From eff4e24e8adbbeebd04808503713d440a2021075 Mon Sep 17 00:00:00 2001 From: Ry Biesemeyer Date: Fri, 11 Nov 2022 00:44:02 +0000 Subject: [PATCH] fix: provide ssl engine with advisory peer and algorithm info --- CHANGELOG.md | 3 +++ VERSION | 2 +- .../logstash/netty/SslHandlerProvider.java | 23 +++++++++++++++---- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be1f6728..d1f5075e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 6.4.3 + - Fix: provide SSL engine with advisory peer and algorithm information [#458](https://github.com/logstash-plugins/logstash-input-beats/issues/458) + ## 6.4.2 - Build: do not package jackson dependencies [#455](https://github.com/logstash-plugins/logstash-input-beats/pull/455) diff --git a/VERSION b/VERSION index a4c853ea..133cad28 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.4.2 +6.4.3 diff --git a/src/main/java/org/logstash/netty/SslHandlerProvider.java b/src/main/java/org/logstash/netty/SslHandlerProvider.java index c63a6821..263c19ff 100644 --- a/src/main/java/org/logstash/netty/SslHandlerProvider.java +++ b/src/main/java/org/logstash/netty/SslHandlerProvider.java @@ -4,6 +4,10 @@ import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import java.net.InetSocketAddress; + public class SslHandlerProvider { private final SslContext sslContext; @@ -14,9 +18,20 @@ public SslHandlerProvider(SslContext context, int sslHandshakeTimeoutMillis){ this.sslHandshakeTimeoutMillis = sslHandshakeTimeoutMillis; } - public SslHandler sslHandlerForChannel(final SocketChannel socket) { - SslHandler handler = sslContext.newHandler(socket.alloc()); - handler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis); - return handler; + public SslHandler sslHandlerForChannel(final SocketChannel socketChannel) { + final InetSocketAddress remoteAddress = socketChannel.remoteAddress(); + final String peerHost = remoteAddress.getHostString(); + final int peerPort = remoteAddress.getPort(); + final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc(), peerHost, peerPort); + + final SSLEngine engine = sslHandler.engine(); + engine.setUseClientMode(false); + + final SSLParameters sslParameters = engine.getSSLParameters(); + sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); + engine.setSSLParameters(sslParameters); + + sslHandler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis); + return sslHandler; } }