On Wed, 24 Feb 2016, [email protected] wrote:
Hello,
Does rsyslog, via GnuTLS, supports OCSP for secure remote logging ?
If I'm finding the righ OCSP in my google search, it's a way of checking certs
for validity.
Rsyslog doesn't directly implement anything around this, if GnuTLS does this by
default then it's there.
OCSP seems to be a way of checking for public certs being revoked, the rsyslog
use case is where all the endpoints belong to the same entity and the specific
certs to use are specified in the configs. As such, the need to check if the
cert you are being provided has been revoked or not is not really an issue. If
you revoke a cert, you remove it from your list of valid connections, so the
issue doesn't come up :-)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
