Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Description of SSL related options is incomplete/confusing #225

Closed
yrro opened this issue Mar 22, 2022 · 2 comments · Fixed by #226
Closed

Description of SSL related options is incomplete/confusing #225

yrro opened this issue Mar 22, 2022 · 2 comments · Fixed by #226

Comments

@yrro
Copy link
Contributor

yrro commented Mar 22, 2022

  • insecure_ssl (bool)

Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to false by default. Ensure parameter ca_file is not configured in order to allow insecure SSL connections when this value is set to true.

The portion in bold would be better written as: "If set to false, the plugin will verify the TLS server certificate presented by Splunk against the CA certificates provided by the ca_file/ca_path options; if verification fails, the connection will fail."

The portion in italics remains a mystery to me. I think it would be best to remove it. Looking at the code I can't see why setting ca_file would override the value of ssl_insecure.

ca_file (string)

The path to a file containing a PEM-format CA certificate.

Would be better written as: "The path to a file containing CA cerificates in PEM format. The plugin will verify the TLS server certificate presented by Splunk against the certificates in this file, unless verification is disabled by the ssl_insecure option."

ca_path (string)

The path to a directory containing CA certificates in PEM format.

Would be better written as: "The path to a directory containing CA certificates in PEM format. The plugin will verify the TLS server certificate presented by Splunk against the certificates in this file, unless verification is disabled by the ssl_insecure option."
@hvaghani221
Copy link
Contributor

Hey @yrro, thanks for suggesting doc changes. Can you raise PR with suggested doc changes? Any help would be appreciated.

yrro added a commit to yrro/fluent-plugin-splunk-hec that referenced this issue Mar 23, 2022
@yrro
Improve documentation for TLS/SSL related options
b296753 
Fixes splunk#225
@yrro
Copy link
Contributor Author

yrro commented Mar 23, 2022

Of course. I made a couple of other README improvements in the linked PR.

@hvaghani221 hvaghani221 linked a pull request Mar 23, 2022 that will close this issue
SSL options wording improvements #226
Merged
9 tasks
hvaghani221 pushed a commit that referenced this issue Mar 24, 2022
@yrro
Improve documentation for TLS/SSL related options (#226)
a56e1be 
* Improve documentation for TLS/SSL related options

Fixes #225

* Fix inconsistent formatting in README
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SSL options wording improvements yrro/fluent-plugin-splunk-hec
2 participants
@yrro @hvaghani221