[sudo-users] sudo_logsrvd configuration
Todd C. Miller
Todd.Miller at sudo.ws
Fri Jul 23 15:53:54 MDT 2021
On Fri, 23 Jul 2021 13:25:51 -0500, Stefan Johnson wrote:
> With these settings in place (and a service restart) the debug output seems
> to indicate it is listening on the correct port. A "netstat -plantu" shows
> the listening port is there and owned by the sudo_logsrvd process.
>
> Unfortunately, I get the following error lines when I try to "sudo su -"
> from the test machine (which is now configured to include 30344(tls)
> instead of 30343 for the port)
> sudo: TLS connection to redacted.redacted.com:30344 failed: Connection
> reset by peer
> sudo: TLS handshake was unsuccessful: Connection reset by peer
> sudo: unable to connect to log server
> sudo: error initializing I/O plugin sudoers_io
>
> The test is being run against localhost to remove any possibility of
> firewall/network acl issues.
>
> The debug logsrvd_debug log shows this interesting line:
> unexpected error during TLS handshake: 1 (error:140C5042:SSL
> routines:ssl_undefined_function:called a function you should not call) @
> tls_handshake_cb() ./logsrvd.c:1366
Can you tell me more about what OS and version you are running and
what version of OpenSSL you are using? It doesn't sound like you
are doing anything wrong.
- todd
More information about the sudo-users
mailing list