Closed richm closed 5 years ago
@t0ffel PTAL
IMO there's another option to implement to enable SNI, by setting hostlabel
(or host
if it's specified by hostname) into @ssl_socket.hostname
(in default when SNI is supported).
Are there any negative points for such implementation?
I wasn't sure how hostlabel
was being used.
It might cause problems if someone upgrades and suddenly their client starts using SNI unexpectedly.
There may be cases where the user wants to use hostlabel
without SNI. There may be cases where the user wants to use sni_hostname
without hostlabel
.
There may be cases where the user wants to use a different value for hostlabel
and sni_hostname
.
@tagomoris I could use the SNI Feature too. I' prefer to have it in a separate property as proposed by @richm .
Is there a change the PR could get merged?
Currently, this plugin is not maintained now, as written in README. Use SSL/TLS support feature of Fluentd v1.
Certain deployments that use a proxy may need to use SNI. This patch adds a new parameter
sni_hostname
to the<server>
section for the output plugin. This can only be used if the version of openssl used supports it. A warning will be issued if openssl does not support SNI andsni_hostname
is attempted to be used.