Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new SSL input plugin #3829

Closed
wants to merge 13 commits into from
Closed

Add new SSL input plugin #3829

wants to merge 13 commits into from

Conversation

mhrabazei
Copy link

Required for all PRs:

  • Signed CLA.
  • Associated README.md updated.
  • Has appropriate unit tests.

A new simple plug-in for checking the time to expiration of the ssl certificate and its correspondence to the domain

@danielnelson danielnelson mentioned this pull request Mar 6, 2018
Closed
@danielnelson
Copy link
Contributor

@mgrabazey Can you take a look at this similar pull request and let me know if it would fulfill your use? #3768

@danielnelson danielnelson mentioned this pull request Apr 27, 2018
Closed
@mhrabazei
Copy link
Author

mhrabazei commented May 2, 2018
edited
Loading

@danielnelson This implementation does not check whether the certificate matches the domain on which the certificate is used

@danielnelson danielnelson mentioned this pull request May 9, 2018
Merged
3 tasks
phemmer
phemmer reviewed Jun 3, 2018
View reviewed changes
plugins/inputs/ssl/ssl.go
}
defer ipConn.Close()

tlsConn := tls.Client(ipConn, &tls.Config{ServerName: d, InsecureSkipVerify: true})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we're going to set InsecureSkipVerify: true, we should probably do a manual verification step and indicate the status. It's possible for an intermediate or root cert to be revoked (or expired in the case of a stupid CA), which would invalidate the cert.

@danielnelson
Copy link
Contributor

@mgrabazey We did merge the alternate plugin for certificate checking, and I think we should be able to integrate the certificate verification pieces into that plugin. I opened a feature request for this addition #4877.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phemmer phemmer phemmer left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mhrabazei @danielnelson @phemmer