[gnutls-help] More specific output when an error occurs

Pascal Withopf pwithopf at adiscon.com
Fri Sep 8 16:46:28 CEST 2017 

At the moment rsyslog is giving the quoted text as error, but it is not
sufficient.
I made the experience, that users want to know more in detail what went
wrong.

The error is generic because it only tells you that something went wrong in
parsing.
But I would like to add the information What went wrong.

So my question is, if there is a way to get more information on the
specific error, like "Could not find '-----BEGIN EC PRIVATE KEY" without
having to look at the whole debugging output.

Best Regards
Pascal

2017-09-08 14:54 GMT+02:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>:

> On Fri, Sep 8, 2017 at 11:55 AM, Pascal Withopf <pwithopf at adiscon.com>
> wrote:
> > Hi everyone,
> >
> > when using GnuTLS in Rsyslog and the key file is empty then the following
> > error occurs from function gnutls_certificate_set_x509_key_file().
> >
> > 2017-09-07T16:07:43.981768+02:00 localhost rsyslogd[28575]: unexpected
> > GnuTLS error -302 in nsd_gtls.c:577: Error in parsing.  [v8.30.0.master
> try
> > http://www.rsyslog.com/e/2078 ]
> > 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error
> adding our
> > certificate. GnuTLS error -302, message: 'Error in parsing.', key:
> > '/home/usr/proj/certs/machine-key.pem', cert:
> > '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try
> > http://www.rsyslog.com/e/2078 ]
> >
> > Only after using the functions gnutls_global_set_log_function() and
> > gnutls_global_set_log_level() you can find more detailed output.
> >
> > 8676.147805605:main thread    : nsd_gtls.c: GnuTLS log msg, level 9:
> Could
> > not find '-----BEGIN RSA PRIVATE KEY'
> > 8676.147809763:main thread    : nsd_gtls.c: GnuTLS log msg, level 9:
> Could
> > not find '-----BEGIN DSA PRIVATE KEY'
> > 8676.147813879:main thread    : nsd_gtls.c: GnuTLS log msg, level 9:
> Could
> > not find '-----BEGIN EC PRIVATE KEY'
> >
> > My question: Is there a way to get a more detailed output like this
> without
> > having to look at the whole debug output.>
> > My goal is to give more specific information when the error occurs, so
> > Rsyslog users will know what is wrong without having to dig deeper
> > themselfs.
>
> I am not sure if I understand the request, but isn't the quoted text
> sufficient?
> > 2017-09-07T16:07:43.982798+02:00 localhost rsyslogd[28575]: error
> adding our
> > certificate. GnuTLS error -302, message: 'Error in parsing.', key:
> > '/home/usr/proj/certs/machine-key.pem', cert:
> > '/home/usr/proj/certs/machine-cert.pem' [v8.30.0.master try
> > http://www.rsyslog.com/e/2078 ]
>
> You can run any application using GNUTLS_DEBUG_LEVEL=4 (or higher) to
> get more debugging information, but I'd expect end-user applications
> like rsyslog to provide a proper error message, such as error in
> parsing certificate or key.
>
> regards,
> Nikos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170908/9a74d5cc/attachment-0001.html>

More information about the Gnutls-help mailing list