Apparent bug in logstash-input-beats in SslSimpleBuilder.java


(Nick George) #1

Hi,

If the user has set verify_mode to NONE in the logstash beats input configuration, it is overridden default value set by the code in SslSimpleBuilder.java, see below:

SslClientVerifyMode verifyMode = SslClientVerifyMode.FORCE_PEER;

The Java code has no concept of NONE as the ClientVerifyMode.

Due to various other limitations in Logstash, I am having to pass in a non-empty array of certificate authorities. Because of this, requireClientAuth() will always return true; which in turn, actually sets the verify mode to FORCE_PEER - even though I set it to NONE in the filter configuration.

The code I'm referring to is located here:

Are you happy for me to create a Github issue to have this fixed?

Regards,
Nick


LS environment variable handling doesn't appear to behave as documented
(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.