Issues with SSL certificate validation in logstash output http plugin

[suraj-kamath]

There are two issues:

1. ssl_certificate_validation option is not taking effect. Irrespective of whether we give the value as true or false, it is always taken as true.
2. During SSL certification validation, logstash is doing a strict host name check. As part of this, it is not supporting wildcard certificates where CN is like *.subdomain.domain.com. Either this needs to be fixed or it would be ideal to have another option to the http plugin like, for example, "strict_host name_check" which can be set to true or false.

Logstash version :1.5.4
Http plugin version :1.1.0
java : 1.8.0_51.

[ayashjorden]

👍
Also experienced this behaviour.
@suraj-kamath nice description of the problem :)

[suraj-kamath]

@logstash-dev's can we have an update here ?

[ayashjorden]

@suraj-kamath I've found that 'ssl_certificate_validation' is used here.

Does it help?

[deeptjos]

Still awaiting response on this from "logstash-dev"
Please provide an update on this issue, Is there any plan of adding the changes in latest release ?

[suyograo]

ssl_certificate_validation option is not taking effect. Irrespective of whether we give the value as true or false, it is always taken as true.

@suraj-kamath is this plugin still trying to do cert validation when ssl_certificate_validation is false?

[clausy]

I'm getting the same error when using
ssl_certificate_validation => false
I get
"error" => "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

I just downloaded logstash 2.0 and installed the http_poller plugin

[deeptjos]

@logstash-dev's Any update on this ?
Also looks like Logstash does not support SNI, Please confirm.

[type0lang]

+1

[sameerpanicker]

I am also getting the same error.

"error" => "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

[NikolaeVarius]

+1 Getting same issue as above

[rlwmmw]

+1 Need a workaround!

[lifeofguenter]

+1

[sameerpanicker]

I was able to fix this problem. Check whether your application is using JDK or JRE. Based on that try installing the certificate in the keystore.
Let me know if you have any queries.