|
 |
c99690 |
--- rsyslog-8.2102.0.ori/runtime/glbl.h 2020-10-03 19:06:47.000000000 +0200
|
|
|
c99690 |
+++ rsyslog-8.2102.0/runtime/glbl.h 2022-09-07 13:32:51.623799582 +0200
|
|
|
c99690 |
@@ -72,6 +72,7 @@
|
|
|
c99690 |
SIMP_PROP(DfltNetstrmDrvrCAF, uchar*)
|
|
|
c99690 |
SIMP_PROP(DfltNetstrmDrvrKeyFile, uchar*)
|
|
|
c99690 |
SIMP_PROP(DfltNetstrmDrvrCertFile, uchar*)
|
|
|
c99690 |
+ SIMP_PROP(NetstrmDrvrCAExtraFiles, uchar*)
|
|
|
c99690 |
SIMP_PROP(ParserControlCharacterEscapePrefix, uchar)
|
|
|
c99690 |
SIMP_PROP(ParserDropTrailingLFOnReception, int)
|
|
|
c99690 |
SIMP_PROP(ParserEscapeControlCharactersOnReceive, int)
|
|
|
c99690 |
--- rsyslog-8.2102.0.ori/runtime/glbl.c 2022-09-07 13:17:02.669696053 +0200
|
|
|
c99690 |
+++ rsyslog-8.2102.0/runtime/glbl.c 2022-09-07 13:56:37.678966129 +0200
|
|
|
c99690 |
@@ -122,6 +122,7 @@
|
|
|
c99690 |
static uchar *pszDfltNetstrmDrvrCAF = NULL; /* default CA file for the netstrm driver */
|
|
|
c99690 |
static uchar *pszDfltNetstrmDrvrKeyFile = NULL; /* default key file for the netstrm driver (server) */
|
|
|
c99690 |
static uchar *pszDfltNetstrmDrvrCertFile = NULL; /* default cert file for the netstrm driver (server) */
|
|
|
c99690 |
+static uchar *pszNetstrmDrvrCAExtraFiles = NULL; /* list of additional CAExtraFiles */
|
|
|
c99690 |
int bTerminateInputs = 0; /* global switch that inputs shall terminate ASAP (1=> terminate) */
|
|
|
c99690 |
static uchar cCCEscapeChar = '#'; /* character to be used to start an escape sequence for control chars */
|
|
|
c99690 |
static int bDropTrailingLF = 1; /* drop trailing LF's on reception? */
|
|
|
c99690 |
@@ -176,6 +177,7 @@
|
|
|
c99690 |
{ "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 },
|
|
|
c99690 |
{ "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 },
|
|
|
c99690 |
{ "defaultnetstreamdriver", eCmdHdlrString, 0 },
|
|
|
c99690 |
+ { "netstreamdrivercaextrafiles", eCmdHdlrString, 0 },
|
|
|
c99690 |
{ "maxmessagesize", eCmdHdlrSize, 0 },
|
|
|
c99690 |
{ "oversizemsg.errorfile", eCmdHdlrGetWord, 0 },
|
|
|
c99690 |
{ "oversizemsg.report", eCmdHdlrBinary, 0 },
|
|
|
c99690 |
@@ -307,6 +309,8 @@
|
|
|
c99690 |
/* TODO: use custom function which frees existing value */
|
|
|
c99690 |
SIMP_PROP_SET(DfltNetstrmDrvrCertFile, pszDfltNetstrmDrvrCertFile, uchar*)
|
|
|
c99690 |
/* TODO: use custom function which frees existing value */
|
|
|
c99690 |
+SIMP_PROP_SET(NetstrmDrvrCAExtraFiles, pszNetstrmDrvrCAExtraFiles, uchar*)
|
|
|
c99690 |
+/* TODO: use custom function which frees existing value */
