> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Carlos Fdez > Sent: Friday, April 12, 2013 11:41 AM > To: rsyslog-users > Subject: Re: [rsyslog] Fwd: Receiving logs via TCP/TLS and forwarding to > another rsyslog via TCP/TLS > > Hi, > > I've just found the problem! :D > > I was generating all certificates with XCA, an openssl GUI, and this software > adds two special OIDs to the certificate: > > Unknown extension 2.16.840.1.113730.1.1 (not critical): > ASCII: ...@ > Hexdump: 03020640 Unknown extension > 2.16.840.1.113730.1.13 > (not critical): > ASCII: ..xca certificate > Hexdump: 160f786361206365727469666963617465 > (certtool output, openssl does NOT output them) > > If I remove this 'comment' (Netscape tab, comment field) from the tool and > regenerate the certificate, it works flawlessly. Maybe it's a bug with gnutls, > because this certificates with Apache, AD or OpenVPN work w/o problems... > As I said - GnuTLS is extremly picky about the certs...
Rainer > Hoping this helps somebody! > > > > > > Saludos, > > Carlos Fernández Manteiga <[email protected]> > > > On Thu, Apr 11, 2013 at 9:55 AM, Carlos Fdez <[email protected]> wrote: > > > Thanks Rainer, but I don't think that's the problem. If I setup the > > same config without reception, local messages get sent, with reception > > even local messages are not sent. > > > > I verified the certs with certtool and openssl, and are OK :-( > > > > Is the config valid por receiving and sending simultaneosly? > > > > Thanks! > > > > Saludos, > > > > Carlos Fernández Manteiga <[email protected]> > > > > > > On Thu, Apr 11, 2013 at 9:45 AM, Rainer Gerhards > > <[email protected] > > > wrote: > > > >> > >> > >> > -----Original Message----- > >> > From: [email protected] [mailto:rsyslog- > >> > [email protected]] On Behalf Of Carlos Fdez > >> > Sent: Thursday, April 11, 2013 9:44 AM > >> > To: [email protected] > >> > Subject: [rsyslog] Fwd: Receiving logs via TCP/TLS and forwarding > >> > to > >> another > >> > rsyslog via TCP/TLS > >> > > >> > Hi, > >> > > >> > I'm trying to forward secure logs from a server that also receives, > >> > but > >> thats > >> > the debug I get: > >> > > >> > 1348.976447385:7f4f3acbd700: unexpected GnuTLS error -207 in > >> > nsd_gtls.c:202: Base64 unexpected header error. > >> This usually means there is some problem with your certificate files. > >> Unfortunately, GnuTLS is not more specific in its error messages. > >> > >> Rainer > >> > 1348.976470887:7f4f3acbd700: TCPSendInit FAILED with -2078. > >> > 1348.976497727:7f4f3acbd700: file netstrms.c released module > >> 'lmnsd_gtls', > >> > reference count now 0 > >> > 1348.976501630:7f4f3acbd700: module 'lmnsd_gtls' has zero reference > >> count, > >> > unloading... > >> > 1348.976504192:7f4f3acbd700: Unloading module lmnsd_gtls > >> > > >> > This is the client/server config: > >> > > >> > ######################################## > >> > > >> > $ModLoad imuxsock > >> > $ModLoad imklog > >> > $ModLoad immark > >> > $ModLoad imtcp > >> > $ModLoad imudp > >> > > >> > #### GLOBAL DIRECTIVES #### > >> > > >> > # Conexion por tls > >> > $DefaultNetstreamDriverCAFile /etc/pki/CA/certs/rootCA.crt > >> > $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/cert.pem > >> > $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/cert.pem > >> > $DefaultNetstreamDriver gtls $ActionSendStreamDriverMode 1 > >> > $ActionSendStreamDriverAuthMode x509/name > >> > $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode > >> > $InputTCPServerStreamDriverAuthMode anon # client is NOT > >> > authenticated $InputTCPServerRun 64785 # start up listener at port > >> > 64785 > >> > > >> > > >> > * /logs/log > >> > > >> > # Seguro TLS > >> > $WorkDirectory /logs/spool > >> > $ActionQueueFileName Secure > >> > $ActionQueueMaxDiskSpace 1g > >> > $ActionQueueSaveOnShutdown on > >> > $ActionQueueType LinkedList > >> > $ActionResumeRetryCount -1 > >> > authpriv.*;auth.*;local5.* @@(o)server.domain.tld:10514 > >> > > >> > ########################################## > >> > > >> > And this is the server config (server.domain.tld): > >> > > >> > ########################################## > >> > > >> > #### MODULES #### > >> > > >> > $ModLoad imuxsock > >> > $ModLoad imklog > >> > $ModLoad immark > >> > $ModLoad imtcp > >> > $ModLoad imudp > >> > > >> > #### GLOBAL DIRECTIVES #### > >> > > >> > # Conexion por tls/tcp > >> > $DefaultNetstreamDriverCAFile /etc/pki/CA/certs/rootCA.crt > >> > $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/cert.pem > >> > $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/cert.pem > >> > $DefaultNetstreamDriver gtls $InputTCPServerStreamDriverMode 1 # > >> > run driver in TLS-only mode $InputTCPServerStreamDriverAuthMode > >> > anon # client is NOT authenticated $InputTCPServerRun 10514 # start > >> > up > >> listener at > >> > port 10514 > >> > > >> > * /logs/log > >> > $IncludeConfig /etc/rsyslog.d/*.conf > >> > > >> > ########################################## > >> > > >> > If I remove the client/server certificate, leaving only the CA, the > >> forwarding > >> > of local messages works, with the certificate the cleint/server > >> receives, but > >> > do not send. > >> > > >> > Anybody knows about it? > >> > > >> > Thank you very much! > >> > > >> > > >> > Regards, > >> > > >> > Carlos Fernández Manteiga <[email protected]> > >> > _______________________________________________ > >> > rsyslog mailing list > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: > >> > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > >> > sites > >> beyond > >> > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE > THAT. > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you DON'T LIKE THAT. > >> > > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
