Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upadd a parameter to enable in-depth GnuTLS debug output #219
Comments
rgerhards
added
the
enhancement
label
Jan 25, 2015
This comment has been minimized.
This comment has been minimized.
|
related to: #184 |
added a commit
to jgerhards/rsyslog
that referenced
this issue
Jan 26, 2015
rgerhards
closed this
in
#223
Jan 27, 2015
This comment has been minimized.
This comment has been minimized.
binarymist
commented
Jan 29, 2015
|
Thanks. I'm guessing this will be a few months at minimum away from going into Debian testing? |
This comment has been minimized.
This comment has been minimized.
|
I don't know their schedule, but you are probably right. I suggest to build from source. A tarball is already available at http://www.rsyslog.com/downloads/download-daily-build/ |
This comment has been minimized.
This comment has been minimized.
virtualjmills
commented
Jun 30, 2018
|
Old, but important. The GnuTLS debug directive (late rsyslog 8.x code) now uses a quoted-integer from zero (0) to ten (10), with most useful output emitted at level "3" or higher. The old "on" value (such as referenced in #184) simply throws a configuration file parser error. :-) Example rsyslog.conf line: |
rgerhards commentedJan 25, 2015
GnuTLS is often very picky about certificates, and the error codes are sometimes quite generic. Inside rsyslog's ./runtime/nsd_gtls.c there is a code to enable very in-depth logging of GnuTLS actions, but it is commented out via "#if 0". This was based on the assumption that it is only useful for rsyslog developers.
As it turned out, it's useful for users as well, at least in otherwise hard to solve cases. So we should add a (probably global) option to enable GnuTLS debugging.
While this is not available, users can get the same benefits by building rsyslog from source and changing the "#if 0" to "#if 1" in all cases.