This commit changes the way certificate validation occurs. In particular, when HTTPS is specified in the URL we first check for a provided CA certificate, then check to see if we should validate against the default system store before performing the request without verification.
Detailed Description
Updated manifests/init.pp and renamed ignore_system_cert_store to include_system_cert_store.
Updated templates/settings.yaml.epp with include_system_cert_store.
Updated lib/puppet/util/splunk_hec.rb to take precedence for provided CA -> system store -> no verification.
Updated templates/util_splunk_hec.erb to ensure event forwarding uses the same SSL validation.
Updated spec/spec_helper_acceptance_local.rb with include_system_cert_store for spec testing.
Updated CHANGELOG.md
Updated README.md
Updated REFERENCE.md
Checklist
[X] Ensure README is updated
[X] Acceptance Tests
[X] PR title is "(Ticket|Maint) Short Description"
[X] Commit title matches PR title
Summary
This commit changes the way certificate validation occurs. In particular, when
HTTPS
is specified in the URL we first check for a provided CA certificate, then check to see if we should validate against the default system store before performing the request without verification.Detailed Description
manifests/init.pp
and renamedignore_system_cert_store
toinclude_system_cert_store
.templates/settings.yaml.epp
withinclude_system_cert_store
.lib/puppet/util/splunk_hec.rb
to take precedence for provided CA -> system store -> no verification.templates/util_splunk_hec.erb
to ensure event forwarding uses the same SSL validation.spec/spec_helper_acceptance_local.rb
withinclude_system_cert_store
for spec testing.CHANGELOG.md
README.md
REFERENCE.md
Checklist
[X] Ensure README is updated [X] Acceptance Tests [X] PR title is "(Ticket|Maint) Short Description" [X] Commit title matches PR title