mirror of
https://github.com/rsyslog/rsyslog.git
synced 2025-12-17 08:10:43 +01:00
d7e1a4d09f
This adds support for a new bool parameter `sslpartialchain` If `"on"`, this will set the OpenSSL certificate store flag `X509_V_FLAG_PARTIAL_CHAIN`. This will allow you to verify the Kubernetes API server cert with only an intermediate CA cert in your local trust store, rather than having to have the entire intermediate CA + root CA chain in your local trust store. See also `man s_client` - the `-partial_chain` flag. This option is only available if rsyslog was built with support for OpenSSL and only if the `X509_V_FLAG_PARTIAL_CHAIN` flag is available. If you attempt to set this parameter on other platforms, you will get an `INFO` level log message. This was done so that you could use the same configuration on different platforms.
This directory contains a number of possibly useful things that do not directly relate to rsyslog. They are not actively supported, but as I said often helpful. Use them with some care, as they may be outdated in respect to the current release of rsyslog. At least some of this stuff has been found by our users and been included after a brief check and possibly an adapation. If you have something useful you would like to see in contrib, just drop us a note (see https://www.rsyslog.com for how to do that at the time your are reading this document). rgerhards, 2007-08-08