support (disabling) verify mode for TLS connection
kares opened this issue · 0 comments
Some plugins have e.g. a ssl_verify => peer
option to control certificate verification.
However the output does not provide such option, as the http_client mixin lacks the necessary support.
Seems the option existed at some point, but was a noop.
logstash-plugins/logstash-mixin-http_client#35
Manticore supports the :strict
option as:
Hostname verification setting. Set to
:disable
to turn off hostname verification. Setting to:browser
will cause Manticore to accept a certificate for *.foo.com for all subdomains and sub-subdomains (eg a.b.foo.com).
The default:strict
is like:browser
except it'll only accept a single level of subdomains for wildcards, egb.foo.com
will be accepted for a*.foo.com
certificate, buta.b.foo.com
will not be.
p.s. Here's how Beats implements ssl.verification_mode
, maybe something to consider while future proofing this for a "unified plugin TLS configuration" experience