logstash-input-tcp 5.1.0-java → 5.2.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4bdc4fa864025d5a16b2df9fa53895cede35c8ec8dbea33d9860abed4f69c8ff
-  data.tar.gz: 81f17ce76abfb8461e4c5ac8f6d844912cb718794daf46b37c1ad3d5db699583
+  metadata.gz: 5f821e3a9df2b90606b5fd46026262b5c7a0054d5e24bf7545d322efbedec40a
+  data.tar.gz: 202f4eeb3fe522d4df635599b7557faaab6884db8d80c1a92a17f140915c1d02
 SHA512:
-  metadata.gz: 7042bdc571be68b767a0c8968b2e58f3a3e680b75df7f545286e3510739b427e462cd4faf2202daf52bfee18f4a92ec5bad3aec475cb23f5d255fb2a754f489a
-  data.tar.gz: 5d97f02d553595cf493fc704c091e870653d5179017dfa677ec68223e56d7d7fd29e5912040df4e4274ace070e6f1aece3bb4c9904a7d5d310e675446fd9cae3
+  metadata.gz: cee3f82c41bfefea68c3e0337a5ad15f50e17ba6e72fe4fbcf004c6580d755107d47435667c73022938fe852a7e4a7401e793f6640c70bac0486f8fcbbd63642
+  data.tar.gz: a588b4ca240e7eb9e6cca0aec296999270c89b375d7b8038de989529447bf8f5df1c38faae49d71821f2051906e34e32e5f834f248ad2a2856583a7b16704caf

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 5.2.0
+  - Added support for pkcs1 and pkcs8 key formats [#122](https://github.com/logstash-plugins/logstash-input-tcp/issues/122)
+  - Changed server-mode SSL to run on top of Netty [#122](https://github.com/logstash-plugins/logstash-input-tcp/issues/122)
+  - Changed travis testing infra to use logstash tarballs [#122](https://github.com/logstash-plugins/logstash-input-tcp/issues/122)
+  - Fixed certificate chain handling and validation [#124](https://github.com/logstash-plugins/logstash-input-tcp/issues/124)
+
 ## 5.1.0
  - Added new configuration option `dns_reverse_lookup_enabled` to allow users to disable costly DNS reverse lookups [#100](https://github.com/logstash-plugins/logstash-input-tcp/issues/100)
 

data/Gemfile

@@ -9,3 +9,7 @@ if Dir.exist?(logstash_path) && use_logstash_source
   gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
   gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
 end
+
+if RUBY_VERSION == "1.9.3"
+  gem 'rake', '12.2.1'
+end

data/docs/index.asciidoc

@@ -83,6 +83,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
 | <<plugins-{type}s-{plugin}-proxy_protocol>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_cert>> |a valid filesystem path|No
+| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_enable>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_extra_chain_certs>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
@@ -140,7 +141,17 @@ http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
   * Value type is <<path,path>>
   * There is no default value for this setting.
 
-SSL certificate path
+Path to certificate in PEM format. This certificate will be presented
+to the connecting clients.
+
+[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
+===== `ssl_extra_chain_certs`
+
+  * Value type is <<array,array>>
+  * Default value is `[]`
+
+Validate client certificate or certificate chain against these authorities.
+You can define multiple files or paths. All the certificates will be read and added to the trust store.
 
 [id="plugins-{type}s-{plugin}-ssl_enable"]
 ===== `ssl_enable` 
@@ -156,8 +167,9 @@ Enable SSL (must be set for other `ssl_` options to take effect).
   * Value type is <<array,array>>
   * Default value is `[]`
 
-An Array of extra X509 certificates to be added to the certificate chain.
-Useful when the CA chain is not necessary in the system store.
+An Array of paths to extra X509 certificates.
+These are used together with the certificate to construct the certificate chain
+presented to the client.
 
