TLS with selfsigned certificate

Hi I am trying to use this plugin (via the [fluentd kubernetes daemonset](https://github.com/fluent/fluentd-kubernetes-daemonset) [Debian syslog docker image](https://github.com/fluent/fluentd-kubernetes-daemonset/tree/master/docker-image/v1.12/debian-syslog), which as far as I can tell uses this plugin for output.)

I need to use TLS encryption and the syslog receiver uses a selfsigned certificate. Therefore I tried to disable certificate verification with the verify_mode paramter; however I still get a verification error and no connection.

This is my output configuration:
```
  <label @OUTPUT>
    <match **>
      @type remote_syslog
      host "syslogserver"
      port 12555
      protocol tcp
      tls true
      verify_mode 0
      packet_size 65535
      <buffer>
        retry_max_interval 300
      </buffer>
      <format>
        @type "json"
      </format>
    </match>
  </label>
```
Name matching is done via /etc/hosts (through Kubernetes hostAliases) entry.

The selfsigned certificate has "syslogserver" both as issuer and subject CN; but this should not matter since I try to disable certificate verification anyway.

The error message I get is:
```
2021-06-11 17:41:49 +0000 [warn]: #0 failed to flush the buffer. retry_time=0 next_retry_seconds=2021-06-11 17:41:50 +0000 chunk="5c48105438fdcf12caab52270b36345b" error_class=RuntimeError error="verification error"
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/remote_syslog_sender-1.2.1/lib/remote_syslog_sender/tcp_sender.rb:73:in `block in connect'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/remote_syslog_sender-1.2.1/lib/remote_syslog_sender/tcp_sender.rb:52:in `synchronize'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/remote_syslog_sender-1.2.1/lib/remote_syslog_sender/tcp_sender.rb:52:in `connect'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/remote_syslog_sender-1.2.1/lib/remote_syslog_sender/tcp_sender.rb:38:in `initialize'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/fluent-plugin-remote_syslog-1.0.0/lib/fluent/plugin/out_remote_syslog.rb:136:in `new'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/fluent-plugin-remote_syslog-1.0.0/lib/fluent/plugin/out_remote_syslog.rb:136:in `create_sender'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/fluent-plugin-remote_syslog-1.0.0/lib/fluent/plugin/out_remote_syslog.rb:91:in `write'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/fluentd-1.11.2/lib/fluent/plugin/output.rb:1133:in `try_flush'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/fluentd-1.11.2/lib/fluent/plugin/output.rb:1439:in `flush_thread_run'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/fluentd-1.11.2/lib/fluent/plugin/output.rb:461:in `block (2 levels) in start'
  2021-06-11 17:41:49 +0000 [warn]: #0 /fluentd/vendor/bundle/ruby/2.6.0/gems/fluentd-1.11.2/lib/fluent/plugin_helper/thread.rb:78:in `block in thread_create'
```

I also tried other values for verify_mode after some searching:
* none
* OpenSSL::SSL::VERIFY_NONE

but the result - and the error message - is the same.

Can you advise me what the correct use of the parameter is?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

TLS with selfsigned certificate #44

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

TLS with selfsigned certificate #44

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions