[gnutls-help] More specific output when an error occurs
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Sep 8 14:54:53 CEST 2017
On Fri, Sep 8, 2017 at 11:55 AM, Pascal Withopf <pwithopf at adiscon.com> wrote:
> Hi everyone,
>
> when using GnuTLS in Rsyslog and the key file is empty then the following
> error occurs from function gnutls_certificate_set_x509_key_file().
>
> 2017-09-07T16:07:43.981768+02:00 localhost rsyslogd[28575]: unexpected
> GnuTLS error -302 in nsd_gtls.c:577: Error in parsing. [v8.30.0.master try
> http://www.rsyslog.com/e/2078 ]
> 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error adding our
> certificate. GnuTLS error -302, message: 'Error in parsing.', key:
> '/home/usr/proj/certs/machine-key.pem', cert:
> '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try
> http://www.rsyslog.com/e/2078 ]
>
> Only after using the functions gnutls_global_set_log_function() and
> gnutls_global_set_log_level() you can find more detailed output.
>
> 8676.147805605:main thread : nsd_gtls.c: GnuTLS log msg, level 9: Could
> not find '-----BEGIN RSA PRIVATE KEY'
> 8676.147809763:main thread : nsd_gtls.c: GnuTLS log msg, level 9: Could
> not find '-----BEGIN DSA PRIVATE KEY'
> 8676.147813879:main thread : nsd_gtls.c: GnuTLS log msg, level 9: Could
> not find '-----BEGIN EC PRIVATE KEY'
>
> My question: Is there a way to get a more detailed output like this without
> having to look at the whole debug output.>
> My goal is to give more specific information when the error occurs, so
> Rsyslog users will know what is wrong without having to dig deeper
> themselfs.
I am not sure if I understand the request, but isn't the quoted text sufficient?
> 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error adding our
> certificate. GnuTLS error -302, message: 'Error in parsing.', key:
> '/home/usr/proj/certs/machine-key.pem', cert:
> '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try
> http://www.rsyslog.com/e/2078 ]
You can run any application using GNUTLS_DEBUG_LEVEL=4 (or higher) to
get more debugging information, but I'd expect end-user applications
like rsyslog to provide a proper error message, such as error in
parsing certificate or key.
regards,
Nikos
More information about the Gnutls-help
mailing list