 [id="plugins-{type}s-{plugin}-ssl_key"]
 ===== `ssl_key` 
@@ -165,7 +177,7 @@ Useful when the CA chain is not necessary in the system store.
   * Value type is <<path,path>>
   * There is no default value for this setting.
 
-SSL key path
+The path to the private key corresponding to the specified certificate (PEM format).
 
 [id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
 ===== `ssl_key_passphrase` 
@@ -173,7 +185,7 @@ SSL key path
   * Value type is <<password,password>>
   * Default value is `nil`
 
-SSL key passphrase
+SSL key passphrase for the private key.
 
 [id="plugins-{type}s-{plugin}-ssl_verify"]
 ===== `ssl_verify` 

data/lib/logstash/inputs/tcp.rb

@@ -6,6 +6,7 @@ require "logstash/inputs/base"
 require "logstash/util/socket_peer"
 require "logstash-input-tcp_jars"
 require "logstash/inputs/tcp/decoder_impl"
+require "logstash/inputs/tcp/compat_ssl_options"
 
 require "socket"
 require "openssl"
@@ -105,6 +106,9 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   # Useful when the CA chain is not necessary in the system store.
   config :ssl_extra_chain_certs, :validate => :array, :default => []
 
+  # Validate client certificates against these authorities. You can define multiple files or paths. All the certificates will be read and added to the trust store.
+  config :ssl_certificate_authorities, :validate => :array, :default => []
+
   # Instruct the socket to use TCP keep alives. Uses OS defaults for keep alive settings.
   config :tcp_keep_alive, :validate => :boolean, :default => false
 
@@ -143,22 +147,17 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
 
     @logger.info("Starting tcp input listener", :address => "#{@host}:#{@port}", :ssl_enable => "#{@ssl_enable}")
     if server?
-      if @ssl_enable
-        self.server_socket = new_server_socket
-      else
-        @loop = InputLoop.new(@host, @port, DecoderImpl.new(@codec, self), @tcp_keep_alive)
-      end
+      ssl_context = get_ssl_context(SslOptions)
+
+      @loop = InputLoop.new(@host, @port, DecoderImpl.new(@codec, self), @tcp_keep_alive,
+                            ssl_context, @logger.to_java(org.apache.logging.log4j.Logger))
     end
   end
 
   def run(output_queue)
     @output_queue = output_queue
     if server?
-      if @ssl_enable
-        run_ssl_server
-      else
-        @loop.run
-      end
+      @loop.run
     else
       run_client()
     end
@@ -206,30 +205,6 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
 
   private
 
-  RUN_LOOP_ERROR_MESSAGE="TCP input server encountered error"
-  def run_ssl_server()
-    while !stop?
-      begin
-        socket = add_connection_socket(server_socket.accept)
-        # start a new thread for each connection.
-        server_connection_thread(socket)
-      rescue OpenSSL::SSL::SSLError => e
-        # log error, close socket, accept next connection
-        @logger.debug? && @logger.debug("SSL Error", :exception => e, :backtrace => e.backtrace)
-      rescue => e
-        @logger.error(
-          RUN_LOOP_ERROR_MESSAGE, 
-          :message => e.message,
-          :class => e.class.name,
-          :backtrace => e.backtrace
-        )
-      end
-    end
-  ensure
-    # catch all rescue nil on close to discard any close errors or invalid socket
-    server_socket.close rescue nil
-  end
-
   def run_client()
     while !stop?
       self.client_socket = new_client_socket
@@ -240,17 +215,6 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
     client_socket.close rescue nil
   end
 
