[rsyslog-notify] Forum Thread: TLS issues in 8.4.0 - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Fri Sep 19 02:02:23 CEST 2014 

User: nxmehta 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24945#p24945

Message: 
----------
Hi there,

I've recently been seeing issues with TLS encrypted remote logging in
rsyslog.  This exact setup (same configs and certs) used to work fine in
the 7.x version, but since I upgraded recently I've been seeing problems. 
My logs are filled with the following errors:

[code:pxxbaiqk]Sep 18 16:49:12 myserver rsyslogd-2089:
netstream session 0x7fbe38017380 will be closed due to error  [try
http://www.rsyslog.com/e/2089 ][/code:pxxbaiqk]

Here's the server side configuration:

[code:pxxbaiqk]$ModLoad imtcp
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
$DefaultNetstreamDriverCertFile /etc/ssl/certs/mycert.crt
$DefaultNetstreamDriverKeyFile /etc/ssl/private/mycert.key
$InputTCPServerStreamDriverMode 1
$InputTCPServerStreamDriverAuthMode anon
$InputTCPServerRun 514[/code:pxxbaiqk]

And the client side configuration:

[code:pxxbaiqk]$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode anon
*.*                                                    
@@myserver:514
[/code:pxxbaiqk]

Here's the debug log from the server:

[code:pxxbaiqk]6425.814033306:imtcp.c        : New connect
on NSD 0x22960d0.
6425.814050711:imtcp.c        : dnscache: entry (nil)
found
6425.819281124:imtcp.c        : GnuTLS handshake does not
complete immediately - setting to retry (this is OK and normal)
6425.819336017:imtcp.c        : New session created with
NSD 0x7fbe38006060.
6425.819349710:imtcp.c        : hasRcvInBuffer on nsd
0x2274ec0: pszRcvBuf (nil), lenRcvBuf 0
6425.819365513:imtcp.c        : hasRcvInBuffer on nsd
0x22961a0: pszRcvBuf (nil), lenRcvBuf 0
6425.819371127:imtcp.c        : hasRcvInBuffer on nsd
0x7fbe380027d0: pszRcvBuf (nil), lenRcvBuf 0
6425.819377270:imtcp.c        : --------<NSDSEL_PTCP>
calling select, active fds (max 19): 10 11 19
6425.869702367:imtcp.c        : hasRcvInBuffer on nsd
0x2274ec0: pszRcvBuf (nil), lenRcvBuf 0
6425.869739092:imtcp.c        : hasRcvInBuffer on nsd
0x22961a0: pszRcvBuf (nil), lenRcvBuf 0
6425.869745980:imtcp.c        : hasRcvInBuffer on nsd
0x7fbe380027d0: pszRcvBuf (nil), lenRcvBuf 0
6425.869751482:imtcp.c        : GnuTLS requested retry of 1
operation - executing
6425.869771778:imtcp.c        : unexpected GnuTLS error -54
in nsdsel_gtls.c:166: Error in the pull function.
6425.869778668:imtcp.c        : XXXXXX: doRetry:
iRet -2078, pNsd->bAbortConn 1
6425.869784278:imtcp.c        : tcpsrv: ready to
process 1 event entries
6425.869789568:imtcp.c        : tcpsrv: processing item
0, pUsr 0x7fbe38006060, bAbortConn
6425.869794885:imtcp.c        : netstream 0x7fbe38005f90
with new data
6425.869800728:imtcp.c        : gtlsRcv return. nsd
0x7fbe380027d0, iRet -2089, lenRcvBuf 0, ptrRcvBuf 0
6425.869806958:imtcp.c        : Called LogMsg, msg:
netstream session 0x7fbe38005f90 will be closed due to
error[/code:pxxbaiqk]

And the debug log from the client:

