[gnutls-help] More specific output when an error occurs

[Gregory Sloop]

NM> On Fri, Sep 8, 2017 at 4:46 PM, Pascal Withopf <pwithopf at adiscon.com> wrote:
>> At the moment rsyslog is giving the quoted text as error, but it is not
>> sufficient.
>> I made the experience, that users want to know more in detail what went
>> wrong.
>> The error is generic because it only tells you that something went wrong in
>> parsing.
>> But I would like to add the information What went wrong.

NM> That's up to application to report correct errors. rsyslog knows that
NM> this is an error at the certificate loading routine, and it's a
NM> parsing error. Thus it can display something much more user friendly
NM> rather than displaying the gnutls error code in isolation.

>> So my question is, if there is a way to get more information on the specific
>> error, like "Could not find '-----BEGIN EC PRIVATE KEY" without having to
>> look at the whole debugging output.

NM> That is unfortunately debugging output. This is not intended for
NM> end-user to see, unless debugging. Imagine what would be the actual
NM> message if that was a DER or a PKCS#12 file.

Having, myself, just gone through setup of RSyslog with TLS - I'll second that RSyslog is absolutely HORRIBLE in providing any really helpful output about any of the TLS layer stuff. It either works, or doesn't - but IMO it gives you absolutely nothing useful as to why.

But, IMO, this is really a RSyslog problem. They have terrible documentation on setting it up too. It doesn't surprise me in the least that they also don't provide any easily accessible output about problems with TLS.

The root problem, IMO, is: Neat software, really poor development of user-friendly output. 
But that's all on RSyslog. Lean on them. IMO, they should be getting the "Bad dog. No treat for you!" routine. :) 
[But I suspect that's likely to result in little change.]

-Greg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170911/96868d3e/attachment.html>