Hi, forgot to say I masked real SHA1 for lala in attached files. Xavi
On 3 June 2016 at 14:15, Xavier Fustero <[email protected]> wrote: > Hi, > > I am trying to setup a rsyslog server and client using relp and TLS. I am > using auth mode fingerprint and using sha1 for peer permit. If I am not > using TLS, relp works correctly. However, if I activate TLS I am getting > the error below > > Jun 3 11:40:22 rsyslog93 rsyslogd-2353: imrelp[20514]: error 'TLS >> handshake failed [gnutls error -24: Decryption has failed.]', object 'lstn >> 20514: conn to clt 192.168.0.185/192.168.0.185' - input may not work as >> intended [v8.18.0 try http://www.rsyslog.com/e/2353 ] >> Jun 3 11:40:22 rsyslog93 rsyslogd-2353: imrelp[20514]: error 'TLS record >> write failed [gnutls error -10: The specified session has been invalidated >> for some reason.]', object 'lstn 20514: conn to clt >> 192.168.0.185/192.168.0.185' - input may not work as intended [v8.18.0 >> try http://www.rsyslog.com/e/2353 ] >> > > I have reviewed all docs, launched rsyslog in debug mode but to me it > smells a bug more than a configuration problem. I have attached snipped > code from my client/server configuration related to TLS and a debug file > from the rsyslog running on client and server. > > I am running both rsyslog in a Ubuntu 14.04.3 LTS trusty. I also installed > the listed packages from Adiscon repository: > > librelp0_1.2.10-0adiscon1trusty1_amd64.deb > <https://island1.rightscale.com/attachments/1/4837e45ee9536b1ce1747b34b4550a50?md5=4837e45ee9536b1ce1747b34b4550a50&expiration=1465042145&signature=thLITfytgdCN1uAoYwttTxeTebsewiqbx6%2FuVCqqIkCF4C%2Fui9%2F%2BMk54Ntnx%0As6XB4My1NOBfyDq5HXPyvrakuBDAIaO%2FkWtEkUh60bbwfYBOjxvsiO6GxZU9%0ARmXg79bDFkrj7O6RUz5CqHax%2Fnn2yPciTkGg6RnW1JuEafQ30l0%3D%0A&signer=us-3&filename=librelp0_1.2.10-0adiscon1trusty1_amd64.deb> > rsyslog-gnutls_8.18.0-0adisconatrusty1_amd64.deb > <https://island1.rightscale.com/attachments/1/e6f9dc842df7a2b7f7b8a47ae4b3296f?md5=e6f9dc842df7a2b7f7b8a47ae4b3296f&expiration=1465042145&signature=OqW2GtQti5BH7Y5JykgFU%2FauZyqv3k905xOUF57JLOBba7SuuhHKSKk%2FRa5b%0A4zI0k9iAewetJ6fP9ruR%2Fzjqe0Ix2SigAE1DNbM0%2FemDOcQdThgc66gMDB%2F8%0AnmWEqss01hBj1M9IYNDA1W1373RFL0lCgPXXBSJMIu8tnRrE4Fo%3D%0A&signer=us-3&filename=rsyslog-gnutls_8.18.0-0adisconatrusty1_amd64.deb> > rsyslog-relp_8.18.0-0adisconatrusty1_amd64.deb > <https://island1.rightscale.com/attachments/1/4d63e57c84566984827e227c5b981baf?md5=4d63e57c84566984827e227c5b981baf&expiration=1465042145&signature=KWc0ZGcsRmGaOBl5E2l1pxxNKKNe7De4kKdGaeOdGs6k8YJFUmq2ufbbbSdw%0AgFHe5ZS4mVIT%2Fq9hMB8Pmtfc58L7MQOAnAjGsQuCFSYWKY8so1zHWPMcKR4B%0Az9C9cbLbYMw4dZ3vN%2B1TdkB%2B9Cx7kyTCby3qhIAwlmmY6OirynY%3D%0A&signer=us-3&filename=rsyslog-relp_8.18.0-0adisconatrusty1_amd64.deb> > > and the libestr, libfastjson,etc... libraries. > > I run openssl commands to verify certificats are ok and everything seems > fine here. Run out of idees on how to troubleshoot this. > > I would appreciate if anyone could me on that. > > Thanks a log, > Xavi > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
