This commit changes the way certificate validation occurs. In particular, when HTTPS is specified in the URL we first check for a provided CA certificate, then check to see if we should validate against the default system store before performing the request without verification.
Detailed Description
Updated manifests/init.pp and renamed ignore_system_cert_store to include_system_cert_store.
Updated templates/settings.yaml.epp with include_system_cert_store.
Updated lib/puppet/util/splunk_hec.rb to take precedence for provided CA -> system store -> no verification.
Updated templates/util_splunk_hec.erb to ensure event forwarding uses the same SSL validation.
Updated spec/spec_helper_acceptance_local.rb with include_system_cert_store for spec testing.
Updated CHANGELOG.md
Updated README.md
Updated REFERENCE.md
Checklist
[X] Ensure README is updated
[X] Acceptance Tests
[X] PR title is "(Ticket|Maint) Short Description"
[X] Commit title matches PR title
Summary
This commit changes the way certificate validation occurs. In particular, when
HTTPSis specified in the URL we first check for a provided CA certificate, then check to see if we should validate against the default system store before performing the request without verification.Detailed Description
manifests/init.ppand renamedignore_system_cert_storetoinclude_system_cert_store.templates/settings.yaml.eppwithinclude_system_cert_store.lib/puppet/util/splunk_hec.rbto take precedence for provided CA -> system store -> no verification.templates/util_splunk_hec.erbto ensure event forwarding uses the same SSL validation.spec/spec_helper_acceptance_local.rbwithinclude_system_cert_storefor spec testing.CHANGELOG.mdREADME.mdREFERENCE.mdChecklist
[X] Ensure README is updated [X] Acceptance Tests [X] PR title is "(Ticket|Maint) Short Description" [X] Commit title matches PR title