[syslog-ng] CentOS7 syslog-ng 3.5.6: TLS: SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

Scheidler, Balázs balazs.scheidler at balabit.com
Thu Jun 25 07:46:00 CEST 2015 

The SSL alert is sent by the client, thus the client didn't accept the
certificate of the server. Can you paste that config as well?
On Jun 24, 2015 11:44 AM, "Schulte, Klaus (Nokia - DE/Ulm)" <
klaus.schulte at nokia.com> wrote:

> Dear all,
>
> I've this source settings for TLS:
>
> source s_tcp_tls {
>    network(  transport("tls")
>              ip(10.46.130.65) port(6514)
>              tls(
>                    peer-verify("optional-untrusted")
>                    key-file("/etc/syslog-ng/key.d/syslog-ng.key")
>                    cert-file("/etc/syslog-ng/cert.d/syslog-ng.cert")
>              )
>    );
> };
>
> But when a client connects via TCP/TLS to the syslog-ng service..
>
> In syslog-ng these messages are showing up:
>
> syslog-ng starting up; version='3.5.6'
> Syslog connection accepted; fd='12', client='AF_INET(10.46.160.78:48075)',
> local='AF_INET(10.46.130.65:6514)'
> SSL error while reading stream; tls_error='SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
> I/O error occurred while reading; fd='12', error='Connection reset by peer
> (104)'
> Syslog connection closed; fd='12', client='AF_INET(10.46.160.78:48075)',
> local='AF_INET(10.46.130.65:6514)'
> Closing log transport fd; fd='12'
>
> I don't know why syslog-ng is proving the CA?
> As far as I know the configuration is a non-mutual authentication - so the
> CA shouldn't play a role in this - is this correct?
>
> The client sends messages in RFC5424 format.
>
> Any help is appriciated - I've no clue what's going wrong.
>
> Best regards
>   Klaus
> ____________________________________________
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150625/969e6f55/attachment.htm

More information about the syslog-ng mailing list