summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--doc/imrelp.html2
-rw-r--r--doc/omrelp.html13
-rw-r--r--plugins/imrelp/imrelp.c2
-rw-r--r--plugins/omrelp/omrelp.c9
5 files changed, 30 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 6f58734c..815fae34 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,13 @@
---------------------------------------------------------------------------
Version 7.5.1 [devel] 2013-06-??
+- omrelp:
+ * new parameter "compression.prioritystring" to control encryption
+ parameters used by GnuTLS
- imrelp:
* new parameter "compression.dhbits" to control the number of
bits being used for Diffie-Hellman key generation
+ * new parameter "compression.prioritystring" to control encryption
+ parameters used by GnuTLS
- added experimental TCP stream compression (imptcp only, currently)
- added BSD-specific syslog facilities
* "console"
diff --git a/doc/imrelp.html b/doc/imrelp.html
index 3795fb76..73af2659 100644
--- a/doc/imrelp.html
+++ b/doc/imrelp.html
@@ -69,6 +69,8 @@ ignored.
found in the GnuTLS manual. At the time of this writing, this
information was contained in
<a href="http://gnutls.org/manual/html_node/Priority-Strings.html">section 6.10 of the GnuTLS manual</a>.
+<br><b>Note: this is an expert parameter.</b> Do not use if you do
+not exactly know what you are doing.
</li>
</ul>
<b>Caveats/Known Bugs:</b>
diff --git a/doc/omrelp.html b/doc/omrelp.html
index 39f253bd..a44ec319 100644
--- a/doc/omrelp.html
+++ b/doc/omrelp.html
@@ -42,6 +42,19 @@ must be used.
increases CPU use, the network bandwidth should be reduced. Note that
typical text-based log records usually compress rather well.
</li>
+ <li><b>tls.prioritystring</b> (not mandatory, string)<br>
+ This parameter permits to specify the so-called "priority string" to
+ GnuTLS. This string gives complete control over all crypto parameters,
+ including compression setting. For this reason, when the prioritystring
+ is specified, the "tls.compression" parameter has no effect and is
+ ignored.
+ <br>Full information about how to construct a priority string can be
+ found in the GnuTLS manual. At the time of this writing, this
+ information was contained in
+ <a href="http://gnutls.org/manual/html_node/Priority-Strings.html">section 6.10 of the GnuTLS manual</a>.
+ <br><b>Note: this is an expert parameter.</b> Do not use if you do
+ not exactly know what you are doing.
+ </li>
</ul>
<p><b>Sample:</b></p>
<p>The following sample sends all messages to the central server
diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c
index e0082f89..32f6a042 100644
--- a/plugins/imrelp/imrelp.c
+++ b/plugins/imrelp/imrelp.c
@@ -107,7 +107,7 @@ static struct cnfparamdescr inppdescr[] = {
{ "port", eCmdHdlrString, CNFPARAM_REQUIRED },
{ "tls", eCmdHdlrBinary, 0 },
{ "tls.dhbits", eCmdHdlrInt, 0 },
- { "tls.prioritystring", eCmdHdlrInt, 0 },
+ { "tls.prioritystring", eCmdHdlrString, 0 },
{ "tls.compression", eCmdHdlrBinary, 0 }
};
static struct cnfparamblk inppblk =
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c
index 50f6f905..27b1c5a6 100644
--- a/plugins/omrelp/omrelp.c
+++ b/plugins/omrelp/omrelp.c
@@ -71,6 +71,7 @@ typedef struct _instanceData {
relpClt_t *pRelpClt; /* relp client for this instance */
sbool bEnableTLS;
sbool bEnableTLSZip;
+ uchar *pristring; /* GnuTLS priority string (NULL if not to be provided) */
uchar *tplName;
} instanceData;
@@ -86,6 +87,7 @@ static struct cnfparamdescr actpdescr[] = {
{ "target", eCmdHdlrGetWord, 1 },
{ "tls", eCmdHdlrBinary, 0 },
{ "tls.compression", eCmdHdlrBinary, 0 },
+ { "tls.prioritystring", eCmdHdlrString, 0 },
{ "port", eCmdHdlrGetWord, 0 },
{ "rebindinterval", eCmdHdlrInt, 0 },
{ "timeout", eCmdHdlrInt, 0 },
@@ -129,6 +131,8 @@ doCreateRelpClient(instanceData *pData)
if(relpCltEnableTLSZip(pData->pRelpClt) != RELP_RET_OK)
ABORT_FINALIZE(RS_RET_RELP_ERR);
}
+ if(relpCltSetGnuTLSPriString(pData->pRelpClt, (char*) pData->pristring) != RELP_RET_OK)
+ ABORT_FINALIZE(RS_RET_RELP_ERR);
}
if(glbl.GetSourceIPofLocalClient() == NULL) { /* ar Do we have a client IP set? */
if(relpCltSetClientIP(pData->pRelpClt, glbl.GetSourceIPofLocalClient()) != RELP_RET_OK)
@@ -147,6 +151,7 @@ CODESTARTcreateInstance
pData->rebindInterval = 0;
pData->bEnableTLS = DFLT_ENABLE_TLS;
pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP;
+ pData->pristring = NULL;
ENDcreateInstance
BEGINfreeInstance
@@ -156,6 +161,7 @@ CODESTARTfreeInstance
free(pData->target);
free(pData->port);
free(pData->tplName);
+ free(pData->pristring);
ENDfreeInstance
static inline void
@@ -168,6 +174,7 @@ setInstParamDefaults(instanceData *pData)
pData->rebindInterval = 0;
pData->bEnableTLS = DFLT_ENABLE_TLS;
pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP;
+ pData->pristring = NULL;
}
@@ -199,6 +206,8 @@ CODESTARTnewActInst
pData->bEnableTLS = (unsigned) pvals[i].val.d.n;
} else if(!strcmp(actpblk.descr[i].name, "tls.compression")) {
pData->bEnableTLSZip = (unsigned) pvals[i].val.d.n;
+ } else if(!strcmp(actpblk.descr[i].name, "tls.prioritystring")) {
+ pData->pristring = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
} else {
dbgprintf("omrelp: program error, non-handled "
"param '%s'\n", actpblk.descr[i].name);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 17:53:18 +0000