Skip to content

Commit ba2f3d7

Browse files
cosmo0920AndrewChubatiuk
cosmo0920
authored and
AndrewChubatiuk
committed
output: tls: Add tls.verify_hostname handlers
Signed-off-by: Hiroshi Hatake <[email protected]>
1 parent 78f0b3b commit ba2f3d7

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

include/fluent-bit/flb_output.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,7 @@ struct flb_output_instance {
284284

285285
#ifdef FLB_HAVE_TLS
286286
int tls_verify; /* Verify certs (default: true) */
287+
int tls_verify_hostname; /* Verify hostname (default: false) */
287288
int tls_debug; /* mbedtls debug level */
288289
char *tls_vhost; /* Virtual hostname for SNI */
289290
char *tls_ca_path; /* Path to certificates */

src/flb_output.c

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -678,6 +678,7 @@ struct flb_output_instance *flb_output_new(struct flb_config *config,
678678
instance->tls = NULL;
679679
instance->tls_debug = -1;
680680
instance->tls_verify = FLB_TRUE;
681+
instance->tls_verify_hostname = FLB_FALSE;
681682
instance->tls_vhost = NULL;
682683
instance->tls_ca_path = NULL;
683684
instance->tls_ca_file = NULL;
@@ -872,6 +873,10 @@ int flb_output_set_property(struct flb_output_instance *ins,
872873
ins->tls_verify = flb_utils_bool(tmp);
873874
flb_sds_destroy(tmp);
874875
}
876+
else if (prop_key_check("tls.verify_hostname", k, len) == 0 && tmp) {
877+
ins->tls_verify_hostname = flb_utils_bool(tmp);
878+
flb_sds_destroy(tmp);
879+
}
875880
else if (prop_key_check("tls.debug", k, len) == 0 && tmp) {
876881
ins->tls_debug = atoi(tmp);
877882
flb_sds_destroy(tmp);
@@ -1249,6 +1254,16 @@ int flb_output_init_all(struct flb_config *config)
12491254
flb_output_instance_destroy(ins);
12501255
return -1;
12511256
}
1257+
1258+
if (ins->tls_verify_hostname == FLB_TRUE) {
1259+
ret = flb_tls_set_verify_hostname(ins->tls, ins->tls_verify_hostname);
1260+
if (ret == -1) {
1261+
flb_error("[output %s] error set up to verify hostname in TLS context",
1262+
ins->name);
1263+
1264+
return -1;
1265+
}
1266+
}
12521267
}
12531268
#endif
12541269
/*

0 commit comments

Comments
 (0)