On Sat, Jan 24, 2015 at 20:40, Alexander Bluhm wrote: > On Thu, Jan 22, 2015 at 12:54:46AM +0100, Alexander Bluhm wrote: >> With this diff, syslogd verifies the x509 certificate of the TLS >> server before sending any messages to it. >> >> Note that you also need Reyk's extensions to libtls and libssl to >> use the CA file with privsep. So I will not commit before Reyk. > > Reyk has commited the libtls privsep support. Any oks?
>> + case 'C': /* file containing CA certificates */ >> + CAfile = optarg; >> + break; >> + case 'V': /* do not verify certificates */ >> + NoVerify = 1; >> + break; I think it would be better to do as ftp(1) does and have one command line option that sets all the options, instead of exploding getopt() with every possibility.
