[rsyslog] TLS certificates
RB
aoz.syn at gmail.com
Tue Dec 2 17:18:30 CET 2008
On Tue, Dec 2, 2008 at 09:00, Rainer Gerhards <rgerhards at hq.adiscon.com> wrote:
> Just a quick note, I am quite busy at the moment (guess what ;)). If the
> auth is set to "anon" nothing at all is validated and MITM *is*
> absolutely possible. That's why the doc does not recommend to use that
> mode. I posted a link to the long TLS setup guide, which creates a
> fairly safe scenario (but your milage may vary... ;)).
Understood. For everyone else's edification, here is the comment in
the related code, outlining what modes are used:
/* Set the authentication mode. For us, the following is supported:
* anon - no certificate checks whatsoever (discouraged, but
supported)
* x509/certvalid - (just) check certificate validity
* x509/fingerprint - certificate fingerprint
* x509/name - cerfificate name check
* mode == NULL is valid and defaults to x509/name
* rgerhards, 2008-05-16
*/
More information about the rsyslog
mailing list