating system's default TLS library, and this now seems to pay of.

Rainer