I'm not sure I understand it.
I thought that I load chains on client's side in tls.mycert for
presenting it to the server and tls.cacert is for verifying server's
certificate.
And from the server's side - the opposite - cacert for verifying clients
and mycert for showing to them.
Is it not
Let me jump into the discussion, for OpenSSL 1.1.0 and higher we can use
"SSL_use_certificate_chain_file" to set the certificate chain file and apply
it to the SSL Context.
For OpenSSL 1.0.2, we only can load the chained certificate if we use
"SSL_CTX_load_verify_locations" which loads the configur
And... ladies and gentlemen... it's getting weirder and weirder.
I got focused on what's not working that missed the fact that on many
other rsyslog instances the chained certs seem to be working OK.
And here's where it gets confusing.
I have two different sites with a pretty identical config
OK. It turned out I cannot read ;-)
But seriously - the docs state that chained certs should work with
openssl 1.0.2 (I have no idea why I read it at first as "1.0.7" or
something like that; is there such version at all? :-)) but you only get
one ssl context. OK, that's fine by me. But even th
Sure. I can rebuild whole rsyslog package or just the RELP components :-)
I just wanted to avoid custom building altogether because that
introduces another level of support burden on my side :-)
I can't understand one more thing though.
I'm trying to set up two different RELP inputs with two
you can always rebuild librelp yourself - that's the obvious solution...
My 2cts
Rainer
El jue, 21 ene 2021 a las 9:07, Mariusz Kruk via rsyslog
() escribió:
>
>
> On 21/01/2021 06:54, Yuri Bushmelev wrote:
> > Hello!
> >
> > LD_PRELOAD can help you I guess.. though it'll be rsyslog-wide (not
> >
On 21/01/2021 06:54, Yuri Bushmelev wrote:
Hello!
LD_PRELOAD can help you I guess.. though it'll be rsyslog-wide (not
just omrelp). As long as ABI & API are the same it might work for you.
Though I'd recommend to spin newer rsyslog with proper openssl lib in
a container (docker/podman/syst
7 matches
Mail list logo
