Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: restore use of DefaultHostnameVerifier #193

Merged
merged 3 commits into from Jun 2, 2023
Merged

fix: restore use of DefaultHostnameVerifier #193

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fe9af39
restore use of DefaultHostnameVerifier
edmocosta May 31, 2023
c717a6b
Update PR link
edmocosta May 31, 2023
04b74c0
Document why we are using :default instead of :strict
yaauie Jun 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
@@ -1,3 +1,6 @@
## 4.17.2
- Fixes a regression introduced in 4.17.0 which could prevent a connection from being established to Elasticsearch in some SSL configurations [#193](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/193)

## 4.17.1
- Fix: scroll slice high memory consumption [#189](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/189)

Expand Down
4 changes: 3 additions & 1 deletion lib/logstash/inputs/elasticsearch.rb
View file
Open in desktop
Expand Up @@ -521,7 +521,9 @@ def setup_client_ssl
"to make sure your data is secure set `ssl_verification_mode => full`"
ssl_options[:verify] = :disable
else
ssl_options[:verify] = :strict
# Manticore's :default maps to Apache HTTP Client's DefaultHostnameVerifier,
# which is the modern STRICT verifier that replaces the deprecated StrictHostnameVerifier
ssl_options[:verify] = :default
yaauie marked this conversation as resolved.
Show resolved Hide resolved
end
end

Expand Down
2 changes: 1 addition & 1 deletion logstash-input-elasticsearch.gemspec
View file
Open in desktop
@@ -1,7 +1,7 @@
Gem::Specification.new do |s|

s.name = 'logstash-input-elasticsearch'
s.version = '4.17.1'
s.version = '4.17.2'
s.licenses = ['Apache License (2.0)']
s.summary = "Reads query results from an Elasticsearch cluster"
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
Expand Down
6 changes: 3 additions & 3 deletions spec/inputs/elasticsearch_ssl_spec.rb
View file
Open in desktop
Expand Up @@ -123,7 +123,7 @@

it "should pass the flag to the ES client" do
expect(::Elasticsearch::Client).to receive(:new) do |args|
expect(args[:ssl]).to match hash_including(:ssl => true, :verify => :strict)
expect(args[:ssl]).to match hash_including(:ssl => true, :verify => :default)
end.and_return(es_client_double)

subject.register
Expand Down Expand Up @@ -200,7 +200,7 @@
:truststore => ssl_truststore_path,
:truststore_type => "jks",
:truststore_password => "foo",
:verify => :strict,
:verify => :default,
:cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
:protocols => ["TLSv1.3"],
)
Expand Down Expand Up @@ -236,7 +236,7 @@
:ca_file => ssl_certificate_authorities_path,
:client_cert => ssl_certificate_path,
:client_key => ssl_key_path,
:verify => :strict,
:verify => :default,
:cipher_suites => ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"],
:protocols => ["TLSv1.3"],
)
Expand Down