diff --git a/outputs/logstash/ca_invalid_test.key b/outputs/logstash/ca_invalid_test.key new file mode 100644 index 000000000000..86dbd0d1e04b --- /dev/null +++ b/outputs/logstash/ca_invalid_test.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEArhcGQkUS9v6aPeePxSOop/rh+Lc/IEW1NQE80lFJ6d6yFiN2 +kX0VHZsWUhsH86vjE7sDk+Uu82oNCOjc+Zq14jK0Z0ISzhdTsvryJ8paMb/Bn2bk +szEBvE57e6DKF+hJuITW6RJKASaU4FIBNkWsE16bIOgM1HZXNX+yESFc0w3OUCO7 +nNv3FBfyLS2x52sjKIZLc5RVqeC7F344OdRp6QVZzQsM1pMWsTd8Xalpj1H1aOsm +74WkHyYLthB4mV9g+arTvWBVafNDAXftFu1TmLMGm8ILduqQURxGasOPoNoEF5J4 +Rnhlp9AerB15haKdANls0X+htEy+1mnV5nsFodAsj0ZQ9ReETNkPMdHudXCrF9hh +JeBkFE3+O7059qJZH4u73opXQYFhOi/M7fpupWVmByzKkvvU8NmcCgtgtrWUlkxP +aLtoxF6JSjghuAmv9VKMLFNrHEcC9SDA8g7JcPRogGQowEOca7i9MkeKvO+BZAHR +qHHhHr/9TQ8Fym9IyR/vQZUe9ue4aNsWqsBjHhTlDKqtfMvL7/bT+h+f9+Y26CET +kfaz0WFPfwOY5jYaA6xfU6BiYJXwFHfWgV63cG+RolUIPNmV0hl2uMpk22QsTsOJ +9kIihXizh2X7aO+2ol+doxZq0jis+1pJaLtTV5/FOGa5Fx1pCys44O/No+ECAwEA +AQKCAgAnVzio3Sct/dcpShzpNee1HjLWm8J+LoKGmeL+vDPxz8t6yUTQF+4fpJ5k +q4see6dzG/3w/AeiJkMP0l+tYFLd7Qtrkjjhrc/SUHdMmqPLPkQpG31vKRH1Vd79 +zxYcVPfj5NEUFnf2zpsyHhX8B76dGfIAe6/6i0ul4VeCG4H4h9QptAl/pw2s0sR9 +hSgA3esyCzcdxVWecBSXeISIPQI6EGV8upSKIO8t2RYXrGMYajMFJK7FzfOKvnRD +DnHSZwVpJjt3Pj/PE5P+zvUbC0Kq7Tn/FNi2ZMd8LOGU2uCoPtxR312ivy5pv9RO +nNKLanYEbR30Md1++yDdH0mhLgfVa9kHSyZrlJa6cFqWlrcZwE5Zg0R3B+TLbtrA +WFZdV26u5ICbqYl3e/EhlIVJgLbmYjD88anXTSAObi1rwm6cAwd7+vM6PQkqlOGV +mUyjhvRSIpL/DTrAtUwud25yloDRCMVibxeJSkek+bbnMuf+vvVMs67MgDB2B+iN +OHLNKZZfllao/ZvPWiGjUkCIwwHLn6BkJNvNXeBwiof/sOtj56r23R0aEMU5aXvd +Ogq1lbEQZEmRLfmSoEIxC2gSQ4q8qevUQSmJp05fzQho+JjWVHZp6trSkeXIpgnS +E5YYCeGsGzkkT6CGI46R7XXvV9HzvM7RCMx7rH44V2InoZHs4QKCAQEA2gvymAGj +Rpa4p3cYAUcMD6eddPMkRpEX483ibS2ygaSzXy6uNMs7AEc5VJ4dg+uXACxita8w +rXpuNRBoPkkRIm4DiPX2y9jTTismYo4ZelyfjI05g7GhosXtlmMgQWEfL/JDlPXn +0pRBDhWXZ02Inw2AD+YMFC2hV2qqc226jIvLirHEZeO2TWJWIQWqh1nWW3bP/tdO +LyfzrZo5vxy0Ucmw0NwGXPg057XVEiaoN2XSEUNTMzz9HlPWCDkXrXfoEaEN1qFq +6f9K+UJE11sMP0cZ+AbzVw2w9YbAmz1lLiI0P51AUkLdvH99bgp46raN+xN7fZmK +6rb/VTld6b9YVQKCAQEAzGRi8Z//CP9L0ULMHGeneqnoOlMsf2FT0SOJasJbvlCK +Z0MZjJl0ukWSRNFMeE18hT+97tkg+/s9W6MkPa875ZPEMUPaIQJp47vAJm9FTdDP +T3dU/WWBsXa7oPXUNLd2AVWmjfaUye7WvR4rJR5xJKZwfqJIM9pypoOuT2YLUMlY +xQNrwYXo3LIlU/rkb3nv2rAZYxCsNvhMKdNY/j4bdXhocA7D9C745/+r2KAONecm +fDQSjLJTOL7ldOKPn6svF7eRrSVCRx80D7X06tBNGWejDib+Io/k79L+OEuo1ZEl +Z/3nnDY8qxz5yoG26jUU5Eu4j7IfG+FcHgBbykFZXQKCAQAItCFi3+3ci3ejd6WF +p4hbt50ZZfs0teX2Oemn4gMWGbTvP7XEdbhNMoqfThBvi5/jaeImzm9q/VAY3ibL +Fa+RaELL3MWVLXqBzEcj9/gcYkYcHicFkrmY/b2WGy7WbUIJb+oyr/4o8bIHFeWN +QhMKBkfuWohw5cFi8+cJ5H9lzM67Io1sY8KLJDm757X+4R8lV4DF82Izj6yyaU2U +y1iHSz27mIzIeT/jX+a5asGcNHxGJCHWEcEozL/mZCEF05t32K3su1TBMmeTu4lz +7zZ18CihNeXQu8Msicx2ZeT8CnF7eJNwtSqUs6IWGmTpOZBBTW3IfbCF3fgjNr8A +7ZphAoIBACZETToLyIX4tksxhGF1Dqgqk24IEHaw1C59xsaUKPUSwzbeGzR1rqMJ +T39O6FBFwaB49Kh5QnGq8ivr+WcLHd23sq2+lGJFv2mBx1Hq10DgbU/leaYPkR6W +qj5SiC5ugstxK8O8fNLpwo6ZzV4fuvMvrjQnUflTVs/SK5p18nxnlhUctNoApj5b +pB17BbXRUJTTD426m2OXTTsvdKP1INL3fiYsvYdEHBnjhlsCbGavJkduwGJTKL2h +D/i4SkeMlz6Lgdy28xe5wdeHK5mi8ixleOO3bTEvW5+DE1Ga6LtDd4tmwCxBA07O +F/5QFtz2nzi27JEKukRQBx0e2BCf94kCggEAaRLB2hJVjjbDf/QaXjy6+a+xUEOk +2EjbaKYLFp0GDs+0CaXBdXHh36X2vOXaT2TN08hEyL3ToirttVufKhPiG4zxDKQc +uskOG1KK5deEAiuHkjGb47J5HJcL4OwpaRDxKWihtaT6H0Dt6TawPLVViIUdEGIF +5dbOMHFch/Nz0hrr08azZf+JJ7b+40q3uCCLUleP7PA19Ye1EqVsHyX1oXhpWAWR +OT5c/DX61DT3PAZytyDmQh6G46vMMtaDXbwDbSA5rIglZgTlBoOMwR4qOzFOope4 +cBO55H8mNu/SeC36QaxJiFMeOnBo2FW3oSt0mZOb/EHlzwetGq3SO9zy5g== +-----END RSA PRIVATE KEY----- diff --git a/outputs/logstash/ca_invalid_test.pem b/outputs/logstash/ca_invalid_test.pem new file mode 100644 index 000000000000..f75899d2c080 --- /dev/null +++ b/outputs/logstash/ca_invalid_test.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFXTCCA0WgAwIBAgIQCYZiCOjXqDaqWrOaCNv+JDANBgkqhkiG9w0BAQ0FADAv +MQswCQYDVQQGEwJVUzEQMA4GA1UEChMHZWxhc3RpYzEOMAwGA1UECxMFYmVhdHMw +HhcNMTUxMTA0MTUwMTM0WhcNMjUxMTA0MTUwMTM0WjAvMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHZWxhc3RpYzEOMAwGA1UECxMFYmVhdHMwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCuFwZCRRL2/po954/FI6in+uH4tz8gRbU1ATzSUUnp +3rIWI3aRfRUdmxZSGwfzq+MTuwOT5S7zag0I6Nz5mrXiMrRnQhLOF1Oy+vInylox +v8GfZuSzMQG8Tnt7oMoX6Em4hNbpEkoBJpTgUgE2RawTXpsg6AzUdlc1f7IRIVzT +Dc5QI7uc2/cUF/ItLbHnayMohktzlFWp4LsXfjg51GnpBVnNCwzWkxaxN3xdqWmP +UfVo6ybvhaQfJgu2EHiZX2D5qtO9YFVp80MBd+0W7VOYswabwgt26pBRHEZqw4+g +2gQXknhGeGWn0B6sHXmFop0A2WzRf6G0TL7WadXmewWh0CyPRlD1F4RM2Q8x0e51 +cKsX2GEl4GQUTf47vTn2olkfi7veildBgWE6L8zt+m6lZWYHLMqS+9Tw2ZwKC2C2 +tZSWTE9ou2jEXolKOCG4Ca/1UowsU2scRwL1IMDyDslw9GiAZCjAQ5xruL0yR4q8 +74FkAdGoceEev/1NDwXKb0jJH+9BlR7257ho2xaqwGMeFOUMqq18y8vv9tP6H5/3 +5jboIROR9rPRYU9/A5jmNhoDrF9ToGJglfAUd9aBXrdwb5GiVQg82ZXSGXa4ymTb +ZCxOw4n2QiKFeLOHZfto77aiX52jFmrSOKz7Wklou1NXn8U4ZrkXHWkLKzjg782j +4QIDAQABo3UwczAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwIG +CCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0OBAcEBTEyMzQ1MBAGA1Ud +IwQJMAeABTEyMzQ1MA8GA1UdEQQIMAaHBAECAwQwDQYJKoZIhvcNAQENBQADggIB +AIguXLlBE+gos9aWQ1794sQqUspsNS3kTzvXtZJPAn/egTtmYHIkELyDjUxTAPCQ +OtoTEcVRQuj1dKVva0To4IS3J7K6blDuttwcKUaQ+n/Uop45b16f+/WslZLnyGFy +qiJ6tv9hY4uXQZOoOS3NDV6ip1EPmop71bsMVyOxbXtIueT2RYbs5G0qgfKyUozD +fP7I6qzRF5lNUL+uynulk/2KmOvT61248DnT/4AwPuJZMRVQug6PBDICSBaVOpdG +1gm6w0JfCDjv6hYSoSebhdrWVl2H2T2RX5c31CDeJij1saNnL1pLBNDBon7GnlFz +rpgJRlox6zVnY9hWxA7qkBbLd0n27yXQU3JeHAsfwdYyPPTD6JeK6UYkKX+LoYan +cozuv2N/22cMUjFgB6MvaPDUBUbnq3koM+4OMJyOAFla8v8G78p6rEI4moEH68qi +BCF0KZzJCgDs8o2nWN2aoDu9h0bqOMBwxcOYgwf9ZQyav1hApdZ7OTFbZN+J4/AC +5f1Q2axOH9AuXrI8CjXbR2d3iEXRP2y0QNH59Cqrmhdghq5pxfSOB59EQjdCKRYq +7uAD12OdZp5DrCvZMlo9qzS8FdaN3xdEKiYArOe9aIx2J4gkNaPc0xh3czP/q5N6 +mhMyGAR8+xTxwCVfFXD9RqQiqgnaCLu09m4vqaWmHeTb +-----END CERTIFICATE----- diff --git a/outputs/logstash/logstash_test.go b/outputs/logstash/logstash_test.go index cc2e2dfa2dcf..3d83807e7fa4 100644 --- a/outputs/logstash/logstash_test.go +++ b/outputs/logstash/logstash_test.go @@ -24,6 +24,104 @@ import ( "github.com/elastic/libbeat/outputs" ) +type mockLSServer struct { + net.Listener + timeout time.Duration + err error + handshake func(net.Conn) +} + +func