[Csync2] Feature/change suggestions
Clifford Wolf
clifford at clifford.at
Sat Feb 16 18:20:37 CET 2008
Hi,
On Sat, Feb 16, 2008 at 04:05:00PM +0100, Wolfram Schlich wrote:
> now that csync2 maintainership has been handed over to Lars,
> I have a few feature and change suggestions:
>
> 1. Make the paths to csync2_ssl_cert.pem and csync2_ssl_key.pem
> configurable from within csync2.cfg
chicken-egg problem: the config name is passed in the connection and then
the config name is used to determine which configuration to use. at this
time the ssl layer must be established already..
> 2. Support binding to a specific local address for outgoing
> connections (useful for a machine with multiple "service"
> addresses of a single subnet)
>
> 3. Support POSIX ACLs and extended attributes (like rsync -AX)
>
> 4. Support peer certificate verification by checking the certificate
> trust chain (against given CAs and CRLs) and comparing the
> certificate CommonName with the peer hostname/FQDN, thus
> making it possible to use a *real* PKI infrastructure instead
> of just caching certificates and comparing checksums on subsequent
> runs.
yep. that features would be cool..
yours,
- clifford
--
Caffeine for mind, pizza for body, sushi for soul.
More information about the Csync2
mailing list