Support added in omfwd as instance parameter:
streamdriver.TlsVerifyDepth
Support added in imtcp as module parameter:
streamdriver.TlsVerifyDepth
Can be 2 or higher.
Support added into ossl driver
Support added into gtls driver
Added testcases for both drivers.
Parameter
streamdriver.TlsVerifyDepth
closes: https://github.com/rsyslog/rsyslog/issues/4035
We are using the gnutlsPriorityString setting variable, to pass
configuration commands to openssl.
The format is one command per line, command and value separated by equal sign (=).
See this sample:
gnutlsPriorityString="command=value
secondcommand=value"
Also added a test that disables certain TLS/SSL Version through this parameter which
causes the connection within the test to fail due wrong tls version number.
This error is checked and if found the test will pass.
Support only on OpenSSL 1.02 or higher.
Testcase will log an error if OpenSSL Versions has not TLSv1.3 support.
This can be ignored. The tests works regardless of this logged error.
closes: https://github.com/rsyslog/rsyslog/issues/3605
The new Option can have one of the following values:
on = Expired certificates are allowed
off = Expired certificates are not allowed
warn = Expired certificates are allowed but warning will be logged (Default)
Includes necessary tests to validate new code.
closes https://github.com/rsyslog/rsyslog/issues/3364
gtls and ossl driver used a default buffersize of 8 x 1024 bytes to store
received TLS packets. When tls read returned more than buffersize, the additional
buffer was not processed until new data arrived on the socket again.
TLS RFCs require up to 16KB buffer for a single TLS record.
closes https://github.com/rsyslog/rsyslog/issues/3325
