On Fri, Sep 8, 2017 at 11:55 AM, Pascal Withopf <[email protected]> wrote: > Hi everyone, > > when using GnuTLS in Rsyslog and the key file is empty then the following > error occurs from function gnutls_certificate_set_x509_key_file(). > > 2017-09-07T16:07:43.981768+02:00 localhost rsyslogd[28575]: unexpected > GnuTLS error -302 in nsd_gtls.c:577: Error in parsing. [v8.30.0.master try > http://www.rsyslog.com/e/2078 ] > 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error adding our > certificate. GnuTLS error -302, message: 'Error in parsing.', key: > '/home/usr/proj/certs/machine-key.pem', cert: > '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try > http://www.rsyslog.com/e/2078 ] > > Only after using the functions gnutls_global_set_log_function() and > gnutls_global_set_log_level() you can find more detailed output. > > 8676.147805605:main thread : nsd_gtls.c: GnuTLS log msg, level 9: Could > not find '-----BEGIN RSA PRIVATE KEY' > 8676.147809763:main thread : nsd_gtls.c: GnuTLS log msg, level 9: Could > not find '-----BEGIN DSA PRIVATE KEY' > 8676.147813879:main thread : nsd_gtls.c: GnuTLS log msg, level 9: Could > not find '-----BEGIN EC PRIVATE KEY' > > My question: Is there a way to get a more detailed output like this without > having to look at the whole debug output.> > My goal is to give more specific information when the error occurs, so > Rsyslog users will know what is wrong without having to dig deeper > themselfs.
I am not sure if I understand the request, but isn't the quoted text sufficient? > 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error adding our > certificate. GnuTLS error -302, message: 'Error in parsing.', key: > '/home/usr/proj/certs/machine-key.pem', cert: > '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try > http://www.rsyslog.com/e/2078 ] You can run any application using GNUTLS_DEBUG_LEVEL=4 (or higher) to get more debugging information, but I'd expect end-user applications like rsyslog to provide a proper error message, such as error in parsing certificate or key. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
