On Thu, 16 May 2019, Rainer Gerhards wrote:
I believe that the right thing to do is to abort the connection, but it seems
that rsyslog is dieing instead of just failing the connection (in this case, it
seems to be an inbound connection)
I walked into this by seeing a discussion of how to restart rsyslog when it dies
from this.
Do you have any idea of how to reproduce this? If so, could you create
a debug log and valgrind run?
This is still my first week here, and I don't know what I have access to do
duplicate this, but I believe that you can replicate this by sending a badly
enough malformed TLS handshake to the listening socket. I don't know exactly
what aspect of the handshake needs to be corrupted.
I still very much suggest to move to openssl - it really helps us
generate much better error messages in case of a problem.
That's what I am recommending.
Would still like to see this solved for gnutls. I think I tested inside the
testbench and we never came to any result. What, btw, was a second driving
force behind implementing openssl...
I agree, but the testbench doesn't send malformed messages/handshakes, and
that's what's needed here.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
