logstash-output-elasticsearch 11.4.0-java → 11.4.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3932944b80f3ae81063657ab9255cb9504624d1c6c0634c547b69b38d4a9b4a9
-  data.tar.gz: b850f5abbe8ae00b62e379d6f7c90802172602f23a3ab0e3f67b1a4d8319bbea
+  metadata.gz: c1ce0504aa5082dc3fc958b72019f243c6cad0174bb883612c25eb5d7f8aedfe
+  data.tar.gz: 4d28c34d89b5a70a02c10ebd3b8d425111d3902bc58fb9e428acadee4a471646
 SHA512:
-  metadata.gz: 5bc64de78f7ca0808e377595774f63b874d753801bbee8722bcd58af6a556e9c8baae683359179b65ee5a282c321c40dbeda838a9caacb5fc7ff14e7fe63e294
-  data.tar.gz: 0ff0a9731418cb7858e51109c8392d4a7692629d85141eedfa7019d99bbc12d7b9f016bd21d976f390ba5d745e039be6998742107b0eded2525a8c4dc7d0bf5f
+  metadata.gz: d1d0680cf639e01b6c2a2a3b8eb87a2ad525764d006fb3cbfadc06c845925d9f1055075265d7327794e326b1a9df67308d85ebefafb38297bd2121499ecc2279
+  data.tar.gz: 285bafc2ffa2ae726bdafdb3176c193c7cd20979625e59cd7526445ae5243137e6dad37cc64208bb3494fc45afe44d913f7b7b4188fcf6b25faf1e9fb6a04d06

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 11.4.1
+ - Feat: upgrade manticore (http-client) library [#1063](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1063)
+   - the underlying changes include latest HttpClient (4.5.13)
+   - resolves an old issue with `ssl_certificate_verification => false` still doing some verification logic
+
 ## 11.4.0
  - Updates ECS templates [#1062](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1062)
    - Updates v1 templates to 1.12.1 for use with Elasticsearch 7.x and 8.x

data/Gemfile

@@ -12,4 +12,5 @@ end
 
 if RUBY_VERSION == "1.9.3"
   gem 'rake', '12.2.1'
-end
+end
+

data/lib/logstash/outputs/elasticsearch/http_client_builder.rb

@@ -133,12 +133,9 @@ module LogStash; module Outputs; class ElasticSearch;
         ssl_options[:keystore_password] = keystore_password.value if keystore_password
       end
       if !params["ssl_certificate_verification"]
-        logger.warn [
-                       "** WARNING ** Detected UNSAFE options in elasticsearch output configuration!",
-                       "** WARNING ** You have enabled encryption but DISABLED certificate verification.",
-                       "** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true"
-                     ].join("\n")
-        ssl_options[:verify] = false
+        logger.warn "You have enabled encryption but DISABLED certificate verification, " +
+                    "to make sure your data is secure remove `ssl_certificate_verification => false`"
+        ssl_options[:verify] = :disable # false accepts self-signed but still validates hostname
       end
       { ssl: ssl_options }
     end

data/logstash-output-elasticsearch.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-elasticsearch'
-  s.version         = '11.4.0'
+  s.version         = '11.4.1'
 
   s.licenses        = ['apache-2.0']
   s.summary         = "Stores logs in Elasticsearch"
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   # Special flag to let us know this is actually a logstash plugin
   s.metadata = { "logstash_plugin" => "true", "logstash_group" => "output" }
 
