search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.35k stars 1.06k forks source link

make AMQP SSL connection trust every certificate optional #4461

Open jalogisch opened 6 years ago

jalogisch commented 6 years ago

Expected Behavior

Like with any other Input that can be used with SSL it should be possible to tell if the certificate must be valid or not.

Current Behavior

any certificate can be used - see log message

2018-01-05T16:21:44.120+01:00 INFO  [AmqpConsumer] Enabling TLS for AMQP input [Syslog AMQP/5a4f97bb221ae10d142537f4].
2018-01-05T16:21:44.120+01:00 WARN  [TrustEverythingTrustManager] This trust manager trusts every certificate, effectively disabling peer verification. This is convenient for local development but prone to man-in-the-middle attacks. Please see http://www.rabbitmq.com/ssl.html#validating-cerficates to learn more about peer certificate validation.
2018-01-05T16:21:44.128+01:00 INFO  [InputStateListener] Input [Syslog AMQP/5a4f97bb221ae10d142537f4] is now STARTING

Your Environment

lennartkoopmann commented 6 years ago

I am 99% sure that there is a AMQP client option for that and it should be fairly easy to do.(tm)