SSL validates certs by IP only, not hostnames

[kostasb]

• Version: v3.1.7
• Operating System: irrelevant
• LS version: irrelevant/v6.6

Steps to reproduce:

Sample Config:

lumberjack {
id => "logstash "
hosts => ["hostname"]
port => 12345
codec => "json"
ssl_certificate => "/path/to/cert.pem" 
}

/path/to/cert.pem provides CN by FQDN, doesn't provide the IP the FQDN resolves to

Error output:

[ERROR][logstash.outputs.lumberjack] All hosts unavailable, sleeping {:hosts=>["w.x.y.z], :e=>#<OpenSSL::SSL::SSLError:certificate verify failed>

Issue: The plugin instantiates the Lumberjack client using the resolved IP's from the hosts list. Doesn't support a way to use hostnames. If the certificate isn't configured with those IP's, cert validation fails.

https://github.com/logstash-plugins/logstash-output-lumberjack/blob/master/lib/logstash/outputs/lumberjack.rb#L85

Workaround: Use a cert with IP CN until hostname is supported.

For LS to LS communication alternative approach is to switch to HTTP input and output with format => json_batch.

[jszwedko]

In case someone stumbles upon this, it seems to work with hostnames in 7.13.1.

[YueHonghui]

I'm struggling with this issue too. I tried version 7.13.1, it doesn't work.