Skip to content

TLS : OpenSSL Provider and Store API support to support HSMs #10622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
Open

TLS : OpenSSL Provider and Store API support to support HSMs #10622

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
ac03d76
config: Added OpenSSL Provider support via configuration
Brent-Crawley-GGL Jul 17, 2025
be1541d
tls: Add Provider Query and OpenSSL Store Support
Brent-Crawley-GGL Jul 17, 2025
88a49bd
lib: Allow TLS to configure global settings for Provider support
Brent-Crawley-GGL Jul 17, 2025
52c5a50
build: Compile flag for OpenSSL Store support
Brent-Crawley-GGL Jul 18, 2025
1c1d236
input: Implement Provider Query and use to initialise TLS context
Brent-Crawley-GGL Jul 18, 2025
573fff2
output: Implement Provider Query and use to initialise TLS context
Brent-Crawley-GGL Jul 18, 2025
aeb12ca
upstream_node: Implement Provider Query and use to initialise TLS con…
Brent-Crawley-GGL Jul 18, 2025
7a2ac67
oauth2: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
ed7db45
aws_credentials: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
51f63b5
s3: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
442e136
opensearch: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
4e87956
kinesis_streams: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
bb94272
kinesis_firehose: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
2ae901d
es: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
9145b28
cloudwatch_logs: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
cecf0af
bigquery: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
6d289d6
azure_kusto: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
7b840e7
azure_blob: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
487c223
kubernetes_events: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
e9b44d9
nightfall: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
3129e3c
kubernetes: Update the TLS interface for OpenSSL Provider support
Brent-Crawley-GGL Jul 18, 2025
267fef3
Merge branch 'master' into brentc/openssl
Brent-Crawley-GGL Jul 20, 2025
60f5cb8
tls: updated the OpenSSL defines
Brent-Crawley-GGL Jul 21, 2025
92b7bac
tests : tcp : Fixed up missing arguments
Brent-Crawley-GGL Aug 26, 2025
691e52a
tls: Added missing function declarations
Brent-Crawley-GGL Aug 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
.idea
.vscode
.vs
.clang-format
.DS_Store
*~
Expand Down Expand Up @@ -41,3 +42,4 @@ workflow/
examples/wasi_serde_json/target/
# WASM test data
tests/runtime/wasm/go/*.wasm
/out/
10 changes: 10 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ option(FLB_WASM_STACK_PROTECT "Build with WASM runtime with strong stack protec
option(FLB_ENFORCE_ALIGNMENT "Enable limited platform specific aligned memory access" No)
option(FLB_KAFKA "Enable Kafka support" Yes)
option(FLB_ZIG "Enable zig integration" Yes)
option(FLB_OPENSSL_STORE "Enable OpenSSL Store Support for TLS" No)

# Native Metrics Support (cmetrics)
option(FLB_METRICS "Enable metrics support" Yes)
Expand Down Expand Up @@ -419,6 +420,15 @@ if (FLB_ZIG)
endif()
endif()

# Ensure OpenSSL Store support is available if TLS is enabled
if (FLB_OPENSSL_STORE)
if(NOT FLB_TLS)
message(FATAL_ERROR "FLB_ENABLE_OPENSSL_STORE requires FLB_TLS to be enabled.")
endif()
message(STATUS "OpenSSL Store defined")
add_definitions(-DFLB_USE_OPENSSL_STORE=1)
endif()

Comment on lines +423 to +431
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Wrong option name in fatal error; define macro consistently; and gate after OpenSSL detection

  • The fatal error message references a non-existent option “FLB_ENABLE_OPENSSL_STORE”; it should say “FLB_OPENSSL_STORE”.
  • Prefer using the existing FLB_DEFINITION helper instead of add_definitions for consistency with the rest of the file.
  • More importantly, the macro is defined before OpenSSL is discovered and without checking the OpenSSL version. If a builder sets FLB_OPENSSL_STORE=On with an OpenSSL < 3.0 (or no OpenSSL at all), configuration will appear to succeed here but compilation will likely fail elsewhere. Move the enablement to after find_package(OpenSSL) so you can fail fast (and clearly) when the version is insufficient.

