-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-9.6
-
No
-
Low
-
Upstream
-
rhel-security-special-projects
-
None
-
False
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
This is a regression compared to RHEL8.
When customers configure a TLS forwarding action but do not specify the cert and/or key, the following message is seen repeatedly:
Jul 26 13:31:01 vm-rsyslog9-tls rsyslogd[6101]: warning: certificate file is not set [v8.2412.0-1.el9 try https://www.rsyslog.com/e/2330 ] Jul 26 13:31:01 vm-rsyslog9-tls rsyslogd[6101]: warning: key file is not set [v8.2412.0-1.el9 try https://www.rsyslog.com/e/2331 ] Jul 26 13:31:01 vm-rsyslog9-tls rsyslogd[6101]: warning: certificate file is not set [v8.2412.0-1.el9 try https://www.rsyslog.com/e/2330 ] Jul 26 13:31:01 vm-rsyslog9-tls rsyslogd[6101]: warning: key file is not set [v8.2412.0-1.el9 try https://www.rsyslog.com/e/2331 ]
This is very annoying.
This new thing got introduced by Upstream commit below:
commit 13f5dfe2e25e1b1da0dde1f6119d74e4062665ab
Author: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu Jul 1 11:48:25 2021 +0200
imtcp: permit to use different certificate files per input/action
---
runtime/nsd_gtls.c | 205 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------
1 file changed, 131 insertions(+), 74 deletions(-)
[...]
@@ -2071,6 +2122,8 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host, char *device)
assert(port != NULL);
assert(host != NULL);
+ CHKiRet(gtlsInitCred(pThis));
+ CHKiRet(gtlsAddOurCert(pThis));
CHKiRet(nsd_ptcp.Connect(pThis->pTcp, family, port, host, device));
[...]
Please fix this code to print the warning only once, on rsyslog initialization only.
