I found the issue.
During my testing i found that 2 things can cause the null pointer we saw earlier:
- If the certificate is missing
- If the certificate has the wrong permission (ownership).
In my case it was the latter, i had created the certificates as root:root on accident. It worked like a charm when chowning to 1000:1000.
The reason i did not think of this , is that this should not cause a nullpointer. It should cause a permission error, like all other files in Logstash. I would still consider this a bug for that reason, but now we know.
Bonus:
For anyone else reading this, you can verify that your ssl pipeline is working by establishing a connection using s_client from openssh as such:
openssl s_client -connect localhost:8517 -cert /var/certs/somecert.crt -key /var/certs/somekey.key