|
|
| Reporter | chandra Teja | Assigned To | | |
|---|
| Priority | urgent | Severity | major | Reproducibility | always |
|---|
| Status | new | Resolution | open | |
|---|
| Platform | Rocky Linux 8 | |
|---|
|
|
| Summary | 0007888: rsyslog not supporting the DefaultstreamDriverCRLFile parameter in the latest version |
|---|
| Description | Latest version of rsyslog in Redhat Linux 8 is not supporting the below rsyslog parameter to support CRL file
RSYSLOG VERSION: rsyslog-8.2102.0-15.el8.x86_64.rpm
global(
DefaultNetstreamDriverCRLFile="/etcpki/tls/private/crl.pem"
)
The above feature is included in rsyslog-2308.0 , not updated with upstream.
|
|---|
| Steps To Reproduce | Steps to Reproduce:
1.Configure rsyslog in redhat 8 as client
2. Enter the configuration as required for TLS connection using omfwd module and gtls driver.
3. Now add DefaultNetstreamDriverCRLFile this parameter in global config as shown above. It will throw error , invalid format.
Expected results:
Valid config and expected CRL file to reject the revoked certs.
Actual results:
Throwing error , config not valid
|
|---|
| Additional Information | REFERENCE:
Below is the details of upstream rsyslog update for version v8.2308:
---
: add imtcp/omfwd streamDriver.CRLFile parameter
: and global defaultNetstreamDriverCRLFile parameter
REFERENCES:
https://github.com/rsyslog/rsyslog/pull/5175
https://github.com/rsyslog/rsyslog-doc/pull/1012
Tried to use these options in rsyslog in redhat linux 8.10 but still these parameters are unsupported.
These parameters are used when rsyslog is used tls connection using gtls or ossl driver.
As this is the CRL File parameter, All the orgs, need this update which adds value for many validations , which verifys the CRL file and revokes the certificate .
I feel this is the major update that is missing in rocky 8 rsyslog Latest version. |
|---|
| Tags | No tags attached. |
|---|
|
|
