input: tls: Add tls.verify_hostname handlers

cosmo0920 · AndrewChubatiuk · commit 78f0b3ba034f · 2024-09-24T15:41:26.000+03:00
Signed-off-by: Hiroshi Hatake &lt;hiroshi@chronosphere.io&gt;
diff --git a/include/fluent-bit/flb_input.h b/include/fluent-bit/flb_input.h
@@ -359,6 +359,7 @@ struct flb_input_instance {
     /* TLS settings */
     int use_tls;                         /* bool, try to use TLS for I/O */
     int tls_verify;                      /* Verify certs (default: true) */
+    int tls_verify_hostname;             /* Verify hostname (default: false) */
     int tls_debug;                       /* mbedtls debug level          */
     char *tls_vhost;                     /* Virtual hostname for SNI     */
     char *tls_ca_path;                   /* Path to certificates         */
diff --git a/src/flb_input.c b/src/flb_input.c
@@ -308,6 +308,7 @@ struct flb_input_instance *flb_input_new(struct flb_config *config,
         instance->tls                   = NULL;
         instance->tls_debug             = -1;
         instance->tls_verify            = FLB_TRUE;
+        instance->tls_verify_hostname   = FLB_FALSE;
         instance->tls_vhost             = NULL;
         instance->tls_ca_path           = NULL;
         instance->tls_ca_file           = NULL;
@@ -553,6 +554,10 @@ int flb_input_set_property(struct flb_input_instance *ins,
         ins->tls_verify = flb_utils_bool(tmp);
         flb_sds_destroy(tmp);
     }
+    else if (prop_key_check("tls.verify_hostname", k, len) == 0 && tmp) {
+        ins->tls_verify_hostname = flb_utils_bool(tmp);
+        flb_sds_destroy(tmp);
+    }
     else if (prop_key_check("tls.debug", k, len) == 0 && tmp) {
         ins->tls_debug = atoi(tmp);
         flb_sds_destroy(tmp);
@@ -1121,6 +1126,16 @@ int flb_input_instance_init(struct flb_input_instance *ins,
 
             return -1;
         }
+
+        if (ins->tls_verify_hostname == FLB_TRUE) {
+            ret = flb_tls_set_verify_hostname(ins->tls, ins->tls_verify_hostname);
+            if (ret == -1) {
+                flb_error("[input %s] error set up to verify hostname in TLS context",
+                          ins->name);
+
+                return -1;
+            }
+        }
     }
 
     struct flb_config_map *m;
