Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added ssl_endpoint_identification_algorithm config option #212

Closed
wants to merge 1 commit into from
Closed

added ssl_endpoint_identification_algorithm config option #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions docs/index.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
| <<plugins-{type}s-{plugin}-ssl_truststore_location>> |a valid filesystem path|No
| <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
| <<plugins-{type}s-{plugin}-ssl_endpoint_identification_algorithm>> |<<string,string>>|No
| <<plugins-{type}s-{plugin}-topic_id>> |<<string,string>>|Yes
| <<plugins-{type}s-{plugin}-value_serializer>> |<<string,string>>|No
|=======================================================================
Expand Down Expand Up @@ -388,6 +389,14 @@ The truststore password

The truststore type.

[id="plugins-{type}s-{plugin}-ssl_endpoint_identification_algorithm"]
===== `ssl_endpoint_identification_algorithm`

* Value type is <<string,string>>
* Default value is `"https"`

The endpoint identification algorithm, defaults to "https". Set to empty string "" to disable

[id="plugins-{type}s-{plugin}-topic_id"]
===== `topic_id`

Expand Down
3 changes: 3 additions & 0 deletions lib/logstash/outputs/kafka.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ class LogStash::Outputs::Kafka < LogStash::Outputs::Base
config :ssl_keystore_password, :validate => :password
# The password of the private key in the key store file.
config :ssl_key_password, :validate => :password
# Algorithm to use when verifying host. Set to "" to disable
config :ssl_endpoint_identification_algorithm, :validate => :string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you set the value explicitly to 'https' to ensure that the behavior remains the same in the (probably somewhat unlikely) event that the Kafka client changes defaults again

# Security protocol to use, which can be either of PLAINTEXT,SSL,SASL_PLAINTEXT,SASL_SSL
config :security_protocol, :validate => ["PLAINTEXT", "SSL", "SASL_PLAINTEXT", "SASL_SSL"], :default => "PLAINTEXT"
# http://kafka.apache.org/documentation.html#security_sasl[SASL mechanism] used for client connections.
Expand Down Expand Up @@ -365,6 +367,7 @@ def set_trustore_keystore_config(props)
props.put("ssl.key.password", ssl_key_password.value) unless ssl_key_password.nil?
props.put("ssl.keystore.location", ssl_keystore_location) unless ssl_keystore_location.nil?
props.put("ssl.keystore.password", ssl_keystore_password.value) unless ssl_keystore_password.nil?
props.put("ssl.endpoint.identification.algorithm", ssl_endpoint_identification_algorithm.value) unless ssl_endpoint_identification_algorithm.nil?
end

def set_sasl_config(props)
Expand Down