El vie., 8 mar. 2019 a las 12:28, Aksel Cevdet Devrimci (<
[email protected]>) escribió:

> Hey
>
Seems that openssl just solved the problem.
>

yeah .. that's part of why we implemented openssl. GnuTLS is very picky at
many things and emits very generic error messages... ;-)

Rainer

> Thank you for the tip 😊
>
>
> Aksel D.
>
> BDO CERT
> ------------------------------
> *Fra:* Rainer Gerhards <[email protected]>
> *Sendt:* fredag 8. mars 2019 10.16.48
> *Til:* rsyslog-users
> *Kopi:* Aksel Cevdet Devrimci
> *Emne:* Re: [rsyslog] Peer name error with imrelp
>
> maybe updated gnutls lib...
>
> let's try openssl, it generally has better error message.
>
> change
>
> module(load="imrelp")
>
> to
>
> module(load="imrelp" tls.tlslib="openssl")
>
> Let's see if that provides a better error message (or even works!).
>
> Rainer
>
> El jue., 7 mar. 2019 a las 21:42, Aksel Cevdet Devrimci via rsyslog
> (<[email protected]>) escribió:
> >
> > Hello
> >
> > After we upgraded our rsyslog server to ubuntu 16.04(from 14.04) our
> clients(still ubuntu 14.04) can no longer send over logs using relp.
> > Relp with no TLS works fine, but if we turn on TLS we get the following
> error message on the server: "rsyslogd: imrelp[20514]: authentication error
> 'certificate validation failed', peer is '' [v8.1903.0 try
> https://www.rsyslog.com/e/2353 ]"
> > After taking a packet capture on the server and manually dumping the
> client certificate, it looks fine(openssl can read it). We use subject
> common name and not subjectAltName.
> > Both clients and server use the latest rsyslog version from
> ppa(8.1903.0).
> >
> > Our server config:
> > input(
> >     name="imrelpInput"
> >     type="imrelp"
> >     port="20514"
> >     ruleset="XXXXXX"
> >     tls="on"
> >     tls.cacert="/etc/ssl/certs/ca-chain-cert.pem"
> >     tls.mycert="/etc/ssl/certs/server.cert.pem"
> >     tls.myprivkey="/etc/ssl/private/server.cert.key"
> >     tls.permittedPeer=["*.clients.DOMAIN"]
> >     tls.authMode="name"
> >     tls.compression="off"
> >     keepalive="on"
> >     MaxDatasize="512K"
> > )
> >
> > Not sure what else to try or look for, our current workaround is to turn
> off tls.
> > Help or advice would be much appreciated.
> >
> > Aksel D.
> >
> > BDO CERT
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to