[syslog-ng] CRL handling in syslog
Peter Czanik (pczanik)
Peter.Czanik at oneidentity.com
Tue Feb 18 05:59:01 UTC 2025
Hi Shankar,
Could you test this on the latest syslog-ng release? Note that I never used this syslog-ng feature. I'm asking you this, as 4.8.1 is where development happens, and where we can fix it, if there is a problem.
Peter
Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Shankar Pramanik <spramanik at infoblox.com>
Sent: Friday, February 14, 2025 08:04
To: syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
Cc: Pritam Pal Singh <singhp at infoblox.com>; M P Singh <msingh3 at infoblox.com>; Vijaya Kumar Mukka <vmukka at infoblox.com>; Patrick McEvoy <pmcevoy at infoblox.com>; Kevin Sheehan <ksheehan at infoblox.com>; Michael Winslow <mwinslow at infoblox.com>
Subject: [syslog-ng] CRL handling in syslog
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
I’ve configured syslog-ng 3.35.1 to use CRLs but things aren’t working as expected. This is what I’ve done :
1. Create a self-signed CA and use it to sign a server certificate. The server certificate has a CRL distribution point in it.
2. Revoke the server certificate. Generate the revoked CRL and put it on the syslog client under /etc/syslog-ng/crl in PEM format. There’s a <issuer hash>.r0 link to the CRL in this directory.
3. Configure ca-dir and crl-dir in the client’s syslog config. Configure the client to connect to the remote syslog server.
With this setup, I’ d expect the syslog client to reject the server certificate since it’s revoked, but that doesn’t happen. The TLS handshake and subsequent communication is successful.
Is there anything that I’m missing ? Any pointers will be appreciated. I can provide additional details of my setup if needed.
Thanks!
Shankar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20250218/12e67e77/attachment.htm>
More information about the syslog-ng
mailing list