SSL client certs allowed, but lumberjack-input doesn't seem to validate them?

finn · June 18, 2015, 8:59pm

First off, not sure if this would fit better in the main logstash forum, as it's about the input plugin which doesn't seem to technically be part of logstash-forwarder.

So, logstash-forwarder allows me to specify SSL client certificates, but the jumberjack input plugin doesn't appear to do any validation of them, and in fact doesn't allow me to specify a CA or list of CAs to validate them against. What's going on here? Is this just not fully implemented yet? If I implement it and make a pull request would there be interest?

finn · June 19, 2015, 6:59pm

Well, just noticed that there is a TODO in the code for exactly this, so I guess that clears that up.

tbragin · June 26, 2015, 12:01am

The current security model is Logstash Forwarder (client) will validate that the Logstash (server) it connects to is valid. The guarantee is that Logstash Forwarder will validate who it ships data to, so you won't leak sensitive data to malicious third parties.

We are tracking an issue to add SSL validation the other way, so that the server also validates who the client is and a malicious client cannot send data to a server it shouldn't be communicating with: https://github.com/logstash-plugins/logstash-input-lumberjack/issues/31

Topic		Replies	Views
Certificate issues lumberjack as output plugin Logstash	8	2414	March 2, 2017
Logstash Lumberjack Output Logstash	2	244	September 19, 2022
Logstash-forwarder working Logstash	4	1572	July 6, 2017
Finding Difficulties with SSL Certificate verification with Lumberjack,Logstash version 1.5.4 Logstash	4	2886	July 6, 2017
Expected behavior of tcp/input/ssl_verify=true? Logstash	1	183	June 16, 2023

SSL client certs allowed, but lumberjack-input doesn't seem to validate them?

Related topics