Minimal immediate fix within this block:

-# Ensure OpenSSL Store support is available if TLS is enabled
+# Ensure TLS is enabled when OpenSSL Store support is requested
 if (FLB_OPENSSL_STORE)
   if(NOT FLB_TLS)
-    message(FATAL_ERROR "FLB_ENABLE_OPENSSL_STORE requires FLB_TLS to be enabled.")
+    message(FATAL_ERROR "FLB_OPENSSL_STORE requires FLB_TLS to be enabled.")
   endif()
-  message(STATUS "OpenSSL Store defined")
-  add_definitions(-DFLB_USE_OPENSSL_STORE=1)
+  message(STATUS "Configuring OpenSSL Store support")
+  # Note: macro definition is finalized after OpenSSL is found/version-checked
 endif()

Then, add the actual gating and macro definition right after OpenSSL discovery (near Lines 720–724). This makes the check accurate and the error actionable:

# Place this block immediately after setting FLB_HAVE_OPENSSL
if (FLB_OPENSSL_STORE)
  if (NOT OPENSSL_FOUND)
    message(FATAL_ERROR "FLB_OPENSSL_STORE requires OpenSSL to be available when FLB_TLS=On.")
  endif()

  # CMake's FindOpenSSL provides a version string; accommodate both legacy and modern variable names.
  if (DEFINED OpenSSL_VERSION)
    set(_FLB_OPENSSL_VER "${OpenSSL_VERSION}")
  elseif(DEFINED OPENSSL_VERSION)
    set(_FLB_OPENSSL_VER "${OPENSSL_VERSION}")
  else()
    set(_FLB_OPENSSL_VER "")
  endif()

  if (NOT _FLB_OPENSSL_VER STREQUAL "" AND _FLB_OPENSSL_VER VERSION_LESS "3.0.0")
    message(FATAL_ERROR "FLB_OPENSSL_STORE requires OpenSSL >= 3.0. Detected: ${_FLB_OPENSSL_VER}")
  endif()

  message(STATUS "OpenSSL Store support: ENABLED${_FLB_OPENSSL_VER STREQUAL "" ? "" : " (OpenSSL "}${_FLB_OPENSSL_VER}${_FLB_OPENSSL_VER STREQUAL "" ? "" : ")"}")
  FLB_DEFINITION(FLB_USE_OPENSSL_STORE)
endif()

Notes:

  • If you prefer to keep the early block, at minimum correct the option name and avoid defining FLB_USE_OPENSSL_STORE before verifying OpenSSL presence/version.
  • The comment in Line 423 is misleading (“if TLS is enabled” vs the actual conditional on FLB_OPENSSL_STORE); the minimal fix above clarifies intent.

To ensure this behaves well across platforms (as requested by reviewers), please validate CMake configuration on at least Linux, macOS, and Windows with:

  • OpenSSL 3.x installed (and on Windows confirm provider DSOs can be located at runtime).
  • FLB_TLS=On and FLB_OPENSSL_STORE=On

Example configure invocations:

If you want, I can open a follow-up PR to wire a CMake configure-time summary that prints “OpenSSL Store: ENABLED/DISABLED (version)”.

