Skip to content

Commit

Permalink
upstream_node: Process tls.verify_hostname parameter
Browse files Browse the repository at this point in the history 
Signed-off-by: Hiroshi Hatake <[email protected]>
  • Loading branch information
@cosmo0920 @edsiper
cosmo0920 authored and edsiper committed Aug 13, 2024
1 parent e60c2f7 commit 9c8e73a
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 1 deletion.
2 changes: 2 additions & 0 deletions include/fluent-bit/flb_upstream_node.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ struct flb_upstream_node {
#ifdef FLB_HAVE_TLS
/* TLS: given configuration */
int tls_verify; /* Verify certs (default: true) */
int tls_verify_hostname; /* Verify hostname (default: false) */
int tls_debug; /* mbedtls debug level */
char *tls_ca_path; /* Path to certificates */
char *tls_ca_file; /* CA root cert */
Expand Down Expand Up @@ -65,6 +66,7 @@ struct flb_upstream_node {
struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t host,
flb_sds_t port,
int tls, int tls_verify,
int tls_verify_hostname,
int tls_debug,
const char *tls_vhost,
const char *tls_ca_path,
Expand Down
12 changes: 11 additions & 1 deletion src/flb_upstream_ha.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ static struct flb_upstream_node *create_node(int id,
int vlen;
int tls = FLB_FALSE;
int tls_verify = FLB_TRUE;
int tls_verify_hostname = FLB_FALSE;
int tls_debug = 1;
char key[32];
char *tmp;
Expand All @@ -138,7 +139,8 @@ static struct flb_upstream_node *create_node(int id,
const char *known_keys[] = {"name", "host", "port",
"tls", "tls.vhost", "tls.verify", "tls.debug",
"tls.ca_path", "tls.ca_file", "tls.crt_file",
"tls.key_file", "tls.key_passwd", NULL};
"tls.key_file", "tls.key_passwd",
"tls.verify_hostname", NULL};

struct flb_upstream_node *node;

Expand Down Expand Up @@ -180,6 +182,13 @@ static struct flb_upstream_node *create_node(int id,
flb_sds_destroy(tmp);
}

/* tls.verify_hostname */
tmp = flb_cf_section_property_get_string(cf, s, "tls.verify_hostname");
if (tmp) {
tls_verify_hostname = flb_utils_bool(tmp);
flb_sds_destroy(tmp);
}

/* tls.debug */
tmp = flb_cf_section_property_get_string(cf, s, "tls.debug");
if (tmp) {
Expand Down Expand Up @@ -252,6 +261,7 @@ static struct flb_upstream_node *create_node(int id,
}

node = flb_upstream_node_create(name, host, port, tls, tls_verify,
tls_verify_hostname,
tls_debug, tls_vhost, tls_ca_path, tls_ca_file,
tls_crt_file, tls_key_file,
tls_key_passwd, ht, config);
Expand Down
12 changes: 12 additions & 0 deletions src/flb_upstream_node.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t host,
flb_sds_t port,
int tls, int tls_verify,
int tls_verify_hostname,
int tls_debug,
const char *tls_vhost,
const char *tls_ca_path,
Expand All @@ -40,6 +41,7 @@ struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t hos
struct flb_hash_table *ht,
struct flb_config *config)
{
int ret;
int i_port;
int io_flags;
char tmp[255];
Expand Down Expand Up @@ -143,6 +145,16 @@ struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t hos
return NULL;
}
node->tls_enabled = FLB_TRUE;
if (tls_verify_hostname == FLB_TRUE) {
ret = flb_tls_set_verify_hostname(node->tls, tls_verify_hostname);
if (ret == -1) {
flb_error("[upstream_node] error set up to verify hostname in TLS context "
"on node '%s'", name);
flb_upstream_node_destroy(node);

return NULL;
}
}
}
#endif

Expand Down

0 comments on commit 9c8e73a

Please sign in to comment.