|
|
|
c99690 |
|
|
|
c99690 |
#undef SIMP_PROP
|
|
|
c99690 |
#undef SIMP_PROP_SET
|
|
|
c99690 |
@@ -838,6 +842,12 @@
|
|
|
c99690 |
return(pszDfltNetstrmDrvrCAF);
|
|
|
c99690 |
}
|
|
|
c99690 |
|
|
|
c99690 |
+/* return the extra CA Files, if needed */
|
|
|
c99690 |
+static uchar*
|
|
|
c99690 |
+GetNetstrmDrvrCAExtraFiles(void)
|
|
|
c99690 |
+{
|
|
|
c99690 |
+ return(pszNetstrmDrvrCAExtraFiles);
|
|
|
c99690 |
+}
|
|
|
c99690 |
|
|
|
c99690 |
/* return the current default netstream driver key File */
|
|
|
c99690 |
static uchar*
|
|
|
c99690 |
@@ -925,6 +935,7 @@
|
|
|
c99690 |
SIMP_PROP(DfltNetstrmDrvrCAF)
|
|
|
c99690 |
SIMP_PROP(DfltNetstrmDrvrKeyFile)
|
|
|
c99690 |
SIMP_PROP(DfltNetstrmDrvrCertFile)
|
|
|
c99690 |
+ SIMP_PROP(NetstrmDrvrCAExtraFiles)
|
|
|
c99690 |
#ifdef USE_UNLIMITED_SELECT
|
|
|
c99690 |
SIMP_PROP(FdSetSize)
|
|
|
c99690 |
#endif
|
|
|
c99690 |
@@ -941,6 +952,8 @@
|
|
|
c99690 |
pszDfltNetstrmDrvr = NULL;
|
|
|
c99690 |
free(pszDfltNetstrmDrvrCAF);
|
|
|
c99690 |
pszDfltNetstrmDrvrCAF = NULL;
|
|
|
c99690 |
+ free(pszNetstrmDrvrCAExtraFiles);
|
|
|
c99690 |
+ pszNetstrmDrvrCAExtraFiles = NULL;
|
|
|
c99690 |
free(pszDfltNetstrmDrvrKeyFile);
|
|
|
c99690 |
pszDfltNetstrmDrvrKeyFile = NULL;
|
|
|
c99690 |
free(pszDfltNetstrmDrvrCertFile);
|
|
|
c99690 |
@@ -1350,6 +1363,9 @@
|
|
|
c99690 |
free(pszDfltNetstrmDrvr);
|
|
|
c99690 |
pszDfltNetstrmDrvr = (uchar*)
|
|
|
c99690 |
es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
|
|
|
c99690 |
+ } else if(!strcmp(paramblk.descr[i].name, "netstreamdrivercaextrafiles")) {
|
|
|
c99690 |
+ free(pszNetstrmDrvrCAExtraFiles);
|
|
|
c99690 |
+ pszNetstrmDrvrCAExtraFiles = (uchar*) es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
|
|
|
c99690 |
} else if(!strcmp(paramblk.descr[i].name, "preservefqdn")) {
|
|
|
c99690 |
bPreserveFQDN = (int) cnfparamvals[i].val.d.n;
|
|
|
c99690 |
} else if(!strcmp(paramblk.descr[i].name,
|
|
|
c99690 |
@@ -1546,6 +1562,8 @@
|
|
|
c99690 |
&pszDfltNetstrmDrvrKeyFile, NULL));
|
|
|
c99690 |
CHKiRet(regCfSysLineHdlr((uchar *)"defaultnetstreamdrivercertfile", 0, eCmdHdlrGetWord, NULL,
|
|
|
c99690 |
&pszDfltNetstrmDrvrCertFile, NULL));
|
|
|
c99690 |
+ CHKiRet(regCfSysLineHdlr((uchar *)"netstreamdrivercaextrafiles", 0, eCmdHdlrGetWord, NULL,
|
|
|
c99690 |
+ &pszNetstrmDrvrCAExtraFiles, NULL));
|
|
|
c99690 |
CHKiRet(regCfSysLineHdlr((uchar *)"localhostname", 0, eCmdHdlrGetWord, NULL, &LocalHostNameOverride, NULL));
|
|
|
c99690 |
CHKiRet(regCfSysLineHdlr((uchar *)"localhostipif", 0, eCmdHdlrGetWord, setLocalHostIPIF, NULL, NULL));