newMockTLSServer(t *testing.T, to time.Duration, cert string) *mockLSServer { + tcpListener, err := net.Listen("tcp", "localhost:0") + if err != nil { + t.Fatalf("failed to generate TCP listener") + } + + tlsConfig, err := outputs.LoadTLSConfig(&outputs.TLSConfig{ + Certificate: cert + ".pem", + CertificateKey: cert + ".key", + }) + if err != nil { + t.Fatalf("failed to load certificate") + } + + listener := tls.NewListener(tcpListener, tlsConfig) + + server := &mockLSServer{Listener: listener, timeout: to} + server.handshake = func(client net.Conn) { + if server.err != nil { + return + } + + server.clientDeadline(client, server.timeout) + if server.err != nil { + return + } + + tlsConn, ok := client.(*tls.Conn) + if !ok { + server.err = errors.New("no tls connection") + return + } + + server.err = tlsConn.Handshake() + } + + return server +} + +func newMockTCPServer(t *testing.T, to time.Duration) *mockLSServer { + tcpListener, err := net.Listen("tcp", "localhost:0") + if err != nil { + t.Fatalf("failed to generate TCP listener") + } + + server := &mockLSServer{Listener: tcpListener, timeout: to} + server.handshake = func(client net.Conn) {} + return server +} + +func (m *mockLSServer) Addr() string { + return m.Listener.Addr().String() +} + +func (m *mockLSServer) accept() net.Conn { + if m.err != nil { + return nil + } + + client, err := m.Listener.Accept() + m.err = err + return client +} + +func (m *mockLSServer) clientDeadline(client net.Conn, to time.Duration) { + if m.err == nil { + m.err = client.SetDeadline(time.Now().Add(to)) + } +} + +func (m *mockLSServer) readMessage(buf *streambuf.Buffer, client net.Conn) *message { + if m.err != nil { + return nil + } + + m.clientDeadline(client, m.timeout) + if m.err != nil { + return nil + } + + msg, err := sockReadMessage(buf, client) + m.err = err + return msg +} + +func (m *mockLSServer) sendACK(client net.Conn, seq uint32) { + if m.err == nil { + m.err = sockSendACK(client, seq) + } +} + func testEvent() common.MapStr { return common.MapStr{ "@timestamp": common.Time(time.Now()), @@ -65,6 +163,16 @@ func newTestLumberjackOutput( return output.(outputs.BulkOutputer) } +func testOutputerFactory( + t *testing.T, + test string, + config *outputs.MothershipConfig, +) func() outputs.BulkOutputer { + return func() outputs.BulkOutputer { + return newTestLumberjackOutput(t, test, config) + } +} + func sockReadMessage(buf *streambuf.Buffer, in io.Reader) (*message, error) { for { // try parse message from buffered data @@ -86,7 +194,7 @@ func sockReadMessage(buf *streambuf.Buffer, in io.Reader) (*message, error) { func sockSendACK(out io.Writer, seq uint32) error { buf := streambuf.New(nil) - buf.WriteByte('1') + buf.WriteByte('2') buf.WriteByte('A') buf.WriteNetUint32(seq) _, err := out.Write(buf.Bytes()) @@ -96,11 +204,14 @@ func sockSendACK(out io.Writer, seq uint32) error { // genCertsIfMIssing generates a testing certificate for ip 127.0.0.1 for // testing if certificate or key is missing. Generated is used for CA, // client-auth and server-auth. Use