On Tue, Apr 15, 2014 at 09:25:39AM -0600, Kevin Fenzi wrote: > To be clear here, all this is implemented in the two daemons right? > > When you say it uses https, thats natively done in the daemons, they > don't need apache or some other https implementor in the way? Yes, it's implemented in two daemons, using libmicrohttpd (for receiving) and libcurl (for sending). > Which ssl stack does this use? nss? openssl? gnutls? something else? libmicrohttpd is linked with gnutls, and libcurl is linked with nss. It's a bit unfortunate, but hard to work around. OTOH, it is likely that only one of those daemons would be running on a given machine, so the fact that they use different cryptostacks might not be that important. The two daemons can be fairly well locked down, since they don't need any prileges apart from access to the journal files. So they'll run as separate users, the receiver with PrivateNetwork=yes. I also plan to add some seccomp filters later on. Zbyszek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
