[Csync2] csync2 and recent gnutls
Giampaolo Tomassoni
g.tomassoni at libero.it
Tue Sep 22 10:14:03 CEST 2009
>
> ...omissis...
>
> > My idea is that most csync2 ssl users just used the default values in
> > each node OR used the same certificate in each node. This would allow
> > the server to announce the DN of its own certificate and then obtain
> > the client one, since the client certificate would have the same DN.
> >
> > Am I right?
>
> Probably ;)
Good, because this way the patch works. Not the one you got, Lars: I posted
a new one, which is actually "awaiting operator approval"...
I can send it to you off-list, if you want.
> ...omissis...
>
> > - It doesn't make sense to me because you may use ssh with csync2
> already:
> > just put a "nossl * *" line in your csync2.cfg and invoke the server
> with
> > the -i option.
>
> Well, no.
> Did you try that?
> It won't work.
This is the very first line in my csync2.cfg files:
nossl * *;
Please note it is outside of any "group". It works in disabling ssl with my
xinetd-invoked csync2 servers.
Since xinetd basically do an accept() and runs csync2 with stdin, stdout and
stderr redirected to the stream returned by accept(), invoking "csync2 -i"
from ssh should work too...
> > I personally use an IPSec-protected extranet to connect my nodes,
> keep
> > timers in sync, share services hidden to internet, and run csync2
> sessions
> > between them. SSL is for web servers.
>
> Right.
>
> > Cheers,
> >
> > Giampaolo
> >
> > PS: The attached patch IS UNFINISHED!
>
> Thanks, will have a look.
>
>
> --
> : Lars Ellenberg
> : LINBIT | Your Way to High Availability
> : DRBD/HA support and consulting http://www.linbit.com
>
> DRBDR and LINBITR are registered trademarks of LINBIT, Austria.
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
More information about the Csync2
mailing list