-  def server_connection_thread(socket)
-    Thread.new(socket) do |s|
-      begin
-        @logger.debug? && @logger.debug("Accepted connection", :client => s.peer, :server => "#{@host}:#{@port}")
-        handle_socket(s)
-      ensure
-        delete_connection_socket(s)
-      end
-    end
-  end
-
   def handle_socket(socket)
     client_address = socket.peeraddr[3]
     client_ip_address = socket.peeraddr[2]
@@ -317,6 +281,10 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
       @ssl_context = OpenSSL::SSL::SSLContext.new
       @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
       @ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase.value)
+      if @ssl_extra_chain_certs.any?
+        @ssl_context.extra_chain_cert = @ssl_extra_chain_certs.map {|cert_path| OpenSSL::X509::Certificate.new(File.read(cert_path)) }
+        @ssl_context.extra_chain_cert.unshift(OpenSSL::X509::Certificate.new(File.read(@ssl_cert)))
+      end
       if @ssl_verify
         @ssl_context.cert_store  = load_cert_store
         @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
@@ -332,28 +300,12 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   def load_cert_store
     cert_store = OpenSSL::X509::Store.new
     cert_store.set_default_paths
-    @ssl_extra_chain_certs.each do |cert|
+    @ssl_certificate_authorities.each do |cert|
       cert_store.add_file(cert)
     end
     cert_store
   end
 
-  def new_server_socket
-    begin
-      socket = TCPServer.new(@host, @port)
-      socket.setsockopt(Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, @tcp_keep_alive)
-    rescue Errno::EADDRINUSE
-      @logger.error("Could not start TCP server: Address in use", :host => @host, :port => @port)
-      raise
-    end
-
-    if @ssl_enable
-      socket = OpenSSL::SSL::SSLServer.new(socket, ssl_context)
-      socket.setsockopt(Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, @tcp_keep_alive)
-    end
-    socket
-  end
-
   def new_client_socket
     socket = TCPSocket.new(@host, @port)
     socket.setsockopt(Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, @tcp_keep_alive)
@@ -409,4 +361,16 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   def connection_sockets
     @socket_mutex.synchronize{@connection_sockets.keys.dup}
   end
+
+  def get_ssl_context(options_class)
+    ssl_context = options_class.builder
+      .set_is_ssl_enabled(@ssl_enable)
+      .set_should_verify(@ssl_verify)
+      .set_ssl_cert(@ssl_cert)
+      .set_ssl_key(@ssl_key)
+      .set_ssl_key_passphrase(@ssl_key_passphrase.value)
+      .set_ssl_extra_chain_certs(@ssl_extra_chain_certs.to_java(:string))
+      .set_ssl_certificate_authorities(@ssl_certificate_authorities.to_java(:string))
+      .build.toSslContext()
+  end
 end

