even if I completely remove that line it still errors out, but that indicates
that I would need to go to at least 1.0.2 to be able to use that option.
David Lang
On Tue, 8 Oct 2019, Rainer Gerhards wrote:
Date: Tue, 8 Oct 2019 10:29:54 +0200
From: Rainer Gerhards <[email protected]>
To: David Lang <[email protected]>
Cc: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] required version of openssl
Had a quick look at code. If you uncomment
gnutlsPriorityString="SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2"
it makes rsyslog require the SSL_CONF_CTX_set_flags() API, which in
the code is guarded by
#if OPENSSL_VERSION_NUMBER >= 0x10020000L
So I guess that's the problem here.
Andre knows the details (he has written it), but he is available only
later today.
Rainer
El mar., 8 oct. 2019 a las 10:26, David Lang (<[email protected]>) escribió:
as I say, a pretty simple config
$DefaultNetstreamDriverCAFile /ews/security/rsyslog/ssl/certs/int2-ca.pem
$DefaultNetstreamDriverCertFile /etc/seceng-syslog-ng/ssl/cert.d/s.int.cer
$DefaultNetstreamDriverKeyFile /etc/seceng-syslog-ng/ssl/key.d/s.int.key
module(load="imtcp"
#StreamDriver.Name="gtls"
StreamDriver.Name="ossl"
StreamDriver.Mode="1"
StreamDriver.AuthMode="anon"
# gnutlsPriorityString="SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2"
)
input(type="imtcp"
name="a-rsyslog"
port="6515"
ruleset="a"
)
On Tue, 8 Oct 2019, Rainer Gerhards wrote:
Date: Tue, 8 Oct 2019 09:54:15 +0200
From: Rainer Gerhards <[email protected]>
To: David Lang <[email protected]>
Cc: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] required version of openssl
Can you show your config line? Maybe what you try to set is actually
what requires the newer openSSL API.
Andre, can you step in here?
Rainer
El mar., 8 oct. 2019 a las 9:51, David Lang (<[email protected]>) escribió:
hmm, it seems like a really simple config
streamdriver ossl
mode 1
authmode anon
and certs defined by the obsolete $foo parameters
I tried setting the cipher, but wasn't able to get it working.
is there an example of a working ossl config that someone can post?
David Lang
On Tue, 8 Oct 2019, Rainer Gerhards wrote:
Date: Tue, 8 Oct 2019 08:09:12 +0200
From: Rainer Gerhards <[email protected]>
To: rsyslog-users <[email protected]>
Cc: David Lang <[email protected]>
Subject: Re: [rsyslog] required version of openssl
This is fixed in 8.1910. the error message was actually a bug, it should
only apoear if you use an unsupported and uncommon config parameter.
Easier
Sent from phone, thus brief.
David Lang via rsyslog <[email protected]> schrieb am Mo., 7. Okt.
2019, 20:58:
when starting rsyslog 8.1908 on centos 6.10 it generates an error that the
openssl api is too old
what version of openssl is required? can the error message be modified to
say
that version rather than just 'too old'? (and can the rpm packaging list
the
version as a requirement?)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