🏁 Script executed:

# Linux/macOS (with pkg-config OpenSSL 3)
cmake -S . -B build -DFLB_TLS=On -DFLB_OPENSSL_STORE=On

# Windows (ensure OpenSSL 3 is on PATH or CMAKE_PREFIX_PATH points to it)
cmake -S . -B build -DFLB_TLS=On -DFLB_OPENSSL_STORE=On -DOPENSSL_USE_STATIC_LIBS=ON

Length of output: 336

🏁 Script executed:

#!/bin/bash
# Locate OpenSSL discovery in CMakeLists.txt
grep -nP "find_package\\s*\\(\\s*OpenSSL" -n CMakeLists.txt | head -n 10

# Show existing block around line 423
sed -n '400,450p' CMakeLists.txt

# Show existing block around line 720
sed -n '700,750p' CMakeLists.txt

Length of output: 2691

🏁 Script executed:

#!/bin/bash
# Search for all add_definitions usage in CMakeLists.txt
grep -n "add_definitions" CMakeLists.txt

# Search for FLB_DEFINITION usage in CMakeLists.txt (limit to first 20 occurrences)
grep -n "FLB_DEFINITION" CMakeLists.txt | head -n 20

Length of output: 1528

Correct and relocate OpenSSL Store gating and definition

  • Fix the fatal-error text to reference the real option FLB_OPENSSL_STORE (not FLB_ENABLE_OPENSSL_STORE).
  • Replace the raw add_definitions(-DFLB_USE_OPENSSL_STORE=1) with the project’s FLB_DEFINITION(FLB_USE_OPENSSL_STORE) helper for consistency.
  • Move the entire “OpenSSL Store” block so it runs after find_package(OpenSSL) (around line 721) and:
    • Fails immediately if OpenSSL isn’t found.
    • Checks that the discovered OpenSSL version is ≥ 3.0.0.
    • Emits clear status messages including the detected version.
    • Defines FLB_USE_OPENSSL_STORE via FLB_DEFINITION.

Minimal diff for the early block (around lines 423–431):

-# Ensure OpenSSL Store support is available if TLS is enabled
+# Ensure TLS is enabled when OpenSSL Store support is requested
 if (FLB_OPENSSL_STORE)
   if(NOT FLB_TLS)
-    message(FATAL_ERROR "FLB_ENABLE_OPENSSL_STORE requires FLB_TLS to be enabled.")
+    message(FATAL_ERROR "FLB_OPENSSL_STORE requires FLB_TLS to be enabled.")
   endif()
-  message(STATUS "OpenSSL Store defined")
-  add_definitions(-DFLB_USE_OPENSSL_STORE=1)
+  message(STATUS "OpenSSL Store support requested; will configure after OpenSSL discovery")
 endif()

Then, immediately after the existing TLS/OpenSSL discovery block (near line 721), add:

# === OpenSSL Store support ===
if (FLB_OPENSSL_STORE)
  if (NOT OPENSSL_FOUND)
    message(FATAL_ERROR "FLB_OPENSSL_STORE requires OpenSSL when FLB_TLS=On.")
  endif()

  # Determine OpenSSL version string
  if (DEFINED OpenSSL_VERSION)
    set(_FLB_OPENSSL_VER "${OpenSSL_VERSION}")
  elseif (DEFINED OPENSSL_VERSION)
    set(_FLB_OPENSSL_VER "${OPENSSL_VERSION}")
  else()
    set(_FLB_OPENSSL_VER "")
  endif()

  if (_FLB_OPENSSL_VER STREQUAL "" OR _FLB_OPENSSL_VER VERSION_LESS "3.0.0")
    message(FATAL_ERROR
      "FLB_OPENSSL_STORE requires OpenSSL ≥ 3.0. Detected: ${_FLB_OPENSSL_VER}")
  endif()

  message(STATUS
    "OpenSSL Store support: ENABLED (OpenSSL ${_FLB_OPENSSL_VER})")
  FLB_DEFINITION(FLB_USE_OPENSSL_STORE)
endif()

This ensures immediate, clear failures on missing or too-old OpenSSL, keeps macro definitions consistent, and aligns with the rest of the project’s CMake conventions.

