Re: [rsyslog] required version of openssl

Tue, 08 Oct 2019 10:08:39 -0700 

On Tue, 8 Oct 2019, Rainer Gerhards wrote:


El mar., 8 oct. 2019 a las 13:08, David Lang (<[email protected]>) escribió:


centos 6 has 1.0.1e (with lots of backports)

if I don't try to configure ciphers, is there a config that will work? or is the
anon auth mode part of what requires this API? (or something like that)


David, I guess you missed an important part in my initial response:
8.1908 has a BUG that emits this error message in all cases, even if
the API is not used. This was fixed in 8.1910. As a work-around, the
error message can simply be ignored.


Thanks, I did misunderstand this.

David Lang


Fix PR: https://github.com/rsyslog/rsyslog/pull/3851

Andre: please correct me if I am wrong in this case.

Rainer


David Lang

On Tue, 8 Oct 2019, Andre Lorbach wrote:


Date: Tue, 8 Oct 2019 12:53:04 +0200
From: Andre Lorbach <[email protected]>
To: rsyslog-users <[email protected]>, David Lang <[email protected]>
Cc: Rainer Gerhards <[email protected]>
Subject: RE: [rsyslog] required version of openssl

We need to use SSL_CONF_cmd API to set  custom ciphers and other options.
This API was added in OpenSSL 1.0.2, see the API documentation:
https://www.openssl.org/docs/man1.0.2/man3/SSL_CONF_cmd.html

CentOS 6 is probably using old OpenSSL 0.9.8 which does not support that
API.

Our testbench is skipping those tests when such an old OpenSSL Version is
being found.

Best regards,
Andre Lorbach



-----Original Message-----
From: rsyslog [mailto:[email protected]] On Behalf Of
Rainer Gerhards via rsyslog
Sent: Tuesday, October 8, 2019 10:03 AM
To: David Lang <[email protected]>
Cc: Rainer Gerhards <[email protected]>; rsyslog-users
<[email protected]>
Subject: Re: [rsyslog] required version of openssl

side note: testbench has smaples, e.g.
https://github.com/rsyslog/rsyslog/blob/master/tests/imtcp-tls-ossl-error-
cert.sh

If you go to the tests dir, all tests with "ossl" in them use the openssl
TLS
driver.

HTH
Rainer

El mar., 8 oct. 2019 a las 9:54, Rainer Gerhards
(<[email protected]>) escribió:


Can you show your config line? Maybe what you try to set is actually
what requires the newer openSSL API.

Andre, can you step in here?

Rainer






_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.





















					Reply via email to