rsync & SSL 'for real'
count-linux at flatline.de
Tue Apr 17 10:52:57 GMT 2007
I've been using rsync with stunnel with success for a while now, but I'm
not necessarily satisfied with it, i.e. having an extra layer externally
and all, no authentication against SSL-subjects ..
I had a look at the patch included with the source, and it doesn't quite
address everything related to SSL, i.e. forcing SSL, verify options etc.
are all missing - besides, it's not included in the main source for some
I'd be willing to put up the effort to add full (or at least better) SSL
support direclty to rsync if the maintainers would agree with it, and
would seriously consider including it in the main source in the long
My approach would:
- stay backwards-compatible with the existing patch (starttls)
- support SSL-only ports (a port number would have to be allocated)
- support checking the certificate chain (revocation lists would have to
be maintained externally, thou)
- support enforcing the use of SSL (globally as well as for certain
- support authentication against x509-subjects instead of usernames
- configuration via existing methods (commandline, config-file)
- support for hardware-aided crypto/randomness via OpenSSL engines
- enough inline documentation to allow for maintenance by the main team
Please let me know wether there would be interest by the community as
well as support by the maintainers by the end of the month.
"God is a comedian playing to an audience too afraid to laugh." -- H.L.Mencken
More information about the rsync