[syslog-ng] Authentication problem
Fabien Bagard
fabien.bagard at parrot.com
Thu Jan 6 14:51:17 CET 2011
Hi all,
I am trying to set up a centralized syslog server, with encryption and
authentication over TCP.
Communication is ok, encryption too, but I can't get the authentication
to work.
Here is my actual configuration, reduced to what is needed :
_Client :_
source s_src {
unix-dgram("/dev/log");
internal();
file("/proc/kmsg" program_override("kernel"));
};
...
destination d_net {
tcp("192.168.0.42"
port(4242)
tls(
ca_dir("/etc/rsyslog.d/certs/CA/")
cert_file("/etc/rsyslog.d/certs/client.crt")
key_file("/etc/rsyslog.d/certs/client.key")
peer_verify(optional-untrusted)
)
log_fifo_size(1000)
);
};
...
log { source(s_src); destination(d_net); };
_Server :_
source s_src {
# Local logging
unix-dgram("/dev/log");
file("/proc/kmsg" program_override("kernel"));
# Remote logging
tcp(
port(4242)
tls(
ca_dir("/etc/syslog-ng/certs/CA/")
cert_file("/etc/syslog-ng/certs/server.crt")
key_file("/etc/syslog-ng/certs/server.key")
peer_verify(optional-untrusted)
)
);
};
The CA which was used to sign these certificates is world readable and
located in /etc/syslog-ng/certs/CA/
This setup works : server is getting client's logs, and cypherred on the
wire.
When I replace /peer_verify(optional-untrusted)/ by
/peer_verify(required-trusted)/, in order to get mutual authentication,
I get this error :
==> /var/log/error <==
Jan 6 14:42:09 client syslog-ng[11086]: Certificate validation failed;
subject='emailAddress=email at address.com, CN=server.fqdn, OU=Org Unit,
O=Company, L=City, ST=Crountry, C=ID',
issuer='emailAddress=email at address.com, CN=Root CA, OU=Org Unit,
O=Company Root CA, L=City, ST=Country, C=ID', error='unable to get local
issuer certificate', depth='0'
Jan 6 14:42:09 client syslog-ng[11086]: SSL error while writing stream;
tls_error='SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed'
Jan 6 14:42:09 client syslog-ng[11086]: I/O error occurred while
writing; fd='9', error='Broken pipe (32)'
==> /var/log/messages <==
Jan 6 14:42:09 client syslog-ng[11086]: Syslog connection broken;
fd='9', server='AF_INET(192.168.0.42:4242)', time_reopen='60'
But my certificates are good :
openssl verify -CAfile /etc/syslog-ng/certs/CA/ca.crt -purpose any
/etc/syslog-ng/certs/client.crt
/etc/syslog-ng/certs/client.crt: OK
openssl verify -CAfile /etc/syslog-ng/certs/CA/ca.crt -purpose any
/etc/syslog-ng/certs/server.crt
/etc/syslog-ng/certs/server.crt: OK
More informations :
root@[client|server]:~ #
syslog-ng -V
syslog-ng 3.1.3
Installer-Version: 3.1.3
Revision:
ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.1#master#def34661b08109f8148904b860457d5747c425b3
Compile-Date: Nov 28 2010 12:29:35
Enable-Threads: on
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-Sun-Door: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-SSL: on
Enable-SQL: on
Enable-Linux-Caps: on
Enable-Pcre: on
Does someone has any clue on what's going wrong ?
--
Fabien Bagard
IT Department
tel + 33 (0)1 48 03 60 40
--------------------------------------------------------------------------------
Parrot SA
174, Quai de Jemmapes | 75010 Paris - France
tel + 33 (0)1 48 03 60 60 | fax + 33 (0)1 48 03 70 08
http://www.parrot.com
--------------------------------------------------------------------------------
This e-mail message and any attached document(s) are for the sole use of
the intended recipient(s)and may contain confidential and legally
privileged information.
Any unauthorized review, copy, use and/or disclosure is prohibited.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110106/b85064bb/attachment.htm
More information about the syslog-ng
mailing list