mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

log_server_peer_cert and log_server_peer_key are not required by default.

Browse Source 
They are only required if sudo_logsrvd has tls_checkpeer enabled.
This commit is contained in:
Todd C. Miller 2021-08-19 09:15:12 -06:00
parent e17003b35c
commit 1c52c24a93
2 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/sudoers.man.in
View File

@ -4160,9 +4160,14 @@ log_server_peer_cert
The path to the
\fBsudo\fR
client's certificate file, in PEM format.
This setting is required when
\fIlog_servers\fR
is set and the remote log server is secured with TLS.
This setting is required when the remote log server is secured
with TLS and client certificate validation is enabled.
For
\fBsudo_logsrvd\fR,
client certificate validation is controlled by the
\fItls_checkpeer\fR
option, which defaults to
\fIfalse\fR.
.sp
This setting is only supported by version 1.9.0 or higher.
.TP 18n
@ -4170,9 +4175,14 @@ log_server_peer_key
The path to the
\fBsudo\fR
client's private key file, in PEM format.
This setting is required when
\fIlog_servers\fR
is set and the remote log server is secured with TLS.
This setting is required when the remote log server is secured
with TLS and client certificate validation is enabled.
For
\fBsudo_logsrvd\fR,
client certificate validation is controlled by the
\fItls_checkpeer\fR
option, which defaults to
\fIfalse\fR.
.sp
This setting is only supported by version 1.9.0 or higher.
.TP 18n

22
doc/sudoers.mdoc.in
View File

@ -3914,18 +3914,28 @@ This setting is only supported by version 1.9.0 or higher.
The path to the
.Nm sudo
client's certificate file, in PEM format.
This setting is required when
.Em log_servers
is set and the remote log server is secured with TLS.
This setting is required when the remote log server is secured
with TLS and client certificate validation is enabled.
For
.Nm sudo_logsrvd ,
client certificate validation is controlled by the
.Em tls_checkpeer
option, which defaults to
.Em false .
.Pp
This setting is only supported by version 1.9.0 or higher.
.It log_server_peer_key
The path to the
.Nm sudo
client's private key file, in PEM format.
This setting is required when
.Em log_servers
is set and the remote log server is secured with TLS.
This setting is required when the remote log server is secured
with TLS and client certificate validation is enabled.
For
.Nm sudo_logsrvd ,
client certificate validation is controlled by the
.Em tls_checkpeer
option, which defaults to
.Em false .
.Pp
This setting is only supported by version 1.9.0 or higher.
.It mailsub