Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upstream_ha: upstream_node: process verify hostname on HA settings #9180

Merged
merged 3 commits into from
Aug 13, 2024
+52 −1
Merged

upstream_ha: upstream_node: process verify hostname on HA settings #9180

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4720471
upstream_node: Process tls.verify_hostname parameter
cosmo0920 Aug 9, 2024
2a91b86
out_azure_kusto: Follow the creating node function change
cosmo0920 Aug 9, 2024
6000546
upstream_ha: Plug memory leaks
cosmo0920 Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions include/fluent-bit/flb_upstream_node.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ struct flb_upstream_node {
#ifdef FLB_HAVE_TLS
/* TLS: given configuration */
int tls_verify; /* Verify certs (default: true) */
int tls_verify_hostname; /* Verify hostname (default: false) */
int tls_debug; /* mbedtls debug level */
char *tls_ca_path; /* Path to certificates */
char *tls_ca_file; /* CA root cert */
Expand Down Expand Up @@ -65,6 +66,7 @@ struct flb_upstream_node {
struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t host,
flb_sds_t port,
int tls, int tls_verify,
int tls_verify_hostname,
int tls_debug,
const char *tls_vhost,
const char *tls_ca_path,
Expand Down
1 change: 1 addition & 0 deletions plugins/out_azure_kusto/azure_kusto_conf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ static struct flb_upstream_node *flb_upstream_node_create_url(struct flb_azure_k

node = flb_upstream_node_create(
NULL, sds_host, sds_port, FLB_TRUE, ctx->ins->tls->verify,
ctx->ins->tls->verify_hostname,
ctx->ins->tls->debug, ctx->ins->tls->vhost, NULL, NULL, NULL,
NULL, NULL, kv, config);

Expand Down
38 changes: 37 additions & 1 deletion src/flb_upstream_ha.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ static struct flb_upstream_node *create_node(int id,
int vlen;
int tls = FLB_FALSE;
int tls_verify = FLB_TRUE;
int tls_verify_hostname = FLB_FALSE;
int tls_debug = 1;
char key[32];
char *tmp;
Expand All @@ -138,7 +139,8 @@ static struct flb_upstream_node *create_node(int id,
const char *known_keys[] = {"name", "host", "port",
"tls", "tls.vhost", "tls.verify", "tls.debug",
"tls.ca_path", "tls.ca_file", "tls.crt_file",
"tls.key_file", "tls.key_passwd", NULL};
"tls.key_file", "tls.key_passwd",
"tls.verify_hostname", NULL};

struct flb_upstream_node *node;

Expand Down Expand Up @@ -180,6 +182,13 @@ static struct flb_upstream_node *create_node(int id,
flb_sds_destroy(tmp);
}

/* tls.verify_hostname */
tmp = flb_cf_section_property_get_string(cf, s, "tls.verify_hostname");
if (tmp) {
tls_verify_hostname = flb_utils_bool(tmp);
flb_sds_destroy(tmp);
}

/* tls.debug */
tmp = flb_cf_section_property_get_string(cf, s, "tls.debug");
if (tmp) {
Expand Down Expand Up @@ -252,9 +261,36 @@ static struct flb_upstream_node *create_node(int id,
}

node = flb_upstream_node_create(name, host, port, tls, tls_verify,
tls_verify_hostname,
tls_debug, tls_vhost, tls_ca_path, tls_ca_file,
tls_crt_file, tls_key_file,
tls_key_passwd, ht, config);

/* Teardown for created flb_sds_t stuffs by flb_cf_section_property_get_string(). */
if (tls_vhost != NULL) {
flb_sds_destroy(tls_vhost);
}

if (tls_ca_path != NULL) {
flb_sds_destroy(tls_ca_path);
}

if (tls_ca_file != NULL) {
flb_sds_destroy(tls_ca_file);
}

if (tls_crt_file != NULL) {
flb_sds_destroy(tls_crt_file);
}

if (tls_key_file != NULL) {
flb_sds_destroy(tls_key_file);
}

if (tls_key_passwd != NULL) {
flb_sds_destroy(tls_key_passwd);
}

return node;
}

Expand Down
12 changes: 12 additions & 0 deletions src/flb_upstream_node.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t host,
flb_sds_t port,
int tls, int tls_verify,
int tls_verify_hostname,
int tls_debug,
const char *tls_vhost,
const char *tls_ca_path,
Expand All @@ -40,6 +41,7 @@ struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t hos
struct flb_hash_table *ht,
struct flb_config *config)
{
int ret;
int i_port;
int io_flags;
char tmp[255];
Expand Down Expand Up @@ -143,6 +145,16 @@ struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t hos
return NULL;
}
node->tls_enabled = FLB_TRUE;
if (tls_verify_hostname == FLB_TRUE) {
ret = flb_tls_set_verify_hostname(node->tls, tls_verify_hostname);
if (ret == -1) {
flb_error("[upstream_node] error set up to verify hostname in TLS context "
"on node '%s'", name);
flb_upstream_node_destroy(node);

return NULL;
}
}
}
#endif

Expand Down
Loading