diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
index 971e11be0..dadc7f5b2 100644
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -363,6 +363,20 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
 		    TIME_T_MAX, NULL);
 		continue;
 	    }
+#if defined(HAVE_OPENSSL)
+	    if (strncmp(*cur, "log_server_cabundle=", sizeof("log_server_cabundle=") - 1) == 0) {
+            details->ca_bundle = *cur + sizeof("log_server_cabundle=") - 1;
+            continue;
+        }
+	    if (strncmp(*cur, "log_server_peer_cert=", sizeof("log_server_peer_cert=") - 1) == 0) {
+            details->cert_file = *cur + sizeof("log_server_peer_cert=") - 1;
+            continue;
+        }
+	    if (strncmp(*cur, "log_server_peer_key=", sizeof("log_server_peer_key=") - 1) == 0) {
+            details->key_file = *cur + sizeof("log_server_peer_key=") - 1;
+            continue;
+        }
+#endif /* HAVE_OPENSSL */
 	    break;
 	case 'm':
 	    if (strncmp(*cur, "maxseq=", sizeof("maxseq=") - 1) == 0) {
@@ -583,7 +597,6 @@ sudoers_io_open_remote(void)
 	ret = -1;
 	goto done;
     }
-
     if (!client_closure_fill(&client_closure, sock, &iolog_details, &sudoers_io)) {
 	close(sock);
 	ret = -1;
diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c
index 358a9804c..1c4e70734 100644
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -734,6 +734,20 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask,
 	if (asprintf(&command_info[info_len++], "log_server_timeout=%u", def_log_server_timeout) == -1)
 	    goto oom;
     }
+
+    if (def_log_server_cabundle != NULL) {
+        if ((command_info[info_len++] = sudo_new_key_val("log_server_cabundle", def_log_server_cabundle)) == NULL)
+            goto oom;
+    }
+    if (def_log_server_peer_cert != NULL) {
+        if ((command_info[info_len++] = sudo_new_key_val("log_server_peer_cert", def_log_server_peer_cert)) == NULL)
+            goto oom;
+    }
+    if (def_log_server_peer_key != NULL) {
+        if ((command_info[info_len++] = sudo_new_key_val("log_server_peer_key", def_log_server_peer_key)) == NULL)
+            goto oom;
+    }
+
     if (def_command_timeout > 0 || user_timeout > 0) {
 	int timeout = user_timeout;
 	if (timeout == 0 || def_command_timeout < timeout)