data/lib/logstash/inputs/tcp/compat_ssl_options.rb

@@ -0,0 +1,103 @@
+require 'openssl'
+
+java_import 'io.netty.handler.ssl.ClientAuth'
+java_import 'io.netty.handler.ssl.SslContextBuilder'
+java_import 'java.io.FileInputStream'
+java_import 'java.io.FileReader'
+java_import 'java.security.cert.CertificateFactory'
+java_import 'java.security.cert.X509Certificate'
+java_import 'org.bouncycastle.asn1.pkcs.PrivateKeyInfo'
+java_import 'org.bouncycastle.openssl.PEMKeyPair'
+java_import 'org.bouncycastle.openssl.PEMParser'
+java_import 'org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter'
+
+# Simulate a normal SslOptions builder:
+#
+#     ssl_context = SslOptions.builder
+#       .set_is_ssl_enabled(@ssl_enable)
+#       .set_should_verify(@ssl_verify)
+#       .set_ssl_cert(@ssl_cert)
+#       .set_ssl_key(@ssl_key)
+#       .set_ssl_key_passphrase(@ssl_key_passphrase.value)
+#       .set_ssl_extra_chain_certs(@ssl_extra_chain_certs.to_java(:string))
+#       .set_ssl_certificate_authorities(@ssl_certificate_authorities.to_java(:string))
+#       .build.toSslContext()
+class SslOptions
+  def self.builder
+    new
+  end
+
+  def set_is_ssl_enabled(boolean)
+    @ssl_enabled = boolean
+    self
+  end
+
+  def set_should_verify(boolean)
+    @ssl_verify = boolean
+    self
+  end
+
+  def set_ssl_cert(path)
+    @ssl_cert_path = path
+    self
+  end
+
+  def set_ssl_key(path)
+    @ssl_key_path = path
+    self
+  end
+
+  def set_ssl_key_passphrase(passphrase)
+    @ssl_key_passphrase = passphrase
+    self
+  end
+
+  def set_ssl_extra_chain_certs(certs)
+    @ssl_extra_chain_certs = certs
+    self
+  end
+
+  def set_ssl_certificate_authorities(certs)
+    @ssl_certificate_authorities = certs
+    self
+  end
+
+  def build; self; end
+
+  def toSslContext
+    return nil unless @ssl_enabled
+
+    # create certificate object
+    cf = CertificateFactory.getInstance("X.509")
+    cert_chain = []
+    cert_chain << cf.generateCertificate(FileInputStream.new(@ssl_cert_path))
+
+    # convert key from pkcs1 to pkcs8 and get PrivateKey object
+    pem_parser = PEMParser.new(FileReader.new(@ssl_key_path))
+
+    case obj = pem_parser.read_object
+    when PEMKeyPair # likely pkcs#1
+      private_key = JcaPEMKeyConverter.new.get_key_pair(obj).private
+    when PrivateKeyInfo # likely pkcs#8
+      private_key = JcaPEMKeyConverter.new.get_private_key(obj)
+    else
+      raise "Could not recognize 'ssl_key' format. Class: #{obj.class}"
+    end
+
+    @ssl_extra_chain_certs.each do |cert|
+      cert_chain << cf.generateCertificate(FileInputStream.new(cert))
+    end
+    sslContextBuilder = SslContextBuilder.forServer(private_key, @ssl_key_passphrase, cert_chain.to_java(java.security.cert.X509Certificate))
+
+    trust_certs = @ssl_certificate_authorities.map do |cert|
+      cf.generateCertificate(FileInputStream.new(cert))
+    end
+
+    if trust_certs.any?
+      sslContextBuilder.trustManager(trust_certs.to_java(java.security.cert.X509Certificate))
+    end
+
+    sslContextBuilder.clientAuth(@ssl_verify ? ClientAuth::REQUIRE : ClientAuth::NONE)
+    sslContextBuilder.build()
+  end
+end

data/spec/inputs/tcp_spec.rb

@@ -9,6 +9,8 @@ require "stud/task"
 require "flores/pki"
 require "openssl"
 
+java_import "io.netty.handler.ssl.util.SelfSignedCertificate"
+
 require_relative "../spec_helper"
 
 #Cabin::Channel.get(LogStash).subscribe(STDOUT)
@@ -310,13 +312,14 @@ describe LogStash::Inputs::Tcp do
   #   - pipelineless_input has been basically copied from the udp input specs, it should be DRYied up
   #   - see if we should miminc the udp input UDPClient helper class instead of directly using TCPSocket
 
-  describe "LogStash::Inputs::Tcp new specs style" do
+  context "LogStash::Inputs::Tcp new specs style" do
 
     before do
       srand(RSpec.configuration.seed)
     end
 
-    subject { LogStash::Plugin.lookup("input", "tcp").new({ "port" => port }) }
+    let(:config) { { "port" => port } }
+    subject { described_class.new(config) }
     let!(:helper) { TcpHelpers.new }
 
