rsyslogd fails to load lmnsd_gtls.so

This thread from the rsyslog mailing list appears to describe the same issue: http://lists.adiscon.net/pipermail/rsyslog/2011-April/013265.html

Status changed to 'Confirmed' because the bug affects multiple users.

ApportVersion: 2.8-0ubuntu1
Architecture: amd64
DistroRelease: Ubuntu 13.04
MarkForUpload: True
NonfreeKernelModules: fglrx
Package: rsyslog 5.8.11-2ubuntu1
PackageArchitecture: amd64
ProcEnviron:
 LANGUAGE=en_GB:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 3.8.0-0.3-generic 3.8.0-rc3
Tags: raring uec-images
Uname: Linux 3.8.0-0-generic x86_64
UpgradeStatus: Upgraded to raring on 2012-12-03 (43 days ago)
UserGroups: adm admin audio cdrom debian-tor dialout floppy fuse libvirtd lpadmin mythtv netdev plugdev polkituser powerdev root sambashare sudo video
modified.conffile..etc.apparmor.d.usr.sbin.rsyslogd: [deleted]

apport information

http://kb.monitorware.com/problems-loading-tls-plugin-t10921.html suggests that "could not load module '/usr/local/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078" actually means "I can't read your ca.pem file...[snipped]"

So, in my case, ` sudo /usr/sbin/rsyslogd -c5 -dn ` contained the following output:
5848.863681948:7f061271d700: GTLS CA file: '/var/lib/orchestra/ssl-cert-orchestra-ca.pem'
5848.863722114:7f0614795740: Exec only when previous is suspended: 0
5848.864106720:7f061271d700: unexpected GnuTLS error -64 in nsd_gtls.c:583: Error while reading file.
5848.864137883:7f061271d700: Called LogError, msg: could not load module '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078

/var/lib/orchestra/ssl-cert-orchestra-ca.pem does not exist for me at this time.

In the debug log provided by Mark above, I can see the following:
7508.666383742:main queue:Reg/w0: GTLS CA file: '/root/ssl/ca.pem'
7508.666438320:main queue:Reg/w0: unexpected GnuTLS error -64 in nsd_gtls.c:574: Error while reading file.
7508.666458318:main queue:Reg/w0: Called LogError, msg: could not load module '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078

Following directly on from the previous comment, removing the various ubuntu-orchestra packages causes the 'lmnsd_gtls.so' complaint to disappear:
`sudo apt-get remove --purge ubuntu-orchestra-*`

I tested a rsyslog client talking to a rsyslog server both using `rsyslog-gnutls 8.2112.0-2ubuntu2.2` on Ubuntu 22.04 and it worked fine. There, there is no error loading "/usr/lib/x86_64-linux-gnu/rsyslog/lmnsd_gtls.so" as long as the `-gnutls` package is installed. I used only a cert (from Let's Encrypt) on the server side but I enabled Apparmor on both sides.

I'm not sure if your error could have been due to having enabled the Apparmor profile and using certificate files stored under `/root/ssl` which isn't permitted by the Apparmor profile? Marking as incomplete until you can report on the Apparmor profile situation.

Hi Simon,

It is unlikely I will be able to replicate the scenario at this time.
Please feel free to close off this case.

Kind regards,
Gaz/schmooster

On Mon, 16 Jan 2023 at 05:25, Simon Déziel <email address hidden>
wrote:

> I tested a rsyslog client talking to a rsyslog server both using
> `rsyslog-gnutls 8.2112.0-2ubuntu2.2` on Ubuntu 22.04 and it worked fine.
> There, there is no error loading "/usr/lib/x86_64-linux-
> gnu/rsyslog/lmnsd_gtls.so" as long as the `-gnutls` package is
> installed. I used only a cert (from Let's Encrypt) on the server side
> but I enabled Apparmor on both sides.
>
> I'm not sure if your error could have been due to having enabled the
> Apparmor profile and using certificate files stored under `/root/ssl`
> which isn't permitted by the Apparmor profile? Marking as incomplete
> until you can report on the Apparmor profile situation.
>
> ** Changed in: rsyslog (Ubuntu)
> Status: Confirmed => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/869881
>
> Title:
> rsyslogd fails to load lmnsd_gtls.so
>
> Status in rsyslog package in Ubuntu:
> Incomplete
>
> Bug description:
> rsyslog fails to load tls functionality.
>
> Relevant section from rsyslog.conf:
> (full file is attached, contents of /etc/rsyslog.d is unmodified from
> package defaults, and running `rsyslogd -f /etc/rsyslog.conf -c4 -N1`
> does not show any configuration errors. The remote logging section is
> copy-pasted from a working debian 6 box)
> ########################
> #### REMOTE LOGGING ####
> ########################
> # certificate files
> $DefaultNetstreamDriverCAFile /root/ssl/ca.pem
> $DefaultNetstreamDriverCertFile /root/ssl/generic-cert.pem
> $DefaultNetstreamDriverKeyFile /root/ssl/generic-key.pem
>
>
> # set up the action
> $DefaultNetstreamDriver gtls # use gtls netstream driver
> $ActionSendStreamDriverMode 1 # require TLS for the connection
> $ActionSendStreamDriverAuthMode x509/certvalid
>
> *.* @@(o)10.181.60.127:10514 # send (all) messages
>
>
> Error written to syslog:
> Oct 7 09:59:01 alpha rsyslogd-2068: could not load module
> '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078
>
> Relevant info from running in debug mode (full debug output is
> attached):
> 7508.666438320:main queue:Reg/w0: unexpected GnuTLS error -64 in
> nsd_gtls.c:574: Error while reading file.
>
> I have also attached strace output from rsyslog.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: rsyslog-gnutls 4.2.0-2ubuntu8.1
> Uname: Linux 2.6.35.4-rscloud x86_64
> Architecture: amd64
> Date: Fri Oct 7 09:38:03 2011
> ProcEnviron: SHELL=/bin/bash
> SourcePackage: rsyslog
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/869881/+subscriptions
>
>

Yeah, I figured it was likely the outcome when I replied to a bug that was last touched 10 years ago ;) The bug will close itself in ~60 days if nothing happen so I think that's OK. Thanks!

[Expired for rsyslog (Ubuntu) because there has been no activity for 60 days.]