[systemd-devel] SSL for gatewayd

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Wed Jan 16 12:57:49 PST 2013


On Wed, Jan 16, 2013 at 09:18:22PM +0100, Holger Winkelmann wrote:
> Thanks for the feedback. In our design we also think about some remote journal
> logging but want to transport the messages via some form of message protocol.
> 
> On the final receiving host we could present the logs via http(s) 
Thank you for your feedback too :).

I was thinking of adding UDP or RDS as a transport, with DTLS on top.

Zbyszek

> On Jan 16, 2013, at 9:07 PM, Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl> wrote:
> 
> > On Wed, Jan 16, 2013 at 07:11:31PM +0100, Holger Winkelmann wrote:
> >> Holger Winkelmann
> >> Travelping GmbH
> >> +49-171-5594745
> >> 
> >> ### Sent from a mobile device. Sorry for brevity and typos... ###
> >> 
> >> On 16.01.2013, at 18:54, Reindl Harald <h.reindl at thelounge.net> wrote:
> >> 
> >>> 
> >>> 
> >>> Am 16.01.2013 18:12, schrieb Lennart Poettering:
> >>>> Sounds good!
> >>>> 
> >>>> gntils is a pretty awful library, but the others aren't better, and it
> >>>> appears to be the right choice here.
> >>> 
> >>> search for "openvas gnutls" and "openvas libmicrohttpd"
> >>> and you become an overview of the quality of both libraries
> >> Er had Some relative Good Results with PolarSSL and lately the fork tropicSSL
> >> 
> >> I was Not following the full discussion here, any reasons against
> >> classic openSSL apart from size of the library
> > Hi,
> > well, we already use libmicrohttpd, and libmicrohttpd is already linked
> > against gnutls (in Fedora and Debian at least). So if one is using
> > libmicrohttpd, than it seems reasonable to stick to gnutls.
> > 
> > OTOH, libmicrohttpd is quite awful. I have been having a lot of
> > trouble integrating libmicrohttp in my own epoll loop. I would
> > be happy to replace it with something different.
> > 
> > Zbyszek


More information about the systemd-devel mailing list