Skip to content

Commit

Permalink
fix: provide ssl engine with advisory peer and algorithm info
Browse files Browse the repository at this point in the history
  • Loading branch information
yaauie committed Nov 11, 2022
1 parent db4c019 commit eff4e24
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 5 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
## 6.4.3
- Fix: provide SSL engine with advisory peer and algorithm information [#458](https://github.com/logstash-plugins/logstash-input-beats/issues/458)

## 6.4.2
- Build: do not package jackson dependencies [#455](https://github.com/logstash-plugins/logstash-input-beats/pull/455)

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
6.4.2
6.4.3
23 changes: 19 additions & 4 deletions src/main/java/org/logstash/netty/SslHandlerProvider.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import java.net.InetSocketAddress;

public class SslHandlerProvider {

private final SslContext sslContext;
Expand All @@ -14,9 +18,20 @@ public SslHandlerProvider(SslContext context, int sslHandshakeTimeoutMillis){
this.sslHandshakeTimeoutMillis = sslHandshakeTimeoutMillis;
}

public SslHandler sslHandlerForChannel(final SocketChannel socket) {
SslHandler handler = sslContext.newHandler(socket.alloc());
handler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis);
return handler;
public SslHandler sslHandlerForChannel(final SocketChannel socketChannel) {
final InetSocketAddress remoteAddress = socketChannel.remoteAddress();
final String peerHost = remoteAddress.getHostString();
final int peerPort = remoteAddress.getPort();
final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc(), peerHost, peerPort);

final SSLEngine engine = sslHandler.engine();
engine.setUseClientMode(false);

final SSLParameters sslParameters = engine.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
engine.setSSLParameters(sslParameters);

sslHandler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis);
return sslHandler;
}
}

0 comments on commit eff4e24

Please sign in to comment.