coreymbe
commented
1 year ago Hello @martijndegouw 👋, thank you for opening this issue!
I am actively reviewing this, which I believe to be related to changes made in #137.
Open martijndegouw opened 1 year ago
coreymbe
commented
1 year ago Hello @martijndegouw 👋, thank you for opening this issue!
I am actively reviewing this, which I believe to be related to changes made in #137.
coreymbe
commented
1 year ago @martijndegouw :: We have added this issue to our task list for v2 of this module.
kenyon
commented
7 months ago Fixed in #208 I guess?
Describe the Bug
In our environment the Splunk HEC servers use a valid ssl/https certificate. Looking at the SSL Configuration documentation it should be possible to configure this module to perform ssl verification using the system CA store by simply specifying the
urlparameter with a https endpoint. However, in the puppet logs the following is logged:Puppet Will NOT verify https://splunkhec.company.nl/services/collector SSL identity.Looking at the code I think that it does not match the documentation.
At lib/puppet/util/splunk_hec.rb ssl verification is only performed when
ssl_cais specified.Next to that I think printing this setting in the log for every time it connects to the Splunk HEC endpoint is a bit much.
Expected Behavior
If a https
urlis specified without any additional settings SSL verification should be performed using the system CA store.Describe Alternatives You've Considered
I could specify the system ca store as
ssl_cato work around this issue.If you agree this is indeed a bug in the logic of lib/puppet/util/splunk_hec.rb I can try to rewrite it.