Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl_certificate never used in Client #4

Closed
lazyfrosch opened this issue Jul 28, 2015 · 5 comments · Fixed by #5
Closed

ssl_certificate never used in Client #4

lazyfrosch opened this issue Jul 28, 2015 · 5 comments · Fixed by #5
Assignees
@ph
Labels
bug

Comments

@lazyfrosch
Copy link

Prove me wrong, but I think the ssl_certificate is never used in client.

So the connection to a server doesn't get validated?
@ph
Copy link
Contributor

ph commented Jul 29, 2015

I've been looking through the code and yes this settings seem to be not used but required.

@ph
Copy link
Contributor

ph commented Jul 29, 2015

thanks to @jsvd's archeology skills it used to be there

ruby-lumberjack/lib/lumberjack/client.rb

Line 77 in ea49476

openssl_cert = OpenSSL::X509::Certificate.new(File.read(@opts[:ssl_certificate]))

@ph ph self-assigned this Jul 29, 2015
@lazyfrosch
Copy link
Author

But even the verification is disabled there 😢

@ph
Copy link
Contributor

ph commented Jul 29, 2015

@lazyfrosch I'll fix it :( I am messing with another SSL problem so I'll do it at the same time.

@lazyfrosch
Copy link
Author

@ph thanks for that 😄

@ph ph added the bug label Jul 29, 2015
ph added a commit that referenced this issue Jul 30, 2015
@ph
Enforcing VERIFY_PEER on the client
759fb5f 
The ruby client did not enforce the validation of the certificate,
opening possible man in the middle attacks on the client. This PR make sure that
the `verify_mode` is set to `VERIFY_PEER` and add the certificate to the store
for this specific connection. An integration test was added to validate
this change.

This change make the ruby client handling of connection closer to the
`logstash-forwarder` behavior, which does the verify peer per default.

Fixes #4
@ph ph mentioned this issue Jul 30, 2015
Merged
ph added a commit that referenced this issue Jul 30, 2015
@ph
Enforcing VERIFY_PEER on the client
593355b 
The ruby client did not enforce the validation of the certificate,
opening possible man in the middle attacks on the client. This PR make sure that
the `verify_mode` is set to `VERIFY_PEER` and add the certificate to the store
for this specific connection. An integration test was added to validate
this change.

This change makes the ruby client handling of connection closer to the
`logstash-forwarder` behavior, which does the verify peer per default.

Fixes #4
ph added a commit that referenced this issue Jul 30, 2015
@ph
Enforcing VERIFY_PEER on the client
ea44add 
The ruby client did not enforce the validation of the certificate,
opening possible man in the middle attacks on the client. This PR make sure that
the `verify_mode` is set to `VERIFY_PEER` and add the certificate to the store
for this specific connection. An integration test was added to validate
this change.

This change makes the ruby client handling of connection closer to the
`logstash-forwarder` behavior, which does the verify peer per default.

Fixes #4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ph ph

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enforcing VERIFY_PEER on the client elastic/ruby-lumberjack
2 participants
@ph @lazyfrosch