On Wed, 16 Apr 2014, Lindblom, Brian R. wrote:
I'm sure the rsyslog devs are aware, but librelp-1.2.5-2 in the Adiscon EPEL6 repository has certificate auth disabled for TLS since it expects gnutls_certificate_verify_function to be present which doesn't show up until gnutls 2.10.x. RHEL is gnutls 2.8. Verification is still possible pre 2.10, just not via gnutls_certificate_set_verify_function. Does this mean that I'm stuck with anonymous TLS unless I compile a new gnutls and recompile rsyslog and deps?
yes
I could have also misread the situation :) Is this intended? Would a patch to enable this for pre-gnutls 2.10.x be useful?
Yes, it would be useful. However, if you are going to enable an older version, it would probably be good to make sure that you are using a version new enough to avoid the gnutls security hole from earlier this year.
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
