The variable priorityString was not used when rsyslog acted as the
server and the defaults were always set. Now the priorityString
is used when specified.
fixes https://github.com/rsyslog/rsyslog/issues/1722
Add SNI hostname if and only if host is not a bare IP address
Rename sndrcv_tls_anon -> sndrcv_tls_anon_hostname, and include a hostname in this test
Add bare IPv4 and IPv6 TLS tests
Change port in some tests to make wireshark traces easier to interpret during a full test run
Add support for bind-to-device option to omfwd and imudp modules.
Configured using device="name". Only new syntax format is supported.
e.g.,
input(type="imudp" port=["10514"] device="eth0" name="udp")
action(type="omfwd" Target="192.168.1.23" Port="10514" Device="eth0")
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
As it seems, different C compilers have different rules/interpretations
on inline functions. The current code base did not properly obey all C99
rules. We fix this by converting some functions to macros and others to
include the necessary C99 plumbing. We also remove some inline attributes
for functions where this seems to be to agressive (aka "function to big").
This fixes build problems in some environments and is a general code
cleanup measure.
especially in the common case that a certificat file is not present.
The GnuTLS provided error messages is pretty misleading, so we now
check this ourselves.
Note that further improvements to TLS error reporting are desirable,
this fixes just one annoying case that frequently causes confusion.
the function can no longer fail and it is not expected that this
will ever happen again in the future. So we remove the return value,
giving a small speedup to the code.
When the connection was broken and gtlsRecordRecv returned a
failure, pszRcvBuf was not freed. The code to free pszRcvBuf has
been moved to finalize_it if iRet is not RS_RET_OK.
The gnutls_certificate_type_set_priority function is deprecated
and not available in recent GnuTLS versions. However, there is no
doc how to properly replace it with gnutls_priority_set_direct.
A lot of folks have simply removed it, when they also called
gnutls_set_default_priority. This is what we now also do. If
this causes problems or someone has an idea of how to replace
the deprecated function in a better way, please let us know!
In any case, we use it as long as it is available and let
not insult us by the deprecation warnings.
There is a regression in this feature-add commit and I don't have the
time to search for it. Refering it back to contributor.
see also https://github.com/rsyslog/rsyslog/pull/145
New options: (legacy counterparts)
keepalive.time $inputtcpserverkeepalive_time
keepalive.probes $inputtcpserverkeepalive_probes
keepalive.interval $inputtcpserverkeepalive_interval
The options are set separately for each instance.
This patch bumps the interface version of the nsd,
netstrm and tcpsrv modules.
Note that the "current ones" were introduced in GNUTls 1.2.0 and
we already require at least 1.4.0, so this does not cause any
problem with platforms rsyslog already runs on.
Messages previously emitted only to the debug log are now emitted as
syslog error messages. It has shown that they contain information
helpful to the user for troubleshooting config issues. Note that this
change is a bit experimental, as we are not sure if there are situations
where large amounts of error messages may be emitted.
Error: RESOURCE_LEAK (CWE-772):
rsyslog-7.4.10/runtime/nsd_gtls.c:120: open_fn: Returning handle opened by function "open(char const *, int, ...)".
rsyslog-7.4.10/runtime/nsd_gtls.c:120: var_assign: Assigning: "fd" = handle returned from "open((char *)pszFile, 0)".
rsyslog-7.4.10/runtime/nsd_gtls.c:126: noescape: Resource "fd" is not freed or pointed-to in function "fstat(int, struct stat *)".
rsyslog-7.4.10/runtime/nsd_gtls.c:139: noescape: Resource "fd" is not freed or pointed-to in function "read(int, void *, size_t)".
rsyslog-7.4.10/runtime/nsd_gtls.c:154: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