only for testing. -func genCertsIfMIssing( +func genCertsForIPIfMIssing( t *testing.T, - capem string, - cakey string, + ip net.IP, + name string, ) error { + capem := name + ".pem" + cakey := name + ".key" + _, err := os.Stat(capem) if err == nil { _, err = os.Stat(cakey) @@ -133,9 +244,7 @@ func genCertsIfMIssing( SerialNumber: "23", CommonName: "*", }, - IPAddresses: []net.IP{ - net.IP{127, 0, 0, 1}, - }, + IPAddresses: []net.IP{ip}, SignatureAlgorithm: x509.SHA512WithRSA, PublicKeyAlgorithm: x509.ECDSA, @@ -191,205 +300,188 @@ func genCertsIfMIssing( } func TestLogstashTCP(t *testing.T) { - var serverErr error - var win, data *message + timeout := 2 * time.Second + server := newMockTCPServer(t, timeout) - // create server with randomized port - listener, err := net.Listen("tcp", "localhost:0") - if err != nil { - t.Fatalf("Failed to create test server") + // create lumberjack output client + config := outputs.MothershipConfig{ + Timeout: 2, + Hosts: []string{server.Addr()}, } - // start server - var wg sync.WaitGroup - wg.Add(1) - go func() { - defer wg.Done() + testConnectionType(t, server, testOutputerFactory(t, "", &config)) +} - // server read timeout - timeout := 5 * time.Second - buf := streambuf.New(nil) +func TestLogstashTLS(t *testing.T) { + certName := "ca_test" + ip := net.IP{127, 0, 0, 1} - client, err := listener.Accept() - if err != nil { - t.Logf("failed on accept: %v", err) - serverErr = err - return - } + timeout := 2 * time.Second + genCertsForIPIfMIssing(t, ip, certName) + server := newMockTLSServer(t, timeout, certName) - if err := client.SetDeadline(time.Now().Add(timeout)); err != nil { - serverErr = err - return - } - win, err = sockReadMessage(buf, client) - if err != nil { - t.Logf("failed on read window size: %v", err) - serverErr = err - return - } + config := outputs.MothershipConfig{ + TLS: &outputs.TLSConfig{ + CAs: []string{certName + ".pem"}, + }, + Timeout: 2, + Hosts: []string{server.Addr()}, + } - if err := client.SetDeadline(time.Now().Add(timeout)); err != nil { - serverErr = err - return - } - data, err = sockReadMessage(buf, client) - if err != nil { - t.Logf("failed on read data frame: %v", err) - serverErr = err - return - } + testConnectionType(t, server, testOutputerFactory(t, "", &config)) +} - if err := client.SetDeadline(time.Now().Add(timeout)); err != nil { - serverErr = err - return - } - err = sockSendACK(client, 1) - if err != nil { - t.Logf("failed on read data frame: %v", err) - serverErr = err - } - }() +func TestLogstashInvalidTLSInsecure(t *testing.T) { + certName := "ca_invalid_test" + ip := net.IP{1, 2, 3, 4} - // create lumberjack output client + timeout := 2 * time.Second + genCertsForIPIfMIssing(t, ip, certName) + server := newMockTLSServer(t, timeout, certName) + + retries := 1 config := outputs.MothershipConfig{ - TLS: nil, - Timeout: 2, - Hosts: []string{listener.Addr().String()}, + TLS: &outputs.TLSConfig{ + CAs: []string{certName + ".pem"}, + Insecure: true, + }, + Timeout: 2, + Max_retries: &retries, + Hosts: []string{server.Addr()}, } - output := newTestLumberjackOutput(t, "", &config) - // send event to server - event := testEvent() - output.PublishEvent(nil, time.Now(), event) + testConnectionType(t, server, testOutputerFactory(t, "", &config)) +} - wg.Wait() - listener.Close() +func testConnectionType( + t *testing.T, + server *mockLSServer, + makeOutputer func() outputs.BulkOutputer, +) { + var result struct { + err error + win, data *message + signal bool + } - // validate output - assert.Nil(t, serverErr) - assert.NotNil(t, win) - if data == nil { - t.Fatalf("No data received") + var wg struct { + ready sync.WaitGroup + finish sync.WaitGroup } - assert.Equal(t, 1, len(data.events)) - data = data.events[0] - assert.Equal(t, 10.0, data.doc["extra"]) - assert.Equal(t, "message", data.doc["message"]) -} -func TestLogstashTLS(t *testing.T) { - pem := "ca_test.pem" - key := "ca_test.key" + wg.ready.Add(1) // server signaling readiness to client worker + wg.finish.Add(2) // server/client signaling test end - var serverErr error - var win, data *message + // server loop + go func() { + defer wg.finish.Done() + wg.ready.Done() - genCertsIfMIssing(t, pem, key) + client := server.accept() + server.handshake(client) - tcpListener, err := net.Listen("tcp", "localhost:0") - if err != nil { - t.Fatalf("failed to generate TCP listener") + buf := streambuf.New(nil) + result.win = server.readMessage(buf, client) + result.data = server.readMessage(buf, client) + server.sendACK(client, 1) + result.err = server.err + }() + + // worker loop + go func() { + defer wg.finish.Done() + wg.ready.Wait() + + output := makeOutputer() + + signal := outputs.NewSyncSignal() + output.PublishEvent(signal, time.Now(), testEvent()) + result.signal = signal.Wait() + }() + + // wait shutdown + wg.finish.Wait() + server.Close() + + // validate output + assert.Nil(t, result.err) + assert.True(t, result.signal) + + data := result.data + assert.NotNil(t, result.win) + assert.NotNil(t, result.data) + if data != nil { + assert.Equal(t, 1, len(data.events)) + data = data.events[0] + assert.Equal(t, 10.0, data.doc["extra"]) + assert.Equal(t, "message", data.doc["message"]) } - // create lumberjack output client +} + +func TestLogstashInvalidTLS(t *testing.T) { + certName := "ca_invalid_test" + ip := net.IP{1, 2, 3, 4} + + timeout := 2 * time.Second + genCertsForIPIfMIssing(t, ip, certName) + server := newMockTLSServer(t, timeout, certName) + + retries := 0 config := outputs.MothershipConfig{ TLS: &outputs.TLSConfig{ - Certificate: pem, - CertificateKey: key, - CAs: []string{pem}, + CAs: []string{certName + ".pem"}, }, - Timeout: 5, - Hosts: []string{tcpListener.Addr().String()}, + Timeout: 1, + Max_retries: &retries, + Hosts: []string{server.Addr()}, } - tlsConfig, err := outputs.LoadTLSConfig(config.TLS) - if err != nil { - tcpListener.Close() - t.Fatalf("failed to load certificates") + var result struct { + err error + handshakeFail bool + signal bool } - listener := tls.NewListener(tcpListener, tlsConfig) + var wg struct { + ready sync.WaitGroup + finish sync.WaitGroup + } - // start server - var wg sync.WaitGroup - var wgReady sync.WaitGroup - wg.Add(1) - wgReady.Add(1) + wg.ready.Add(1) // server signaling readiness to client worker + wg.finish.Add(2) // server/client signaling test end + + // server loop go func() { - defer wg.Done() - - for i := 0; i < 3; i++ { // try up to 3 failed connection attempts - // server read timeout - timeout := 5 * time.Second - buf := streambuf.New(nil) - wgReady.Done() - client, err := listener.Accept() - if err != nil { - continue - } - - tlsConn, ok := client.(*tls.Conn) - if !ok { - serverErr = errors.New("no tls connection") - return - } - - if err := client.SetDeadline(time.Now().Add(timeout)); err != nil { - serverErr = err - return - } - - err = tlsConn.Handshake() - if err != nil { - serverErr = err - return - } - - if err := client.SetDeadline(time.Now().Add(timeout)); err != nil { - serverErr = err - return - } - win, err = sockReadMessage(buf, client) - if err != nil { - serverErr = err - return - } - - if err := client.SetDeadline(time.Now().Add(timeout)); err != nil { - serverErr = err - return - } - data, err = sockReadMessage(buf, client) - if err != nil { - serverErr = err - return - } - serverErr = sockSendACK(client, 1) + defer wg.finish.Done() + wg.ready.Done() - return + client := server.accept() + if server.err != nil { + t.Fatalf("server error: %v", server.err) } + + server.handshake(client) + result.handshakeFail = server.err != nil }() - // send event to server + // client loop go func() { - wgReady.Wait() + defer wg.finish.Done() + wg.ready.Wait() + output := newTestLumberjackOutput(t, "", &config) - event := testEvent() - output.PublishEvent(nil, time.Now(), event) + signal := outputs.NewSyncSignal() + output.PublishEvent(signal, time.Now(), testEvent()) + result.signal = signal.Wait() }() - wg.Wait() - listener.Close() + // wait shutdown + wg.finish.Wait() + server.Close() // validate output - assert.Nil(t, serverErr) - assert.NotNil(t, win) - assert.NotNil(t, data) - if data != nil { - assert.Equal(t, 1, len(data.events)) - data = data.events[0] - assert.Equal(t, 10.0, data.doc["extra"]) - assert.Equal(t, "message", data.doc["message"]) - } + assert.True(t, result.handshakeFail) + assert.False(t, result.signal) } diff --git a/outputs/logstash/transport.go b/outputs/logstash/transport.go index 30b43b55450d..80aae8a92154 100644 --- a/outputs/logstash/transport.go +++ b/outputs/logstash/transport.go @@ -100,17 +100,12 @@ func (c *tlsClient) Connect(timeout time.Duration) error { return err } - var tlsconfig tls.Config - tlsconfig.MinVersion = c.tls.MinVersion - tlsconfig.RootCAs = c.tls.RootCAs - tlsconfig.Certificates = c.tls.Certificates - tlsconfig.ServerName = host - tlsconfig.InsecureSkipVerify = c.tls.InsecureSkipVerify - if err := c.tcpClient.Connect(timeout); err != nil { return c.onFail(err) } + tlsconfig := c.tls + tlsconfig.ServerName = host socket := tls.Client(c.Conn, &tlsconfig) if err := socket.SetDeadline(time.Now().Add(timeout)); err != nil { _ = socket.Close()