Skip to content

Commit

Permalink
Fix for #14
Browse files Browse the repository at this point in the history
- proper handling of ssl.verificaton_mode
  • Loading branch information
christiangalsterer committed Jan 14, 2017
1 parent a4f6ff9 commit 7421ed5
Show file tree
Hide file tree
Showing 8 changed files with 136 additions and 4 deletions.
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -140,13 +140,14 @@ This will fetch and create all images required for the build process. The hole p

3.2.0 (2017-01-07)

[Download](/~https://github.com/christiangalsterer/httpbeat/releases/tag/3.1.1)
[Download](/~https://github.com/christiangalsterer/httpbeat/releases/tag/3.2.0)

Feature release containing the following changes:
Feature and bugfix release containing the following changes:
* Various documentation improvements
* Update to beats v5.1.2
* Update to Go 1.7.4
* Fix: [Panic when using TLS configuration (Go 1.7.4)](/~https://github.com/christiangalsterer/httpbeat/pull/15)
* Fix: [Proper suport for ssl.verification_mode](/~https://github.com/christiangalsterer/httpbeat/issues/14)

3.1.1 (2017-01-07)

Expand Down
33 changes: 33 additions & 0 deletions _meta/beat.full.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,36 @@ httpbeat:
# Optional additional headers to send to the endpoint
headers:
Accept: application/json

# Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
#ssl.enabled: true

# Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]

# Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"

# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"

# Optional passphrase for decrypting the Certificate Key.
#ssl.key_passphrase: ''

# Configure cipher suites to be used for SSL connections
#ssl.cipher_suites: []

# Configure curve types for ECDHE based cipher suites
#ssl.curve_types: []

32 changes: 32 additions & 0 deletions _meta/beat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,35 @@ httpbeat:
# Optional additional headers to send to the endpoint
#headers:
#Accept: application/json
# Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
#ssl.enabled: true

# Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]

# Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"

# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"

# Optional passphrase for decrypting the Certificate Key.
#ssl.key_passphrase: ''

# Configure cipher suites to be used for SSL connections
#ssl.cipher_suites: []

# Configure curve types for ECDHE based cipher suites
#ssl.curve_types: []

1 change: 1 addition & 0 deletions beater/poller.go
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,7 @@ func convertTLSConfig(config *transport.TLSConfig) *tls.Config {
CipherSuites: config.CipherSuites,
RootCAs: config.RootCAs,
CurvePreferences: config.CurvePreferences,
InsecureSkipVerify: config.Verification != transport.VerifyFull,
}
}

Expand Down
33 changes: 33 additions & 0 deletions httpbeat.full.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,39 @@ httpbeat:
headers:
Accept: application/json

# Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
#ssl.enabled: true

# Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]

# Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"

# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"

# Optional passphrase for decrypting the Certificate Key.
#ssl.key_passphrase: ''

# Configure cipher suites to be used for SSL connections
#ssl.cipher_suites: []

# Configure curve types for ECDHE based cipher suites
#ssl.curve_types: []


#================================ General ======================================

# The name of the shipper that publishes the network data. It can be used to group
Expand Down
2 changes: 1 addition & 1 deletion httpbeat.template-es2x.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
}
},
"_meta": {
"version": "5.1.1"
"version": "5.1.2"
},
"dynamic_templates": [
{
Expand Down
2 changes: 1 addition & 1 deletion httpbeat.template.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"norms": false
},
"_meta": {
"version": "5.1.1"
"version": "5.1.2"
},
"dynamic_templates": [
{
Expand Down
32 changes: 32 additions & 0 deletions httpbeat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,38 @@ httpbeat:
# Optional additional headers to send to the endpoint
#headers:
#Accept: application/json
# Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
#ssl.enabled: true

# Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]

# Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"

# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"

# Optional passphrase for decrypting the Certificate Key.
#ssl.key_passphrase: ''

# Configure cipher suites to be used for SSL connections
#ssl.cipher_suites: []

# Configure curve types for ECDHE based cipher suites
#ssl.curve_types: []


#================================ General =====================================

Expand Down

0 comments on commit 7421ed5

Please sign in to comment.