While fighting with mutual authentication and certificate problems I
found that chained certificates are supported from a certain rsyslog
release but unfortunately only after upgrading past that release (to
8.2010 at this moment to be precise) I also found that support for
chained certs needs decently recent openssl version.
And that's where it's getting tricky. My setup runs on CentOS7. And
CentOS ships with openssl-1.0.2 by default. I did install openssl11
package from EPEL repository but it installs another version side-by-side.
So when I run rsyslogd, it loads the default openssl 1.0.2 library.
Is there any reasonable way to force rsyslogd to load a particular
version of the openssl library and use it for the omrelp module?
tls.tlslib parameter doesn't give me a possibility to choose a
particular version. It just wants "openssl".
Are there any other methods?
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
found that chained certificates are supported from a certain rsyslog
release but unfortunately only after upgrading past that release (to
8.2010 at this moment to be precise) I also found that support for
chained certs needs decently recent openssl version.
And that's where it's getting tricky. My setup runs on CentOS7. And
CentOS ships with openssl-1.0.2 by default. I did install openssl11
package from EPEL repository but it installs another version side-by-side.
So when I run rsyslogd, it loads the default openssl 1.0.2 library.
Is there any reasonable way to force rsyslogd to load a particular
version of the openssl library and use it for the omrelp module?
tls.tlslib parameter doesn't give me a possibility to choose a
particular version. It just wants "openssl".
Are there any other methods?
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.