Skip to content

fix: Add x509 key pair to config #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Add x509 key pair to config #141

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# CHANGELOG

## 1.10.0
## 10.0.1
* Support x509 Key Pair option

## 1.10.0
* Refactor Fluent Logger for Improved Thread Safety and Error Handling
* Follow the recent Golang module updates
* Stabilize testing on CI
Expand Down
21 changes: 21 additions & 0 deletions fluent/fluent.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ const (
// Default value whether to skip checking insecure certs on TLS connections.
defaultTlsInsecureSkipVerify = false
defaultReadTimeout = time.Duration(0) // Read() will not time out

// Default values for cert and key pair
defaultTlsCertFile = ""
defaultTlsKeyFile = ""
)

// randomGenerator is used by getUniqueId to generate ack hashes. Its value is replaced
Expand Down Expand Up @@ -82,6 +86,10 @@ type Config struct {

// ReadTimeout specifies the timeout on reads. Currently only acks are read.
ReadTimeout time.Duration `json:"read_timeout"`

// Cert file and key file
TlsCertFile string `json: "tls_cert_file"`
TlsKeyFile string `json: "tls_key_file"`
}

type ErrUnknownNetwork struct {
Expand Down Expand Up @@ -171,6 +179,12 @@ func newWithDialer(config Config, d dialer) (f *Fluent, err error) {
if !config.TlsInsecureSkipVerify {
config.TlsInsecureSkipVerify = defaultTlsInsecureSkipVerify
}
if config.TlsCertFile == "" {
config.TlsCertFile = defaultTlsCertFile
}
if config.TlsKeyFile == "" {
config.TlsKeyFile = defaultTlsKeyFile
}
if config.AsyncConnect {
fmt.Fprintf(os.Stderr, "fluent#New: AsyncConnect is now deprecated, please use Async instead")
config.Async = config.Async || config.AsyncConnect
Expand Down Expand Up @@ -465,6 +479,13 @@ func (f *Fluent) connect(ctx context.Context) (err error) {
f.Config.FluentHost+":"+strconv.Itoa(f.Config.FluentPort))
case "tls":
tlsConfig := &tls.Config{InsecureSkipVerify: f.Config.TlsInsecureSkipVerify}
if (f.Config.TlsCertFile != "") && (f.Config.TlsKeyFile != "") {
cert, err := tls.LoadX509KeyPair(f.Config.TlsCertFile, f.Config.TlsKeyFile)
if err != nil {
return err
}
tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}, InsecureSkipVerify: f.Config.TlsInsecureSkipVerify}
}
f.conn, err = tls.DialWithDialer(
&net.Dialer{Timeout: f.Config.Timeout},
"tcp",
Expand Down