Hi.
I had a quick troubleshooting session yesterday and it seemed that
TLS.PermitedPeer was case sensitive. It might have been something else
as I was doing a fairly chaotic debugging across a relatively large
installation and it might have been that something else helped but I
think that when I had uppercase hostname listed in TLS.PermittedPeer i
was getting rejections for not allowed certificate and when I swiched to
lowercase it started working.
The system is SuSE 15.4, rsyslog version is 8.2302.0-3.1 (from Rainer's
OpenSUSE build repo).
As with SuSE, the TLS driver is gtls and we're of course talking
TLS.Authmode="name".
The old cert was issued for uppercase hostname so the configuration
reflected that but when we reissued the certificate due to old one's
expiration it stopped working. It coincided with other - relatively big
- changes in infrastructure so I don't have a clear confirmation that
this was indeed the case but I have a suspicion and therefore I'm asking
if it's possible that the name match is done case-sensitively.
Best regards,
MK
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I had a quick troubleshooting session yesterday and it seemed that
TLS.PermitedPeer was case sensitive. It might have been something else
as I was doing a fairly chaotic debugging across a relatively large
installation and it might have been that something else helped but I
think that when I had uppercase hostname listed in TLS.PermittedPeer i
was getting rejections for not allowed certificate and when I swiched to
lowercase it started working.
The system is SuSE 15.4, rsyslog version is 8.2302.0-3.1 (from Rainer's
OpenSUSE build repo).
As with SuSE, the TLS driver is gtls and we're of course talking
TLS.Authmode="name".
The old cert was issued for uppercase hostname so the configuration
reflected that but when we reissued the certificate due to old one's
expiration it stopped working. It coincided with other - relatively big
- changes in infrastructure so I don't have a clear confirmation that
this was indeed the case but I have a suspicion and therefore I'm asking
if it's possible that the name match is done case-sensitively.
Best regards,
MK
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.