If the user has set verify_mode to NONE in the logstash beats input configuration, it is overridden default value set by the code in SslSimpleBuilder.java, see below:
SslClientVerifyMode verifyMode = SslClientVerifyMode.FORCE_PEER;
The Java code has no concept of NONE as the ClientVerifyMode.
Due to various other limitations in Logstash, I am having to pass in a non-empty array of certificate authorities. Because of this, requireClientAuth() will always return true; which in turn, actually sets the verify mode to FORCE_PEER - even though I set it to NONE in the filter configuration.
The code I'm referring to is located here:
Are you happy for me to create a Github issue to have this fixed?