Skip to content

TLS Support #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

TLS Support #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# CHANGELOG

## 1.7.0
* Update connection management to stop logger during connection failures

## 1.6.3
* Fix not to panic when accessing unexported struct fields

Expand Down
19 changes: 18 additions & 1 deletion fluent/fluent.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package fluent

import (
"context"
"crypto/tls"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -36,6 +37,9 @@ const (
// Default sub-second precision value to false since it is only compatible
// with fluentd versions v0.14 and above.
defaultSubSecondPrecision = false

// Default value whether to skip checking insecure certs on TLS connections.
defaultTlsInsecureSkipVerify = false
)

// randomGenerator is used by getUniqueId to generate ack hashes. Its value is replaced
Expand Down Expand Up @@ -69,6 +73,9 @@ type Config struct {
// respond with an acknowledgement. This option improves the reliability
// of the message transmission.
RequestAck bool `json:"request_ack"`

// Flag to skip verifying insecure certs on TLS connections
TlsInsecureSkipVerify bool `json: "tls_insecure_skip_verify"`
}

type ErrUnknownNetwork struct {
Expand Down Expand Up @@ -147,6 +154,9 @@ func newWithDialer(config Config, d dialer) (f *Fluent, err error) {
if config.MaxRetryWait == 0 {
config.MaxRetryWait = defaultMaxRetryWait
}
if !config.TlsInsecureSkipVerify {
config.TlsInsecureSkipVerify = defaultTlsInsecureSkipVerify
}
if config.AsyncConnect {
fmt.Fprintf(os.Stderr, "fluent#New: AsyncConnect is now deprecated, please use Async instead")
config.Async = config.Async || config.AsyncConnect
Expand Down Expand Up @@ -418,6 +428,13 @@ func (f *Fluent) connect(ctx context.Context) (err error) {
f.conn, err = f.dialer.DialContext(ctx,
f.Config.FluentNetwork,
f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort))
case "tls":
tlsConfig := &tls.Config{InsecureSkipVerify: f.Config.TlsInsecureSkipVerify}
f.conn, err = tls.DialWithDialer(
&net.Dialer{Timeout: f.Config.Timeout},
"tcp",
f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort), tlsConfig,
)
case "unix":
f.conn, err = f.dialer.DialContext(ctx,
f.Config.FluentNetwork,
Expand Down Expand Up @@ -554,7 +571,7 @@ func (f *Fluent) write(ctx context.Context, msg *msgToSend) (bool, error) {
defer f.muconn.RUnlock()

if f.conn == nil {
return fmt.Errorf("connection has been closed before writing to it.")
return fmt.Errorf("connection has been closed before writing to it")
}

t := f.Config.WriteTimeout
Expand Down