🤖 Prompt for AI Agents 
In CMakeLists.txt lines ~423-431 and again near line ~721: the early OpenSSL
Store gating uses the wrong option name and raw add_definitions and must be
relocated; remove or replace the early block so it no longer emits a wrong fatal
message or uses add_definitions, and instead add the full "OpenSSL Store
support" block immediately after find_package(OpenSSL) (around line 721). In the
new block keep the if(FLB_OPENSSL_STORE) guard, fail immediately if NOT
OPENSSL_FOUND with a clear message referencing FLB_OPENSSL_STORE and FLB_TLS,
detect OpenSSL version by checking OpenSSL_VERSION or OPENSSL_VERSION into a
local _FLB_OPENSSL_VER, fail if that version is empty or VERSION_LESS "3.0.0"
with a clear fatal message including the detected version, emit a STATUS message
showing "OpenSSL Store support: ENABLED (OpenSSL <version>)", and define the
macro using FLB_DEFINITION(FLB_USE_OPENSSL_STORE) instead of add_definitions.

if(FLB_SMALL)
if(CMAKE_COMPILER_IS_GNUCC)
set(strip_flag " -s ")
Expand Down
6 changes: 6 additions & 0 deletions include/fluent-bit/flb_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ struct flb_config {
struct flb_cf *cf_opts;
struct mk_list cf_parsers_list;

char* openssl_providers;

flb_sds_t program_name; /* argv[0] */

/*
Expand Down Expand Up @@ -412,4 +414,8 @@ enum conf_type {
#define FLB_CONF_STR_SCHED_CAP "scheduler.cap"
#define FLB_CONF_STR_SCHED_BASE "scheduler.base"

/* OpenSSL Providers */
#define FLB_CONF_STR_OPENSSL_PROVIDERS \
"openssl.providers"

#endif
1 change: 1 addition & 0 deletions include/fluent-bit/flb_input.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -450,6 +450,7 @@ struct flb_input_instance {
char *tls_min_version; /* Minimum protocol version of TLS */
char *tls_max_version; /* Maximum protocol version of TLS */
char *tls_ciphers; /* TLS ciphers */
char *tls_provider_query; /* OpenSSL Provider Query */

struct mk_list *tls_config_map;

Expand Down
2 changes: 2 additions & 0 deletions include/fluent-bit/flb_output.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,8 @@ struct flb_output_instance {
char *tls_min_version; /* Minimum protocol version of TLS */
char *tls_max_version; /* Maximum protocol version of TLS */
char *tls_ciphers; /* TLS ciphers */
char *tls_provider_query; /* OpenSSL Provider Query */

# if defined(FLB_SYSTEM_WINDOWS)
char *tls_win_certstore_name; /* CertStore Name (Windows) */
int tls_win_use_enterprise_certstore; /* Use enterprise CertStore */
Expand Down
2 changes: 2 additions & 0 deletions include/fluent-bit/flb_upstream_node.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ struct flb_upstream_node {
char *tls_crt_file; /* Certificate */
char *tls_key_file; /* Cert Key */
char *tls_key_passwd; /* Cert Key Password */
char *tls_provider_query; /* OpenSSL Provider Query */

/* context with mbedTLS contexts and data */
struct flb_tls *tls;
Expand Down Expand Up @@ -74,6 +75,7 @@ struct flb_upstream_node *flb_upstream_node_create(flb_sds_t name, flb_sds_t hos
const char *tls_crt_file,
const char *tls_key_file,
const char *tls_key_passwd,
const char *tls_provider_query,
struct flb_hash_table *ht,
struct flb_config *config);
const char *flb_upstream_node_get_property(const char *prop,
Expand Down
9 changes: 7 additions & 2 deletions include/fluent-bit/tls/flb_tls.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,8 @@ struct flb_tls_backend {
void *(*context_create) (int, int, int,
const char *, const char *,
const char *, const char *,
const char *, const char *);
const char *, const char *,
const char *);

