rwaweber
commented
4 years ago Hey all! Any thoughts on the above?
Closed rwaweber closed 2 years ago
rwaweber
commented
4 years ago Hey all! Any thoughts on the above?
rwaweber
commented
4 years ago Hey all -- friendly poke, would love to get your thoughts on this considering this component is currently broken and seems to have been that way since around the time of the Netty addition.
rwaweber
commented
4 years ago Hey @jsvd -- sorry to ping you directly, but do you have an idea of when this could get looked at?
I'd love to be able to use the sslsubject features again in an upcoming release
rwaweber
commented
4 years ago Hey Rob! Thanks for the suggestions -- my bad on accidentally snipping the client mode chunks, I completely missed those components.
I'll reinstate the aforementioned methods to not break functionality and incorporate the other suggestions too.
rwaweber
commented
4 years ago Hey all! Is there anything else you'd like me to add here?
I think I covered most of @robbavey's earlier concerns, though I'm not quite sure if I've covered @yaauie's points. Happy to continue the discussion.
rwaweber
commented
4 years ago Hey all, friendly ping — happy to make some additional changes to get this feature fixed.
rwaweber
commented
3 years ago Hey @acchen97 -- any chance you'd be able to lend a hand here?
kervel
commented
3 years ago Hello, we are facing the same issue. Any reason why this is not getting merged ?
~- Removes some (what looks like to me) dead code for TLS setup~ Nope! The code was used in client mode, totally misread it.
Attempt to follow the same general flow for tls principal extraction as the beats input plugin:
https://github.com/logstash-plugins/logstash-input-beats/blob/5dd54594f65d32aad87d1dfd7b04d0c801216676/lib/logstash/inputs/beats/message_listener.rb#L125-L155
Extract the ssl subject from inbound messages by:
adjust the interface to pass in the Netty ChannelHandlerContext instead of an Address object. I think that this opens up the possibility for being able to eventually work in other metadata into TLS-ified objects
name the InputHandler's ssl_handler to more reliably retrieve it from the available netty Channel Pipelines.
in the decoder, check if ssl_verify and ssl_enable are true and pull out the subjectname from the context
Should help close https://github.com/logstash-plugins/logstash-input-tcp/issues/143