From b7506fe296016f210da03b6fc151bf64f88dec2a Mon Sep 17 00:00:00 2001
From: joe miller <joeym@joeym.net>
Date: Sat, 27 Feb 2016 14:02:28 -0800
Subject: [PATCH] add verify_mode option to verify client certs

Fixes #37
---
 lib/logstash/inputs/http.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/logstash/inputs/http.rb b/lib/logstash/inputs/http.rb
index 8cba3dd..e8b065f 100644
--- a/lib/logstash/inputs/http.rb
+++ b/lib/logstash/inputs/http.rb
@@ -69,6 +69,9 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   # Set the truststore password
   config :keystore_password, :validate => :password
 
+  # Set the client certificate verification method. Valid methods: none, peer, force_peer
+  config :verify_mode, :validate => ['none', 'peer', 'force_peer'], :default => 'none'
+
   # Apply specific codecs for specific content types.
   # The default codec will be applied only after this list is checked
   # and no codec for the request's content-type is found
@@ -96,6 +99,14 @@ def register
       ctx = Puma::MiniSSL::Context.new
       ctx.keystore = @keystore
       ctx.keystore_pass = @keystore_password.value
+      ctx.verify_mode = case @verify_mode
+                        when 'peer'
+                          Puma::MiniSSL::VERIFY_PEER
+                        when 'force_peer'
+                          Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
+                        when 'none'
+                          Puma::MiniSSL::VERIFY_NONE
+                        end
       @server.add_ssl_listener(@host, @port, ctx)
     else
       @server.add_tcp_listener(@host, @port)