/* destroy backend context */
void (*context_destroy) (void *);
Expand Down Expand Up @@ -118,13 +119,17 @@ struct flb_tls {

int flb_tls_init();

void flb_tls_configure(struct flb_config* config);
void flb_tls_cleanup(void);

struct flb_tls *flb_tls_create(int mode,
int verify,
int debug,
const char *vhost,
const char *ca_path,
const char *ca_file, const char *crt_file,
const char *key_file, const char *key_passwd);
const char *key_file, const char *key_passwd,
const char *additional_data);

int flb_tls_destroy(struct flb_tls *tls);

Expand Down
4 changes: 2 additions & 2 deletions plugins/filter_kubernetes/kube_meta.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1741,7 +1741,7 @@ static int flb_kubelet_network_init(struct flb_kube *ctx, struct flb_config *con
ctx->tls_vhost,
ctx->tls_ca_path,
ctx->tls_ca_file,
NULL, NULL, NULL);
NULL, NULL, NULL, NULL);
if (!ctx->kubelet_tls) {
return -1;
}
Expand Down Expand Up @@ -1794,7 +1794,7 @@ static int flb_kube_network_init(struct flb_kube *ctx, struct flb_config *config
ctx->tls_vhost,
ctx->tls_ca_path,
ctx->tls_ca_file,
NULL, NULL, NULL);
NULL, NULL, NULL, NULL);
if (!ctx->tls) {
return -1;
}
Expand Down
2 changes: 1 addition & 1 deletion plugins/filter_nightfall/nightfall.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ static int cb_nightfall_init(struct flb_filter_instance *f_ins,
ctx->tls_vhost,
ctx->tls_ca_path,
NULL,
NULL, NULL, NULL);
NULL, NULL, NULL, NULL);
if (!ctx->tls) {
flb_plg_error(f_ins, "tls initialization error");
flb_free(ctx);
Expand Down
2 changes: 1 addition & 1 deletion plugins/in_kubernetes_events/kubernetes_events_conf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ static int network_init(struct k8s_events *ctx, struct flb_config *config)
ctx->tls_vhost,
ctx->tls_ca_path,
ctx->tls_ca_file,
NULL, NULL, NULL);
NULL, NULL, NULL, NULL);
if (!ctx->tls) {
return -1;
}
Expand Down
1 change: 1 addition & 0 deletions plugins/out_azure_blob/azure_blob_conf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,7 @@ static int flb_azure_blob_apply_remote_configuration(struct flb_azure_blob *cont
NULL,
NULL,
NULL,
NULL,
NULL);

if (tls_context == NULL) {
Expand Down
2 changes: 1 addition & 1 deletion plugins/out_azure_kusto/azure_kusto_conf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ static struct flb_upstream_node *flb_upstream_node_create_url(struct flb_azure_k
NULL, sds_host, sds_port, FLB_TRUE, ctx->ins->tls->verify,
ctx->ins->tls->verify_hostname,
ctx->ins->tls->debug, ctx->ins->tls->vhost, NULL, NULL, NULL,
NULL, NULL, kv, config);
NULL, NULL, NULL, kv, config);

