Skip to content

Commit e211d1a

Browse files
yaauieyaauie
committed
fix: provide ssl engine with advisory peer and algorithm info
1 parent 10686a3 commit e211d1a

File tree

4 files changed

+19
-6
lines changed

4 files changed

+19
-6
lines changed

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
## 3.6.1
2+
- Fix: provide SSL engine with advisory peer and algorithm information [#159](https://github.com/logstash-plugins/logstash-input-http/issues/159)
3+
14
## 3.6.0
25
- Feat: review and deprecate ssl protocol/cipher related settings [#151](https://github.com/logstash-plugins/logstash-input-http/pull/151)
36

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
3.6.0
1+
3.6.1

src/main/java/org/logstash/plugins/inputs/http/HttpInitializer.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
import io.netty.handler.ssl.SslHandler;
1111
import org.logstash.plugins.inputs.http.util.SslHandlerProvider;
1212

13+
import java.net.InetSocketAddress;
1314
import java.util.concurrent.ThreadPoolExecutor;
1415

1516
/**
@@ -34,7 +35,7 @@ protected void initChannel(SocketChannel socketChannel) throws Exception {
3435
ChannelPipeline pipeline = socketChannel.pipeline();
3536

3637
if(sslHandlerProvider != null) {
37-
SslHandler sslHandler = sslHandlerProvider.getSslHandler(socketChannel.alloc());
38+
SslHandler sslHandler = sslHandlerProvider.getSslHandler(socketChannel);
3839
pipeline.addLast(sslHandler);
3940
}
4041
pipeline.addLast(new HttpServerCodec());

src/main/java/org/logstash/plugins/inputs/http/util/SslHandlerProvider.java

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
11
package org.logstash.plugins.inputs.http.util;
22

33
import io.netty.buffer.ByteBufAllocator;
4+
import io.netty.channel.socket.SocketChannel;
45
import io.netty.handler.ssl.SslContext;
56
import io.netty.handler.ssl.SslHandler;
67
import org.apache.logging.log4j.LogManager;
78
import org.apache.logging.log4j.Logger;
89

910
import javax.net.ssl.SSLEngine;
11+
import javax.net.ssl.SSLParameters;
12+
import java.net.InetSocketAddress;
1013
import java.util.Arrays;
1114

1215
public class SslHandlerProvider {
@@ -28,14 +31,20 @@ public SslHandlerProvider(SslContext sslContext) {
2831
this.sslContext = sslContext;
2932
}
3033

31-
public SslHandler getSslHandler(ByteBufAllocator bufferAllocator) {
34+
public SslHandler getSslHandler(final SocketChannel socketChannel) {
35+
final InetSocketAddress remoteAddress = socketChannel.remoteAddress();
36+
final String peerHost = remoteAddress.getHostString();
37+
final int peerPort = remoteAddress.getPort();
38+
final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc(), peerHost, peerPort);
3239

33-
SslHandler sslHandler = sslContext.newHandler(bufferAllocator);
34-
35-
SSLEngine engine = sslHandler.engine();
40+
final SSLEngine engine = sslHandler.engine();
3641
engine.setEnabledProtocols(protocols);
3742
engine.setUseClientMode(false);
3843

44+
final SSLParameters sslParameters = engine.getSSLParameters();
45+
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
46+
engine.setSSLParameters(sslParameters);
47+
3948
if (verifyMode == SslClientVerifyMode.FORCE_PEER) {
4049
// Explicitly require a client certificate
4150
engine.setNeedClientAuth(true);

0 commit comments

Comments
 (0)