[syslog-ng] CentOS7 syslog-ng 3.5.6: TLS: SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Schulte, Klaus (Nokia - DE/Ulm)
klaus.schulte at nokia.com
Wed Jun 24 11:43:59 CEST 2015
Dear all,
I've this source settings for TLS:
source s_tcp_tls {
network( transport("tls")
ip(10.46.130.65) port(6514)
tls(
peer-verify("optional-untrusted")
key-file("/etc/syslog-ng/key.d/syslog-ng.key")
cert-file("/etc/syslog-ng/cert.d/syslog-ng.cert")
)
);
};
But when a client connects via TCP/TLS to the syslog-ng service..
In syslog-ng these messages are showing up:
syslog-ng starting up; version='3.5.6'
Syslog connection accepted; fd='12', client='AF_INET(10.46.160.78:48075)', local='AF_INET(10.46.130.65:6514)'
SSL error while reading stream; tls_error='SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
I/O error occurred while reading; fd='12', error='Connection reset by peer (104)'
Syslog connection closed; fd='12', client='AF_INET(10.46.160.78:48075)', local='AF_INET(10.46.130.65:6514)'
Closing log transport fd; fd='12'
I don't know why syslog-ng is proving the CA?
As far as I know the configuration is a non-mutual authentication - so the CA shouldn't play a role in this - is this correct?
The client sends messages in RFC5424 format.
Any help is appriciated - I've no clue what's going wrong.
Best regards
Klaus
____________________________________________
More information about the syslog-ng
mailing list