Skip to content

Commit

Permalink
add verify_mode option to verify client certs
Browse files Browse the repository at this point in the history
Fixes #37
  • Loading branch information
joemiller authored and jsvd committed Mar 7, 2016
1 parent 6596de0 commit b7506fe
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions lib/logstash/inputs/http.rb
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
# Set the truststore password
config :keystore_password, :validate => :password

# Set the client certificate verification method. Valid methods: none, peer, force_peer
config :verify_mode, :validate => ['none', 'peer', 'force_peer'], :default => 'none'

# Apply specific codecs for specific content types.
# The default codec will be applied only after this list is checked
# and no codec for the request's content-type is found
Expand Down Expand Up @@ -96,6 +99,14 @@ def register
ctx = Puma::MiniSSL::Context.new
ctx.keystore = @keystore
ctx.keystore_pass = @keystore_password.value
ctx.verify_mode = case @verify_mode
when 'peer'
Puma::MiniSSL::VERIFY_PEER
when 'force_peer'
Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
when 'none'
Puma::MiniSSL::VERIFY_NONE
end
@server.add_ssl_listener(@host, @port, ctx)
else
@server.add_tcp_listener(@host, @port)
Expand Down

0 comments on commit b7506fe

Please sign in to comment.