On 21/01/2021 06:54, Yuri Bushmelev wrote:
Hello!
LD_PRELOAD can help you I guess.. though it'll be rsyslog-wide (not
just omrelp). As long as ABI & API are the same it might work for you.
Though I'd recommend to spin newer rsyslog with proper openssl lib in
a container (docker/podman/systemd-nspawn). Then you may use your
distro-bundled rsyslog just to forward messages required into your
containerized rsyslog which will do complex things instead.
Bah. I didn't notice it yesterday but it seems that relp modules are
linked to 1.0 versions of openssl libraries in Centos7 so LD_PRELOAD
won't work since the libs are different versions I suppose (and as far
as I know, they do have incompatible API/ABI. It's just that I thought
the TLS lib is explicitly dlopened somwehere later within rslyslogd but
it seems that it's just linked against one ssl version at build time.
I'm not a big fan of the idea containerizing the rsyslog since it forces
me to rebuild it anyway so I might just build my own rpms with openssl11
as well. But I still wanted to avoid that.
Ehhhh. CentOS7.
It seems I'll have to do some workaround to the chained certs problem
(like redirecting inputs to two different CAs based on source IP using
iptables - ugly as hell). Will have to do for now.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
