On Sun, Feb 07, 2021 at 05:35:41PM +0100, Remi Locherer wrote:
> Hi
>
> This updates librelp to version 1.9.0. The changelog can be found here:
> https://github.com/rsyslog/librelp/blob/master/ChangeLog
>
> Many changes are related to TLS and openssl. I had to add a patch to make
> it compile with libressl.
>
> Running the tests shows that librelp does not work with libressl. Most TLS
> tests run twice: once with gnutls and once with openssl. The runs with
> openssl fail.
I haven't investigated it fully, but I believe this is mostly due to
their ca.pem (and perhaps others) containing
X509v3 Subject Alternative Name:
DNS:rsyslog ca
which is quite obviously bogus (it should be a valid DNS name). If I
hack up the verifier to accept this, all but 3 tests pass. I will look
at these other failures soon.