     after :each do
@@ -324,9 +327,62 @@ describe LogStash::Inputs::Tcp do
     end
 
     describe "#register" do
+
       it "should register without errors" do
         expect { subject.register }.to_not raise_error
       end
+
+      context "when using ssl" do
+        let(:config) do
+          {
+            "host" => "127.0.0.1",
+            "port" => port,
+            "ssl_enable" => true,
+            "ssl_cert" => certificate_file.path,
+            "ssl_key" => key_file.path,
+            "ssl_extra_chain_certs" => certificate_file.path
+          }
+        end
+
+        context "with pkcs#1 keys" do
+          let(:pki) { Flores::PKI.generate }
+          let(:certificate) { pki[0] }
+          let(:key) { pki[1] }
+          let(:certificate_file) { Stud::Temporary.file }
+          let(:key_file) { Stud::Temporary.file }
+
+          before do
+            certificate_file.write(certificate)
+            key_file.write(key)
+            certificate_file.close
+            key_file.close
+          end
+
+          it "should configure ssl manager correctly without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+          after do
+            File.unlink(certificate_file.path)
+            File.unlink(key_file.path)
+          end
+
+        end
+
+        context "with pkcs#8 keys" do
+          let(:ssc) { SelfSignedCertificate.new }
+          let(:certificate_file) { ssc.certificate }
+          let(:key_file) { ssc.private_key}
+
+          it "should configure ssl manager correctly without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+          after do
+            ssc.delete
+          end
+        end
+      end
     end
 
     describe "#receive" do
@@ -335,11 +391,9 @@ describe LogStash::Inputs::Tcp do
       end
 
       context "when ssl_enable is true" do
-        let(:pki) { Flores::PKI.generate }
-        let(:certificate) { pki[0] }
-        let(:key) { pki[1] }
-        let(:certificate_file) { Stud::Temporary.file }
-        let(:key_file) { Stud::Temporary.file }
+        let(:ssc) { SelfSignedCertificate.new }
+        let(:certificate_file) { ssc.certificate }
+        let(:key_file) { ssc.private_key}
         let(:queue) { Queue.new }
 
         let(:config) do
@@ -349,35 +403,60 @@ describe LogStash::Inputs::Tcp do
             "ssl_enable" => true,
             "ssl_cert" => certificate_file.path,
             "ssl_key" => key_file.path,
-
-            # Trust our self-signed cert.
-            # TODO(sissel): Make this a separate certificate for the client
-            "ssl_extra_chain_certs" => certificate_file.path
+            "ssl_certificate_authorities" => [ certificate_file.path ]
           }
         end
 
-        subject(:input) { LogStash::Plugin.lookup("input", "tcp").new(config) }
+        let(:input) { subject }
+        before(:each) { input.register }
+        after(:each) { ssc.delete }
+
+        context "when using a certificate chain" do
+          let(:chain_of_certificates) { helper.chain_of_certificates }
+          let(:config) do
+            {
+              "host" => "127.0.0.1",
+              "port" => port,
+              "ssl_enable" => true,
+              "ssl_cert" => chain_of_certificates[:b_cert].path,
+              "ssl_key" => chain_of_certificates[:b_key].path,
+              "ssl_extra_chain_certs" => [ chain_of_certificates[:a_cert].path ],
+              "ssl_certificate_authorities" => [ chain_of_certificates[:root_ca].path ],
+              "ssl_verify" => true
+            }
+          end
+          let(:tcp) { TCPSocket.new("127.0.0.1", port) }
+          let(:sslcontext) do
+            sslcontext = OpenSSL::SSL::SSLContext.new
+            sslcontext.verify_mode = OpenSSL::SSL::VERIFY_PEER
+            sslcontext.ca_file = chain_of_certificates[:root_ca].path
+            sslcontext.cert = OpenSSL::X509::Certificate.new(File.read(chain_of_certificates[:aa_cert].path))
+            sslcontext.key = OpenSSL::PKey::RSA.new(File.read(chain_of_certificates[:aa_key].path))
+            sslcontext
+          end
+          let(:sslsocket) { OpenSSL::SSL::SSLSocket.new(tcp, sslcontext) }
+          let(:input_task) { Stud::Task.new { input.run(queue) } }
 
-        before do
-          certificate_file.write(certificate)
-          key_file.write(key)
+          before do
+            input_task
+          end
 
