From c121c360e5b552ef73147e805733975bdc6a6f65 Mon Sep 17 00:00:00 2001 From: Hiroshi Hatake Date: Mon, 17 Jun 2024 14:47:44 +0900 Subject: [PATCH] output: tls: Add tls.verify_hostname handlers Signed-off-by: Hiroshi Hatake --- include/fluent-bit/flb_output.h | 1 + src/flb_output.c | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/fluent-bit/flb_output.h b/include/fluent-bit/flb_output.h index eab0c983701..58433fcb0d5 100644 --- a/include/fluent-bit/flb_output.h +++ b/include/fluent-bit/flb_output.h @@ -284,6 +284,7 @@ struct flb_output_instance { #ifdef FLB_HAVE_TLS int tls_verify; /* Verify certs (default: true) */ + int tls_verify_hostname; /* Verify hostname (default: false) */ int tls_debug; /* mbedtls debug level */ char *tls_vhost; /* Virtual hostname for SNI */ char *tls_ca_path; /* Path to certificates */ diff --git a/src/flb_output.c b/src/flb_output.c index 98143b4ac8b..1c7853f79f1 100644 --- a/src/flb_output.c +++ b/src/flb_output.c @@ -678,6 +678,7 @@ struct flb_output_instance *flb_output_new(struct flb_config *config, instance->tls = NULL; instance->tls_debug = -1; instance->tls_verify = FLB_TRUE; + instance->tls_verify_hostname = FLB_FALSE; instance->tls_vhost = NULL; instance->tls_ca_path = NULL; instance->tls_ca_file = NULL; @@ -872,6 +873,10 @@ int flb_output_set_property(struct flb_output_instance *ins, ins->tls_verify = flb_utils_bool(tmp); flb_sds_destroy(tmp); } + else if (prop_key_check("tls.verify_hostname", k, len) == 0 && tmp) { + ins->tls_verify_hostname = flb_utils_bool(tmp); + flb_sds_destroy(tmp); + } else if (prop_key_check("tls.debug", k, len) == 0 && tmp) { ins->tls_debug = atoi(tmp); flb_sds_destroy(tmp); @@ -1249,6 +1254,16 @@ int flb_output_init_all(struct flb_config *config) flb_output_instance_destroy(ins); return -1; } + + if (ins->tls_verify_hostname == FLB_TRUE) { + ret = flb_tls_set_verify_hostname(ins->tls, ins->tls_verify_hostname); + if (ret == -1) { + flb_error("[output %s] error set up to verify hostname in TLS context", + ins->name); + + return -1; + } + } } #endif /*