Dear All, I've been using rsync with stunnel with success for a while now, but I'm not necessarily satisfied with it, i.e. having an extra layer externally and all, no authentication against SSL-subjects ..
I had a look at the patch included with the source, and it doesn't quite address everything related to SSL, i.e. forcing SSL, verify options etc. are all missing - besides, it's not included in the main source for some reason. I'd be willing to put up the effort to add full (or at least better) SSL support direclty to rsync if the maintainers would agree with it, and would seriously consider including it in the main source in the long run. My approach would: - stay backwards-compatible with the existing patch (starttls) - support SSL-only ports (a port number would have to be allocated) - support checking the certificate chain (revocation lists would have to be maintained externally, thou) - support enforcing the use of SSL (globally as well as for certain hosts) - support authentication against x509-subjects instead of usernames - configuration via existing methods (commandline, config-file) - support for hardware-aided crypto/randomness via OpenSSL engines - enough inline documentation to allow for maintenance by the main team Anything else? Please let me know wether there would be interest by the community as well as support by the maintainers by the end of the month. Thanks, Andreas -- "God is a comedian playing to an audience too afraid to laugh." -- H.L.Mencken -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
