tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SoC: Improve syslogd
On Mon, May 26, 2008 at 07:22:36PM +0200, Martin Sch?tte wrote:
>> A sane default behaviour would be to use
>> the entry and protocol from the config file and match that against the
>> certificate. E.g. look for sctp://example.net as common name.
>
> I do not think the used transport protocol should be part of a x.509
> certificate. Checks will be against the common name and the subjectAltName
> with DNS and IP entries.
If you derive the data to check against from the configuration file that
is fine. If you do a reverse lookup or other magic, it isn't.
Joerg
Home |
Main Index |
Thread Index |
Old Index