[code:pxxbaiqk]6425.563661890:main Q:Reg/w0  : TCPSendInit
CREATE
6425.563672293:main Q:Reg/w0  : caller requested object
'nsd_gtls', not found (iRet -3003)
6425.563680500:main Q:Reg/w0  : Requested to load module
'lmnsd_gtls'
6425.563688698:main Q:Reg/w0  : loading module
'/usr/lib/rsyslog/lmnsd_gtls.so'
6425.564301093:imuxsock.c     : Message from UNIX
socket: #3
6425.564345762:imuxsock.c     : main Q: qqueueAdd:
entry added, size now log 1, phys 2 entries
6425.564356808:imuxsock.c     : main Q: EnqueueMsg
advised worker start
6425.564364103:imuxsock.c     : --------imuxsock calling
select, active file descriptors (max 5): 3 5
6425.568209729:main Q:Reg/w0  : source file nsd_gtls.c
requested reference for module 'lmnet', reference count now 5
6425.568232497:main Q:Reg/w0  : caller requested object
'nsd_ptcp', not found (iRet -3003)
6425.568244289:main Q:Reg/w0  : Requested to load module
'lmnsd_ptcp'
6425.568255709:main Q:Reg/w0  : loading module
'/usr/lib/rsyslog/lmnsd_ptcp.so'
6425.568380354:main Q:Reg/w0  : source file nsd_ptcp.c
requested reference for module 'lmnetstrms', reference count now 3
6425.568397304:main Q:Reg/w0  : module lmnsd_ptcp of type 2
being loaded (keepType=0).
6425.568402146:main Q:Reg/w0  : entry point
'isCompatibleWithFeature' not present in module
6425.568406151:main Q:Reg/w0  : entry point 'setModCnf' not
present in module
6425.568410168:main Q:Reg/w0  : entry point 'getModCnfName'
not present in module
6425.568414042:main Q:Reg/w0  : entry point 'beginCnfLoad'
not present in module
6425.568446534:main Q:Reg/w0  : source file nsd_gtls.c
requested reference for module 'lmnsd_ptcp', reference count now 1
6425.568464875:main Q:Reg/w0  : GTLS CA file:
'/etc/ssl/certs/ca-certificates.crt'
6425.585275110:main Q:Reg/w0  : source file
nsdsel_gtls.c requested reference for module 'lmnsd_ptcp', reference
count now 2
6425.585325229:main Q:Reg/w0  : module lmnsd_gtls of type 2
being loaded (keepType=1).
6425.585335401:main Q:Reg/w0  : entry point
'isCompatibleWithFeature' not present in module
6425.585343301:main Q:Reg/w0  : entry point 'setModCnf' not
present in module
6425.585350931:main Q:Reg/w0  : entry point 'getModCnfName'
not present in module
6425.585358359:main Q:Reg/w0  : entry point 'beginCnfLoad'
not present in module
6425.585370506:main Q:Reg/w0  : source file netstrms.c
requested reference for module 'lmnsd_gtls', reference count now 1
6425.692298351:main Q:Reg/w0  : our certificate is not set,
file name values are cert: '(null)', key: '(null)'
6425.756724126:main Q:Reg/w0  : unexpected GnuTLS error -28
in nsd_gtls.c:1651: Resource temporarily unavailable, try
again.
6425.756805221:main Q:Reg/w0  : TCPSendInit FAILED with
-2078.[/code:pxxbaiqk]

So the server appears to be reporting GnuTLS error -54, and the client is
reporting error -28.  According to <!-- m --><a class="postlink"
href="http://gnutls.org/manual/html_node/Error-codes.html">http://gnutls.org/manual/html_node/Error-codes.html</a><!--
m --> the errors mean the following:

[code:pxxbaiqk]-28	GNUTLS_E_AGAIN	Resource temporarily unavailable, try
again.
-54	GNUTLS_E_PULL_ERROR	Error in the pull function.[/code:pxxbaiqk]

I'm really not sure what to do with these errors, though.  Anyone have any
clues as to what might be wrong?

Please let me know if I can provide any more information to help debug. 
Thanks.

More information about the rsyslog-notify mailing list