support SNI in output plugin

[richm]

Certain deployments that use a proxy may need to use SNI. This patch adds a new parameter sni_hostname to the <server> section for the output plugin. This can only be used if the version of openssl used supports it. A warning will be issued if openssl does not support SNI and sni_hostname is attempted to be used.

[richm]

@t0ffel PTAL

[tagomoris]

IMO there's another option to implement to enable SNI, by setting hostlabel(or host if it's specified by hostname) into @ssl_socket.hostname (in default when SNI is supported). Are there any negative points for such implementation?

[richm]

I wasn't sure how hostlabel was being used. It might cause problems if someone upgrades and suddenly their client starts using SNI unexpectedly. There may be cases where the user wants to use hostlabel without SNI. There may be cases where the user wants to use sni_hostname without hostlabel. There may be cases where the user wants to use a different value for hostlabel and sni_hostname.

[bakito]

@tagomoris I could use the SNI Feature too. I' prefer to have it in a separate property as proposed by @richm .

Is there a change the PR could get merged?

[tagomoris]

Currently, this plugin is not maintained now, as written in README. Use SSL/TLS support feature of Fluentd v1.