Skip to content

Commit 6d73157

Browse files
zonitozonito
committed
TLS Changes
1 parent c16ce5d commit 6d73157

File tree

1 file changed

+18
-1
lines changed

1 file changed

+18
-1
lines changed

fluent/fluent.go

+18-1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package fluent
22

33
import (
44
"context"
5+
"crypto/tls"
56
"encoding/json"
67
"errors"
78
"fmt"
@@ -36,6 +37,9 @@ const (
3637
// Default sub-second precision value to false since it is only compatible
3738
// with fluentd versions v0.14 and above.
3839
defaultSubSecondPrecision = false
40+
41+
// Default value whether to skip checking insecure certs on TLS connections.
42+
defaultTlsInsecureSkipVerify = false
3943
)
4044

4145
// randomGenerator is used by getUniqueId to generate ack hashes. Its value is replaced
@@ -69,6 +73,9 @@ type Config struct {
6973
// respond with an acknowledgement. This option improves the reliability
7074
// of the message transmission.
7175
RequestAck bool `json:"request_ack"`
76+
77+
// Flag to skip verifying insecure certs on TLS connections
78+
TlsInsecureSkipVerify bool `json: "tls_insecure_skip_verify"`
7279
}
7380

7481
type ErrUnknownNetwork struct {
@@ -147,6 +154,9 @@ func newWithDialer(config Config, d dialer) (f *Fluent, err error) {
147154
if config.MaxRetryWait == 0 {
148155
config.MaxRetryWait = defaultMaxRetryWait
149156
}
157+
if !config.TlsInsecureSkipVerify {
158+
config.TlsInsecureSkipVerify = defaultTlsInsecureSkipVerify
159+
}
150160
if config.AsyncConnect {
151161
fmt.Fprintf(os.Stderr, "fluent#New: AsyncConnect is now deprecated, please use Async instead")
152162
config.Async = config.Async || config.AsyncConnect
@@ -418,6 +428,13 @@ func (f *Fluent) connect(ctx context.Context) (err error) {
418428
f.conn, err = f.dialer.DialContext(ctx,
419429
f.Config.FluentNetwork,
420430
f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort))
431+
case "tls":
432+
tlsConfig := &tls.Config{InsecureSkipVerify: f.Config.TlsInsecureSkipVerify}
433+
f.conn, err = tls.DialWithDialer(
434+
&net.Dialer{Timeout: f.Config.Timeout},
435+
"tcp",
436+
f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort), tlsConfig,
437+
)
421438
case "unix":
422439
f.conn, err = f.dialer.DialContext(ctx,
423440
f.Config.FluentNetwork,
@@ -554,7 +571,7 @@ func (f *Fluent) write(ctx context.Context, msg *msgToSend) (bool, error) {
554571
defer f.muconn.RUnlock()
555572

556573
if f.conn == nil {
557-
return fmt.Errorf("connection has been closed before writing to it.")
574+
return fmt.Errorf("connection has been closed before writing to it")
558575
}
559576

560577
t := f.Config.WriteTimeout

0 commit comments

Comments
 (0)