add verify_mode option to verify client certs

Fixes #37
logstash-plugins · Mar 7, 2016 · b7506fe · b7506fe
1 parent 6596de0
commit b7506fe
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/lib/logstash/inputs/http.rb b/lib/logstash/inputs/http.rb
@@ -69,6 +69,9 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   # Set the truststore password
   config :keystore_password, :validate => :password
 
+  # Set the client certificate verification method. Valid methods: none, peer, force_peer
+  config :verify_mode, :validate => ['none', 'peer', 'force_peer'], :default => 'none'
+
   # Apply specific codecs for specific content types.
   # The default codec will be applied only after this list is checked
   # and no codec for the request's content-type is found
@@ -96,6 +99,14 @@ def register
       ctx = Puma::MiniSSL::Context.new
       ctx.keystore = @keystore
       ctx.keystore_pass = @keystore_password.value
+      ctx.verify_mode = case @verify_mode
+                        when 'peer'
+                          Puma::MiniSSL::VERIFY_PEER
+                        when 'force_peer'
+                          Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
+                        when 'none'
+                          Puma::MiniSSL::VERIFY_NONE
+                        end
       @server.add_ssl_listener(@host, @port, ctx)
     else
       @server.add_tcp_listener(@host, @port)