|
|
|
c99690 |
CHKiRet(regCfSysLineHdlr((uchar *)"optimizeforuniprocessor", 0, eCmdHdlrGoneAway, NULL, NULL, NULL));
|
|
|
c99690 |
--- rsyslog-8.2102.0.ori/runtime/nsd_ossl.c 2022-09-07 13:17:02.705696208 +0200
|
|
|
c99690 |
+++ rsyslog-8.2102.0/runtime/nsd_ossl.c 2022-09-07 14:09:18.697256943 +0200
|
|
|
c99690 |
@@ -88,6 +88,7 @@
|
|
|
c99690 |
static short bHaveCA;
|
|
|
c99690 |
static short bHaveCert;
|
|
|
c99690 |
static short bHaveKey;
|
|
|
c99690 |
+static short bHaveExtraCAFiles;
|
|
|
c99690 |
static int bAnonInit;
|
|
|
c99690 |
static MUTEX_TYPE anonInit_mut = PTHREAD_MUTEX_INITIALIZER;
|
|
|
c99690 |
|
|
|
c99690 |
@@ -414,7 +415,8 @@
|
|
|
c99690 |
{
|
|
|
c99690 |
DEFiRet;
|
|
|
c99690 |
DBGPRINTF("openssl: entering osslGlblInit\n");
|
|
|
c99690 |
- const char *caFile, *certFile, *keyFile;
|
|
|
c99690 |
+ const char *caFile, *certFile, *keyFile, *extraCaFile;
|
|
|
c99690 |
+ char *extraCaFiles;
|
|
|
c99690 |
|
|
|
c99690 |
/* Setup OpenSSL library */
|
|
|
c99690 |
if((opensslh_THREAD_setup() == 0) || !SSL_library_init()) {
|
|
|
c99690 |
@@ -451,9 +453,27 @@
|
|
|
c99690 |
} else {
|
|
|
c99690 |
bHaveKey = 1;
|
|
|
c99690 |
}
|
|
|
c99690 |
+ extraCaFiles = (char*) glbl.GetNetstrmDrvrCAExtraFiles();
|
|
|
c99690 |
+ if(extraCaFiles == NULL) {
|
|
|
c99690 |
+ bHaveExtraCAFiles = 0;
|
|
|
c99690 |
+ } else {
|
|
|
c99690 |
+ bHaveExtraCAFiles = 1;
|
|
|
c99690 |
+ }
|
|
|
c99690 |
|
|
|
c99690 |
/* Create main CTX Object */
|
|
|
c99690 |
ctx = SSL_CTX_new(SSLv23_method());
|
|
|
c99690 |
+ if(bHaveExtraCAFiles == 1) {
|
|
|
c99690 |
+ while((extraCaFile = strsep(&extraCaFiles, ","))) {
|
|
|
c99690 |
+ if(SSL_CTX_load_verify_locations(ctx, extraCaFile, NULL) != 1) {
|
|
|
c99690 |
+ LogError(0, RS_RET_TLS_CERT_ERR, "Error: Extra Certificate file could not be accessed. "
|
|
|
c99690 |
+ "Check at least: 1) file path is correct, 2) file exist, "
|
|
|
c99690 |
+ "3) permissions are correct, 4) file content is correct. "
|
|
|
c99690 |
+ "Open ssl error info may follow in next messages");
|
|
|
c99690 |
+ osslLastSSLErrorMsg(0, NULL, LOG_ERR, "osslGlblInit");
|
|
|
c99690 |
+ ABORT_FINALIZE(RS_RET_TLS_CERT_ERR);
|
|
|
c99690 |
+ }
|
|
|
c99690 |
+ }
|
|
|
c99690 |
+ }
|
|
|
c99690 |
if(bHaveCA == 1 && SSL_CTX_load_verify_locations(ctx, caFile, NULL) != 1) {
|
|
|
c99690 |
LogError(0, RS_RET_TLS_CERT_ERR, "Error: CA certificate could not be accessed. "
|
|
|
c99690 |
"Check at least: 1) file path is correct, 2) file exist, "
|