Or, publish the basic requirements for RELP+TLS as - requires GnuTLS 2.9 or later and relp-1.2.4. That automatically rules out CentOS/RHEL.
That said, I suspect a large customer base uses CentOS/RHEL and isn't willing or does not know how to hand-roll GnuTLS RPM. Keep in mind that by asking people to hand-roll stuff, you could be inviting more trouble because future GnuTLS dependent stuff could break when the userbase has varying levels of GnuTLS. My vote is to detect the GnuTLS version and if it is <2.9 then disable certificate validation code and if >2.9 then enable all TLS features for RELP. Also, if <2.9 and TLS code is activated, print in caps in the output log warning the user of lack of cert validation and hence lack of non-repudiation of log stream. On Tue, Mar 18, 2014 at 10:53 AM, Rainer Gerhards <[email protected]> wrote: > On Tue, Mar 18, 2014 at 6:12 PM, David Lang <[email protected]> wrote: > >> On Tue, 18 Mar 2014, Radu Gheorghe wrote: >> >> Hi, >>> >>> You're trying to use RELP+TLS? That's deactivated in the packages. I think >>> you'll have to compile librelp yourself against a new GnuTLS (2.9+, >>> AFAIK). >>> >>> Anyone, please correct me if I'm wrong. I'd like to know if I'm wrong :) >>> >> >> As I understand it, it's deactivated depending on the version of gnutls >> that it finds on the system. If you have a new one it will work. But RHEL 6 >> has an old enough one that it doesn't. >> > > yeah, that's it. The OS platform does not provide the necessary plumbing, > so we can't do that. Maybe I should phrase the error message even more > bluntly. > > Rainer > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
