unable to find valid certification path to requested target

[gilisade]

Hi get that error while trying to reach a website

there are no ssl_verification settings

any way we can do something like: ssl => true ssl_certificate_verification => false

so we can escape that error ?

[gandalfb]

Hi,

you may check the used mixin client: https://github.com/logstash-plugins/logstash-mixin-http_client/blob/master/lib/logstash/plugin_mixins/http_client.rb

It looks like the option is obsolete. Workaround could be to use a ca_cert which validates the custom cert.

config :cacert, :validate => :path

Otherwise you may try your luck with

 config :ssl_certificate_validation, :obsolete  => "This option is obsolete as it never worked correctly."

within the request object.

[gilisade]

Thanks for your help so what do i need to change this to for it to maybe work? config :ssl_certificate_validation, :obsolete => "This option is obsolete as it never worked correctly."

changing the certificate of the server i'm trying to get to is not something that can be done at the moment , so i'm trying to find a way to ignore the ssl verification somehow

[darynwilkinson]

I'm having the same issue.

Host name 'xxxx' does not match the certificate subject provided by the peer (CN=*.yyyy.com)

It's not an option to change that right now. It would be great to be able to have a flag in the plugin that does the same as -k in curl.

[spacepatcher]

@lucashenning I think, this feature is really useful. Do you have any plans for its implementation?

[lucashenning]

@spacepatcher Agreed. This feature would be very useful. However, as @gandalfb pointed out, this plugin is based on https://github.com/logstash-plugins/logstash-mixin-http_client which doesn't support disabling the cert validation.

@gilisade you might want to try something like this:

request => {
      url => "http://example.com"        
      ssl_certificate_validation => false
      ...
    }

This is based on the obsolete version of logstash-mixin-http-client which is configured like this:

    # Set this to false to disable SSL/TLS certificate validation
    # Note: setting this to false is generally considered insecure!
    config :ssl_certificate_validation, :validate => :boolean, :default => true

Not sure if it works since the plugin states that it never really worked correctly. I guess it's worth a shot, though.

If anyone wants to implement this feature, please feel free to submit a PR. I guess a direct PR from https://github.com/logstash-plugins/logstash-mixin-http_client would be better, though.

[gandalfb]

The mixin plugin itself uses manticore There seems to be a options[:ssl][:verify]

So the mixin plugin could probably use it. I guess a PR over there would be best or issue.