add a parameter to enable in-depth GnuTLS debug output #219
Comments
related to: #184 |
enables GnuTLS indepth debugging closes rsyslog#219
Thanks. I'm guessing this will be a few months at minimum away from going into Debian testing? |
I don't know their schedule, but you are probably right. I suggest to build from source. A tarball is already available at http://www.rsyslog.com/downloads/download-daily-build/ |
Old, but important. The GnuTLS debug directive (late rsyslog 8.x code) now uses a quoted-integer from zero (0) to ten (10), with most useful output emitted at level "3" or higher. The old "on" value (such as referenced in #184) simply throws a configuration file parser error. :-) Example rsyslog.conf line: |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
GnuTLS is often very picky about certificates, and the error codes are sometimes quite generic. Inside rsyslog's ./runtime/nsd_gtls.c there is a code to enable very in-depth logging of GnuTLS actions, but it is commented out via "#if 0". This was based on the assumption that it is only useful for rsyslog developers.
As it turned out, it's useful for users as well, at least in otherwise hard to solve cases. So we should add a (probably global) option to enable GnuTLS debugging.
While this is not available, users can get the same benefits by building rsyslog from source and changing the "#if 0" to "#if 1" in all cases.
The text was updated successfully, but these errors were encountered: