Support server_name extension in tls handshake in fluentd

[mrudrego]

Hi,

We use fluent-plugin-remote-syslog to send logs from fluentd to syslog server.
Fluentd-package : v 5.0.5-1
fluent-plugin-remote_syslog : v1.1.0

We have observed that server_name extension (SNI) is missing in the TLS handshake when using the plugin
Fluentd config:

          <store>
            @type remote_syslog
            host abc.net
            port 6514
            protocol tcp
            tls true
            ca_file /opt/fluentd-files/cert/rsyslog.crt
          </store>

While the packets using tcp dump for curl command to syslog server has the server_name extension in its handshake(attached image).

curl command from client:
curl -v --cacert ca.pem https://abc.net:6514/

Server side tcp dump:
tcpdump -i any host 100.103.102.3 and port 6514 -w syslog_capture.pcap

We have a request to have HostSNI in the TLS handshake.
Please check if this is an issue and needs some enhancement in the plugin.

Thanks in advance.

[Watson1978]

When preparing a socket with OpenSSL in https://github.com/reproio/remote_syslog_sender,
it need to set the hostname.

diff --git a/lib/remote_syslog_sender/tcp_sender.rb b/lib/remote_syslog_sender/tcp_sender.rb
index 9e0d4cc..ad37714 100644
--- a/lib/remote_syslog_sender/tcp_sender.rb
+++ b/lib/remote_syslog_sender/tcp_sender.rb
@@ -20,6 +20,8 @@ def initialize(remote_hostname, remote_port, options = {})
       @timeout_exception   = !!options[:timeout_exception]
       @exponential_backoff = !!options[:exponential_backoff]
 
+      @local_hostname   = options[:hostname] || options[:local_hostname] || (Socket.gethostname rescue `hostname`.chomp)
+
       @mutex = Mutex.new
       @tcp_socket = nil
 
@@ -68,6 +70,7 @@ def connect
             context.verify_mode = @verify_mode if @verify_mode
 
             @socket = OpenSSL::SSL::SSLSocket.new(@tcp_socket, context)
+            @socket.hostname = @local_hostname if @local_hostname
             @socket.connect
             if @verify_mode != OpenSSL::SSL::VERIFY_NONE
               @socket.post_connection_check(@remote_hostname)

[mrudrego]

Hi @Watson1978 , thank you very much for the quick response.

As indicated by you, the changes are in https://github.com/reproio/remote_syslog_sender, should this enhancement be created to this repo? and also the last commit on this repo seems to be 4 years back.
Any idea on how do we go about this?

Thanks

[Watson1978]

Is it working as you expected with the patch above?
If so, we need to create a PR to https://github.com/reproio/remote_syslog_sender.

The PR may be merged If agreed...

[mrudrego]

@Watson1978 looks fine.

Thanks,

[mrudrego]

Hi @Watson1978 , was the PR created to above enhancement ? Can you please share the PR.

Thanks,

[Watson1978]

Sorry. I forgot this. I will try to create PR.

[mrudrego]

Hi @Watson1978 , can you please share the PR ?

Thanks,