if (!node) {
flb_plg_error(ctx->ins, "error creating resource upstream node");
Expand Down
12 changes: 8 additions & 4 deletions plugins/out_bigquery/bigquery.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -695,7 +695,8 @@ static int cb_bigquery_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->aws_tls) {
flb_plg_error(ctx->ins, "Failed to create TLS context");
Expand Down Expand Up @@ -734,7 +735,8 @@ static int cb_bigquery_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->aws_sts_tls) {
flb_plg_error(ctx->ins, "Failed to create TLS context");
Expand Down Expand Up @@ -765,7 +767,8 @@ static int cb_bigquery_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->google_sts_tls) {
flb_plg_error(ctx->ins, "Failed to create TLS context");
Expand Down Expand Up @@ -793,7 +796,8 @@ static int cb_bigquery_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->google_iam_tls) {
flb_plg_error(ctx->ins, "Failed to create TLS context");
Expand Down
9 changes: 6 additions & 3 deletions plugins/out_cloudwatch_logs/cloudwatch_logs.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,8 @@ static int cb_cloudwatch_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->cred_tls) {
flb_plg_error(ctx->ins, "Failed to create tls context");
Expand All @@ -266,7 +267,8 @@ static int cb_cloudwatch_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->client_tls) {
flb_plg_error(ctx->ins, "Failed to create tls context");
goto error;
Expand Down Expand Up @@ -302,7 +304,8 @@ static int cb_cloudwatch_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->sts_tls) {
flb_errno();
goto error;
Expand Down
6 changes: 4 additions & 2 deletions plugins/out_es/es_conf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -382,7 +382,8 @@ struct flb_elasticsearch *flb_es_conf_create(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->aws_tls) {
flb_errno();
flb_es_conf_destroy(ctx);
Expand Down Expand Up @@ -443,7 +444,8 @@ struct flb_elasticsearch *flb_es_conf_create(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->aws_sts_tls) {
flb_errno();
flb_es_conf_destroy(ctx);
Expand Down
9 changes: 6 additions & 3 deletions plugins/out_kinesis_firehose/firehose.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,8 @@ static int cb_firehose_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->cred_tls) {
flb_plg_error(ctx->ins, "Failed to create tls context");
Expand All @@ -172,7 +173,8 @@ static int cb_firehose_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->client_tls) {
flb_plg_error(ctx->ins, "Failed to create tls context");
goto error;
Expand Down Expand Up @@ -208,7 +210,8 @@ static int cb_firehose_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->sts_tls) {
flb_errno();
goto error;
Expand Down
9 changes: 6 additions & 3 deletions plugins/out_kinesis_streams/kinesis.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,8 @@ static int cb_kinesis_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->cred_tls) {
flb_plg_error(ctx->ins, "Failed to create tls context");
Expand All @@ -184,7 +185,8 @@ static int cb_kinesis_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->client_tls) {
flb_plg_error(ctx->ins, "Failed to create tls context");
goto error;
Expand Down Expand Up @@ -227,7 +229,8 @@ static int cb_kinesis_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->sts_tls) {
flb_errno();
goto error;
Expand Down
6 changes: 4 additions & 2 deletions plugins/out_opensearch/os_conf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,8 @@ struct flb_opensearch *flb_os_conf_create(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->aws_tls) {
flb_errno();
flb_os_conf_destroy(ctx);
Expand Down Expand Up @@ -318,7 +319,8 @@ struct flb_opensearch *flb_os_conf_create(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->aws_sts_tls) {
flb_errno();
flb_os_conf_destroy(ctx);
Expand Down
9 changes: 6 additions & 3 deletions plugins/out_s3/s3.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -785,7 +785,8 @@ static int cb_s3_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->client_tls) {
flb_plg_error(ctx->ins, "Failed to create tls context");
return -1;
Expand All @@ -801,7 +802,8 @@ static int cb_s3_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!ctx->provider_tls) {
flb_errno();
return -1;
Expand Down Expand Up @@ -835,7 +837,8 @@ static int cb_s3_init(struct flb_output_instance *ins,
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);

if (!ctx->sts_provider_tls) {
flb_errno();
Expand Down
6 changes: 4 additions & 2 deletions src/aws/flb_aws_credentials.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,8 @@ struct flb_aws_provider *flb_managed_chain_provider_create(struct flb_output_ins
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!cred_tls) {
flb_plg_error(ins, "Failed to create TLS instance for AWS Provider");
flb_errno();
Expand Down Expand Up @@ -434,7 +435,8 @@ struct flb_aws_provider *flb_managed_chain_provider_create(struct flb_output_ins
ins->tls_ca_file,
ins->tls_crt_file,
ins->tls_key_file,
ins->tls_key_passwd);
ins->tls_key_passwd,
ins->tls_provider_query);
if (!sts_tls) {
flb_plg_error(ins, "Failed to create TLS instance for AWS STS Credential "
"Provider");
Expand Down
Loading