At the moment rsyslog is giving the quoted text as error, but it is not sufficient. I made the experience, that users want to know more in detail what went wrong.
The error is generic because it only tells you that something went wrong in parsing. But I would like to add the information What went wrong. So my question is, if there is a way to get more information on the specific error, like "Could not find '-----BEGIN EC PRIVATE KEY" without having to look at the whole debugging output. Best Regards Pascal 2017-09-08 14:54 GMT+02:00 Nikos Mavrogiannopoulos <[email protected]>: > On Fri, Sep 8, 2017 at 11:55 AM, Pascal Withopf <[email protected]> > wrote: > > Hi everyone, > > > > when using GnuTLS in Rsyslog and the key file is empty then the following > > error occurs from function gnutls_certificate_set_x509_key_file(). > > > > 2017-09-07T16:07:43.981768+02:00 localhost rsyslogd[28575]: unexpected > > GnuTLS error -302 in nsd_gtls.c:577: Error in parsing. [v8.30.0.master > try > > http://www.rsyslog.com/e/2078 ] > > 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error > adding our > > certificate. GnuTLS error -302, message: 'Error in parsing.', key: > > '/home/usr/proj/certs/machine-key.pem', cert: > > '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try > > http://www.rsyslog.com/e/2078 ] > > > > Only after using the functions gnutls_global_set_log_function() and > > gnutls_global_set_log_level() you can find more detailed output. > > > > 8676.147805605:main thread : nsd_gtls.c: GnuTLS log msg, level 9: > Could > > not find '-----BEGIN RSA PRIVATE KEY' > > 8676.147809763:main thread : nsd_gtls.c: GnuTLS log msg, level 9: > Could > > not find '-----BEGIN DSA PRIVATE KEY' > > 8676.147813879:main thread : nsd_gtls.c: GnuTLS log msg, level 9: > Could > > not find '-----BEGIN EC PRIVATE KEY' > > > > My question: Is there a way to get a more detailed output like this > without > > having to look at the whole debug output.> > > My goal is to give more specific information when the error occurs, so > > Rsyslog users will know what is wrong without having to dig deeper > > themselfs. > > I am not sure if I understand the request, but isn't the quoted text > sufficient? > > 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error > adding our > > certificate. GnuTLS error -302, message: 'Error in parsing.', key: > > '/home/usr/proj/certs/machine-key.pem', cert: > > '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try > > http://www.rsyslog.com/e/2078 ] > > You can run any application using GNUTLS_DEBUG_LEVEL=4 (or higher) to > get more debugging information, but I'd expect end-user applications > like rsyslog to provide a proper error message, such as error in > parsing certificate or key. > > regards, > Nikos >
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
