Not able to use jvm default cacerts trust store for hec https verification

[wangshu3000]

JRE default cacerts includes many publicly trusted ca cert. I would like to use the default ca trust store provided by java.

But if the splunk.hec.ssl.validate.certs is set to true. There is a validation that the splunk.hec.ssl.trust.store.path also must be configured. I can not unset the splunk.hec.ssl.trust.store.path parameter to use default cacert trust store.

The expected logic would be: If splunk.hec.ssl.validate.certs is set to true, then:     If splunk.hec.ssl.trust.store.path is configured, verify ssl using the trust store that specified     If splunk.hec.ssl.trust.store.path is not configured or blank, verify ssl using cacert default trust store. Else If splunk.hec.ssl.validate.certs is set to false, then:     Skip all ssl verification

Please confirm if this makes sense, if it sounds good, i can raise a PR for it. Thanks.

[notizklotz]

I agree that your logic would be better. I closed the ticket where I reported the same in June (#435) because yours there is a better documentation what should happen in your ticket.

[tanya-marfel]

Hey @wangshu3000. I noticed the same issue today. The data still lands in Splunk when splunk.hec.ssl.validate.certs is set to true without path and password (I presume HttpClient is created with the system trust store) and the connector is not erroring out. I would prefer to have it fixed as well though. Do you mind if I create a PR to fix this or would you prefer to do it yourself?

[wangshu3000]

Thanks @notizklotz @tanya-marfel For your confirmation, looks like this is indeed an issue. I'll raise an PR to fix it shortly. Thanks.