Open enys opened 3 years ago
Had exactly the same problem since yesterday, with logstash 7.14.1 and v3.7.0 of s3 input pluging
looks related to https://github.com/elastic/logstash/issues/13261
We're exploring ways to both fix this and workaround it until a fix is out.
In the case of this plugin we don't have much access to how the AWS SDK performs requests. The only option I see at the moment is adding a line in the plugins register
method to disable verification. The SDK seems to provide Aws.config[:ssl_verify_peer] = false
, can anyone test it?
if that works, a way to inject it without editing code would be leverage the ruby filter:
filter {
# ...
ruby { init => 'Aws.config[:ssl_verify_peer] = false' code => "" }
# ...
}
This is not ideal at all, but may get data flowing until there's a fix. beware that this lowers security so only do it if you're comfortable with the implication.
the global setting for disabling peer verification Aws.config[:ssl_verify_peer] = false
seems to get ignored
but with the https://github.com/logstash-plugins/logstash-output-s3/pull/241 update, disabling at the plugin level works as a work-around (until the real cause is resolved upstream):
additional_settings => {
ssl_verify_peer => false
}
Logstash information:
Please include the following information:
bin/logstash --version
)This was tested will all the official logstash docker images since 7.9.1 (Such as docker.elastic.co/logstash/logstash:7.10.2)
OS version (
uname -a
if on a Unix-like system): Linux 6925850df20f 5.4.0-1036-kvm #37-Ubuntu SMP Fri Mar 19 20:15:18 UTC 2021 x86_64 x86_64 x86_64 GNU/LinuxDescription of the problem including expected versus actual behavior: Connection to object storage behind https with LetsEncryt certificate fails, with either expired certificate, or missing certificate in the case of an updated certificate trust store
My current understanding is that it could be linked to: https://github.com/jruby/jruby-openssl/issues/236 Steps to reproduce:
With the following pipeline output
Provide logs (if relevant):