From 7837bfa2a6254f2171a17cf89fc29f9d508bdb36 Mon Sep 17 00:00:00 2001 From: mpi Date: Wed, 5 Jul 2017 09:40:16 +0000 Subject: [PATCH] Some documentation improvements: - Fix TLS s/server/client/ - Use 'remote loghost' consistently, even if it's not clear to which endpoint this correspond. - Replace 'forwarding' by 'sending' to remove the ambiguity about the inserted hostname. - Do not use the word 'server' with 'socket' to avoid confusion with a TLS server. - Prefer 'senders' than 'clients' when it comes to spoofing, to reduce one usage of the word 'client. ok jmc@, bluhm@ --- usr.sbin/syslogd/syslogd.8 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8 index 3e2c15fa101..5c364060399 100644 --- a/usr.sbin/syslogd/syslogd.8 +++ b/usr.sbin/syslogd/syslogd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: syslogd.8,v 1.55 2017/04/25 17:45:50 bluhm Exp $ +.\" $OpenBSD: syslogd.8,v 1.56 2017/07/05 09:40:16 mpi Exp $ .\" .\" Copyright (c) 1983, 1986, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -30,7 +30,7 @@ .\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 .\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ .\" -.Dd $Mdocdate: April 25 2017 $ +.Dd $Mdocdate: July 5 2017 $ .Dt SYSLOGD 8 .Os .Sh NAME @@ -87,8 +87,8 @@ the default is .Pa /etc/ssl/cert.pem . .It Fl c Ar cert_file PEM encoded file containing the client certificate for TLS connections -to a remote host. -The default is not to use a client certificate for the connection +to a remote loghost. +The default is not to use a client certificate for the outgoing connection to a syslog server. This option has to be used together with .Fl k Ar key_file . @@ -103,14 +103,14 @@ Specify the pathname of an alternate configuration file; the default is .Pa /etc/syslog.conf . .It Fl h -Include the hostname when forwarding messages to a remote host. +Include the hostname when sending messages to a remote loghost. .It Fl K Ar CAfile PEM encoded file containing CA certificates used for client certificate -validation on the local server socket. -By default incoming connections from any TLS server are allowed. +validation on the local listen socket. +By default incoming connections from any TLS client are allowed. .It Fl k Ar key_file PEM encoded file containing the client private key for TLS connections -to a remote host. +to a remote loghost. This option has to be used together with .Fl c Ar cert_file . .It Fl m Ar mark_interval @@ -262,7 +262,7 @@ client's certificate may be added to .Ar CAfile using the .Fl K -option to protect from messages being spoofed by malicious clients. +option to protect from messages being spoofed by malicious senders. .Sh FILES .Bl -tag -width /var/run/syslog.pid -compact .It Pa /dev/log -- 2.20.1