-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add verify_mode option to verify client certs #37
add verify_mode option to verify client certs #37
Conversation
Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run; then say 'jenkins, test it'. |
Hello @joemiller Would you mind rebasing this PR? I think this will also fixe this issue #46 that might be related to the JRUBY changes that got merged in 2.16 ?:) |
nevermind since this is a blocker I will rebase it and test it. |
I had it on my list to do this weekend or next week since puma accepted the On Fri, Feb 26, 2016 at 11:35 AM Pier-Hugues Pellerin <
|
7774b86
to
1b041bc
Compare
rebased against master, passed unit tests. Note I bumped puma to |
@joemiller 2.16 should include the patch too, we are about to ship a web api with the next version of logstash I would prefer if we stick with 2.X. until 3.0 is released for some time ;) |
I agree. I did not see that 2.16.0 would also have the patch =) I will On Mon, Feb 29, 2016 at 6:54 AM Pier-Hugues Pellerin <
|
1b041bc
to
d0dc109
Compare
@ph adjusted puma dep to 2.16 |
d0dc109
to
2afabbe
Compare
@@ -69,6 +69,9 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base | |||
# Set the truststore password | |||
config :keystore_password, :validate => :password | |||
|
|||
# Set the client certificate verification method. Valid methods: none, peer, force_peer | |||
config :verify_mode, :validate => :string, :default => 'none' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thankfully the config dsl in logstash allows us to specify a short list of possible values, so we can validate the method setting here instead of checking else
in line 109/110. what do you think?
suggestion:
config :verify_mode, :validate => ['none', 'peer', 'force_peer'], :default => 'none'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oops I missed that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I can make this change.
2afabbe
to
1bf626e
Compare
João Duarte merged this into the following branches!
|
Adds
verify_mode
option that can be used to authenticate client TLscertificates.
Options:
peer
,force_peer
,none
.peer
: Configures https server to request client certificate, but notrequire it.
force_peer
: Require client certificate to be trusted by one of the CA's inthe keystore.