Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix tls options #22

Merged
merged 3 commits into from
May 12, 2016
Merged

Fix tls options #22

merged 3 commits into from
May 12, 2016

Conversation

andrewvc
Copy link
Contributor

@andrewvc andrewvc commented May 10, 2016
edited
Loading

This removes the non-functional verify_ssl option.
It also makes the tls_certificate_path and tls_certificate_password options work
correctly when 'true' is passed as the TLS parameter instead of an explicit string value.

This also puts in some test files for manually testing SSL stuff with rabbitmq

jordansissel
jordansissel reviewed May 10, 2016
View reviewed changes
lib/logstash/plugin_mixins/rabbitmq_connection.rb
@@ -40,9 +40,6 @@ def setup_rabbitmq_connection_config
# Specify TLS version if using TLS e.g "TLSv1.2"
config :ssl, :validate => :string

# Validate SSL certificate
config :verify_ssl, :validate => :boolean, :default => false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

even if this did nothing, should we go thorugh the deprecated-then-obsolete process to help users (who have this setting) not be confused at its disappearance?

We could keep it and mark it :deprecated => "This setting never actually did anything. <insert recommendation here>" -- thoughts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jordansissel I had the same thought at first. My worry though is that if someone sets it to true and it does nothing that's actually dangerous, so we should probably just remove it.

A larger problem we should tackle (in a different PR) is perhaps making SSL validation the default. This is actually kind of tricky in RabbitMQ Java, so I think its not something we should do immediately. But we should do it.

Your thoughts?

@andrewvc
Copy link
Contributor Author

@jordansissel I made a variety of changes that should address all your concerns.

This was referenced May 11, 2016
Closed
Closed
Closed
jordansissel
jordansissel reviewed May 12, 2016
View reviewed changes
lib/logstash/plugin_mixins/rabbitmq_connection.rb
s[:tls_certificate_path] = @tls_certificate_path || ""
s[:tls_certificate_password] = @tls_certificate_password || ""

# This MUST be passed as a string or the cert options will be ignored
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can remove this comment now, right? or just make it set on the s[:tls] line instead.

@jordansissel
Copy link
Contributor

Made one small comment. LGTM once resolved! <3

@andrewvc
Fix TLS/SSL Options to be sane
89cc1a8 
This removes the non-functionaly verify_ssl option.
It also makes the tls_certificate_path and tls_certificate_password options work
correctly when 'true' is passed as the TLS parameter instead of an explicit string value.
@andrewvc
Copy link
Contributor Author

Thanks for the review @jordansissel !

@andrewvc andrewvc merged commit b383328 into logstash-plugins:master May 12, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@andrewvc @jordansissel