Extract SNI on incoming connections
Hi, I would like to run a syslog-ng server that accepts TLS connections. I want to identify clients based on the server name they use to connect and do specific processing for each client. I see the following macros being available to be used in filter, but I don't see .TLS.SN (or something like that to indicate server name used by client to connect) .TLS.X509 *Description:* When using a transport that uses TLS, these macros contain information about the peer's certificate. That way, you can use information from the client certificate in filenames, database values, or as other metadata. If you clients have their own certificates, then these values are unique per client, but unchangeable by the client. The following macros are available in syslog-ng OSE version 3.9 and later. - .TLS.X509_CN: The Common Name of the certificate. - .TLS.X509_O: The value of the Organization field. - .TLS.X509_OU: The value of the Organization Unit field. Thanks Raghu
Hi Raghu, The server name indication extension can be set on the destination side with the sni(yes) option, but unfortunately, this field is currently not published as a macro on the server side, so it can not be used in the configuration. Adding such a name-value pair in addition to .tls.x509_cn, x509_o, and x509_ou would be a good idea in my opinion. -- László Várady
Thanks Laszlo. Can you please suggest when I may get this option and which version? Thanks Raghu On Thu, May 21, 2020 at 5:35 PM László Várady (lvarady) < Laszlo.Varady@oneidentity.com> wrote:
Hi Raghu,
The server name indication extension can be set on the destination side with the sni(yes) option, but unfortunately, this field is currently not published as a macro on the server side, so it can not be used in the configuration. Adding such a name-value pair in addition to .tls.x509_cn, x509_o, and x509_ou would be a good idea in my opinion.
-- László Várady
participants (2)
-
László Várady (lvarady)
-
Raghunath Adhyapak