-          # Close to flush the file writes.
-          certificate_file.close
-          key_file.close
-          subject.register
-        end
+          it "should be able to connect and write data" do
+            sslsocket.connect
+            sslsocket.write("Hello world\n")
+            tcp.flush
+            sslsocket.close
+            tcp.close
+            result = input_task.thread.join(0.5)
+            expect(result).to be_nil
+            expect(queue.size).to eq(1)
+          end
 
-        after do
-          File.unlink(certificate_file.path)
-          File.unlink(key_file.path)
         end
 
         context "with a poorly-behaving client" do
           let!(:input_task) { Stud::Task.new { input.run(queue) } }
 
-          after { input.close }
-
           context "that disconnects before doing TLS handshake" do
             before do
               client = TCPSocket.new("127.0.0.1", port)
@@ -402,29 +481,6 @@ describe LogStash::Inputs::Tcp do
                 raise StandardError, "blah"
               end
             end
-
-            it "should log the error on accept" do
-              allow(input.logger).to receive(:error).with(any_args)
-              
-              stop = Thread.new {
-                sleep 2
-                input.do_stop
-              }
-              expect do
-                input.run(Queue.new)
-              end.not_to raise_error
-
-              expect(input.logger).to have_received(:error).with(
-                ::LogStash::Inputs::Tcp::RUN_LOOP_ERROR_MESSAGE,
-                :message => "blah",
-                :class => "StandardError",
-                :backtrace => anything
-              ).at_least(:once)
-
-              stop.join
-              # Wait for stop to actually happen
-              sleep 1
-            end
           end
 
           context "that sends garbage instead of TLS handshake" do
@@ -446,37 +502,6 @@ describe LogStash::Inputs::Tcp do
               expect(result).to be_nil
             end
           end
-
-          context "connection was healthy but now has garbage or corruption" do
-            let!(:input_task) { Stud::Task.new { input.run(queue) } }
-            let(:tcp) { TCPSocket.new("127.0.0.1", port) }
-            let(:sslcontext) { OpenSSL::SSL::SSLContext.new }
-            let(:sslsocket) { OpenSSL::SSL::SSLSocket.new(tcp, sslcontext) }
-            let(:max_length) { 1000 }
-            let(:garbage) { Flores::Random.iterations(max_length).collect { Flores::Random.integer(1...255) }.pack("C*") }
-
-            before do
-              sslcontext.cert = certificate
-              sslcontext.key = key
-              sslcontext.verify_mode = OpenSSL::SSL::VERIFY_NONE
-
-              sslsocket.connect
-              sslsocket.write("Hello world\n")
-
-              # Assertion to verify this test is actually sending something.
-              expect(garbage.length).to be > 0
-              tcp.write(garbage)
-              tcp.flush
-              sslsocket.close
-              tcp.close
-            end
-
-            it "should not negatively impact the plugin" do
-              # TODO(sissel): Look for a better way to detect this failure besides a sleep/wait.
-              result = input_task.thread.join(0.5)
-              expect(result).to be_nil
-            end
-          end
         end
 
         # TODO(sissel): Spec multiple clients where only one is bad.

data/version

@@ -1 +1 @@
-5.1.0
+5.2.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-tcp
 version: !ruby/object:Gem::Version
-  version: 5.1.0
+  version: 5.2.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-05 00:00:00.000000000 Z
+date: 2018-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -159,11 +159,12 @@ files:
 - docs/index.asciidoc
 - lib/logstash-input-tcp_jars.rb
 - lib/logstash/inputs/tcp.rb
+- lib/logstash/inputs/tcp/compat_ssl_options.rb
 - lib/logstash/inputs/tcp/decoder_impl.rb
 - logstash-input-tcp.gemspec
 - spec/inputs/tcp_spec.rb
 - spec/spec_helper.rb
-- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.1.0/logstash-input-tcp-5.1.0.jar
+- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.2.0/logstash-input-tcp-5.2.0.jar
 - version
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses: