diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 932f0400a9b..5dadd5ae915 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -143,7 +143,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Ignore prometheus metrics when their values are NaN or Inf. {pull}12084[12084] {issue}10849[10849] - In the kibana/stats metricset, only log error (don't also index it) if xpack is enabled. {pull}12265[12265] - Require client_auth by default when ssl is enabled for module http metricset server{pull}12333[12333] -- Require certificate authorities, certificate file, and key when SSL is enabled for module http metricset server. {pull}12355[12355] *Packetbeat* diff --git a/libbeat/common/transport/tlscommon/server_config.go b/libbeat/common/transport/tlscommon/server_config.go index 2228d12a819..79d4722049f 100644 --- a/libbeat/common/transport/tlscommon/server_config.go +++ b/libbeat/common/transport/tlscommon/server_config.go @@ -19,7 +19,6 @@ package tlscommon import ( "crypto/tls" - "errors" "github.com/joeshaw/multierror" @@ -92,7 +91,6 @@ func LoadTLSServerConfig(config *ServerConfig) (*TLSConfig, error) { }, nil } -// Unpack unpacks the TLS Server configuration. func (c *ServerConfig) Unpack(cfg common.Config) error { clientAuthKey := "client_authentication" if !cfg.HasField(clientAuthKey) { @@ -103,11 +101,6 @@ func (c *ServerConfig) Unpack(cfg common.Config) error { if err := cfg.Unpack(&sCfg); err != nil { return err } - - if sCfg.VerificationMode != VerifyNone && len(sCfg.CAs) == 0 { - return errors.New("certificate_authorities not configured") - } - *c = ServerConfig(sCfg) return nil } diff --git a/libbeat/common/transport/tlscommon/tls_test.go b/libbeat/common/transport/tlscommon/tls_test.go index dd6aada07d3..87efc9baa17 100644 --- a/libbeat/common/transport/tlscommon/tls_test.go +++ b/libbeat/common/transport/tlscommon/tls_test.go @@ -170,15 +170,9 @@ func TestApplyWithConfig(t *testing.T) { } func TestServerConfigDefaults(t *testing.T) { - yamlStr := ` - certificate: ca_test.pem - key: ca_test.key - certificate_authorities: [ca_test.pem] - ` var c ServerConfig - config, err := common.NewConfigWithYAML([]byte(yamlStr), "") - require.NoError(t, err) - err = config.Unpack(&c) + config := common.MustNewConfigFrom([]byte(``)) + err := config.Unpack(&c) require.NoError(t, err) tmp, err := LoadTLSServerConfig(&c) require.NoError(t, err) @@ -187,8 +181,8 @@ func TestServerConfigDefaults(t *testing.T) { assert.NotNil(t, cfg) // values not set by default - assert.Len(t, cfg.Certificates, 1) - assert.NotNil(t, cfg.ClientCAs) + assert.Len(t, cfg.Certificates, 0) + assert.Nil(t, cfg.ClientCAs) assert.Len(t, cfg.CipherSuites, 0) assert.Len(t, cfg.CurvePreferences, 0) // values set by default @@ -198,53 +192,6 @@ func TestServerConfigDefaults(t *testing.T) { assert.Equal(t, tls.RequireAndVerifyClientCert, cfg.ClientAuth) } -func TestServerConfigSkipCACertificateAndKeyWhenVerifyNone(t *testing.T) { - yamlStr := ` - verification_mode: none - ` - var c ServerConfig - config, err := common.NewConfigWithYAML([]byte(yamlStr), "") - require.NoError(t, err) - err = config.Unpack(&c) - require.NoError(t, err) -} - -func TestServerConfigEnsureCA(t *testing.T) { - yamlStr := ` - certificate: ca_test.pem - key: ca_test.key - ` - var c ServerConfig - config, err := common.NewConfigWithYAML([]byte(yamlStr), "") - require.NoError(t, err) - err = config.Unpack(&c) - require.Error(t, err) -} - -func TestServerConfigCertificateKey(t *testing.T) { - yamlStr := ` - certificate: ca_test.pem - certificate_authorities: [ca_test.pem] - ` - var c ServerConfig - config, err := common.NewConfigWithYAML([]byte(yamlStr), "") - require.NoError(t, err) - err = config.Unpack(&c) - require.Error(t, err) -} - -func TestServerConfigCertificate(t *testing.T) { - yamlStr := ` - key: ca_test.key - certificate_authorities: [ca_test.pem] - ` - var c ServerConfig - config, err := common.NewConfigWithYAML([]byte(yamlStr), "") - require.NoError(t, err) - err = config.Unpack(&c) - require.Error(t, err) -} - func TestApplyWithServerConfig(t *testing.T) { yamlStr := ` certificate: ca_test.pem