-  s.add_runtime_dependency "manticore", '>= 0.7.1', '< 1.0.0'
+  s.add_runtime_dependency "manticore", '>= 0.8.0', '< 1.0.0'
   s.add_runtime_dependency 'stud', ['>= 0.0.17', '~> 0.0']
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
   s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.0'

data/spec/fixtures/test_certs/test_invalid.crt

@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGVzCCBD+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJQVDEL
+MAkGA1UECAwCTkExDzANBgNVBAcMBkxpc2JvbjEOMAwGA1UECgwFTXlMYWIxDzAN
+BgNVBAMMBlJvb3RDQTAeFw0yMjAxMTgwNTA0MDZaFw0yNTAxMTgwNTA0MDZaMFIx
+CzAJBgNVBAYTAkxTMQswCQYDVQQIDAJOQTESMBAGA1UEBwwJRVMgT3V0cHV0MREw
+DwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAunKYkXLoAC14bdIveIZlImtrp2rkQ5Ugz/vGVWFJ
+YatJh9x5dmqJQeO1gpGayNedbwDI/50CTDoqwCz4aunMKpgQdKHryjeuR1zqElhC
+QLZtAkzM/pCkTnMYvXDfJrBZcSWP+ddlkH8ffmN0Fxf3LsKln+K5A4hASrVGSKYw
++eNDV7yIxdhthqD0xNRuw/j3lSLxwBbwKOs7Mh+xmdMa4vs3AKJvG9LdTm7xdHtD
+4rkQAA7TRQOR5pl+eDICRnNkGVzgPMdf2kM94ZU7TI1zUMqV1uPNE05Vps14kuWq
+Z84r8ecExCo6mQxrQ1M7Y2UBGa5NM9kb+UP1famANadEOlS5kAGEtcpHnh1WK+98
+4mxtMQJHIOOASde/coA3mZ4Oa8Z0Hzy3fsNvD9ieLo2V8yQN9UAQshbB1BEuOaRr
+9wQKT4jlnCinZ4UU6FpEJ7NIiZ9wBKqNbN8iySPYmRihOj6BDuEQB/W/K54KQB5n
+ctT6MsoTyTFgqe3Zn0owMrGCsSDJsvUcaAz7ZsnesoiFtKsYyRZAWJVcLO5R0FxZ
+YjCGk9stspLT1cqmJ8VbMLhiW7T4ZP+sZj3B+aSZWnS5r78I4G9sB9swDMJMjNRP
+O15zvQKIRluULhm9WhPET78Iy9Qg1zoiGdnzxBSZ9Sh8+yb57cCRD4da7eLne4Sb
+uU8CAwEAAaOCATwwggE4MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMG
+CWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFPqrHNv/8Io82JmzcNWBdaRmftvdMIGIBgNVHSMEgYAwfoAU
+oVp0nHjq6mJ/UGuFhnSK7yjbPyuhUKROMEwxCzAJBgNVBAYTAlBUMQswCQYDVQQI
+DAJOQTEPMA0GA1UEBwwGTGlzYm9uMQ4wDAYDVQQKDAVNeUxhYjEPMA0GA1UEAwwG
+Um9vdENBghRT5Ucn3UmwssDUYlgL5RyE1/DeETAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3
+DQEBCwUAA4ICAQDHt/3rR3rzESrZNNLIU+jbW6Vsfcr22mghhbdoU+pnkZB8Spzp
+AUqgmSlOOuz/3OMLPP64sj+gm9kiU177uBoqJUsnaAaV0LNvp+EIWIdskw0OGU2X
+uOslZK5EdYGqGgRlElnohPRXcFXwsh//QJYDmNnnC3Fk+ZjZQKjH4q4Ur8ECPqit
+wVnRXqlKfLRjWWzvTgoPTAN42KHP2R7xxIHdV+cXH6riLLvtkWcGJbfoQaSuNOvc
+GAIoQc2YmIiVsGZ82n9Ww2zO9ByqF+KfGgIFDTCp1CzpfLKLLhzMv/p4n2zf/BOb
+MCJJfljOewqmzMo48Wj2vk/46IAGl5uA6PnDwa0LNgomA9c6loDcYEOsCr69xL+D
+7GL/Jzm9HaTE97lRGVwoKBG0hKabFEfOueKB6Oab8bVTuY99kbbRaFZs7I9QYVQy
+eY38YJv5kN3yAjFclO39R8cAngqecbQDZ7xTl7dF7CvrpAoNI8olL01Kjy/+vfX4
+WAMO9YONnVPwwB05voRZfKErVKi9iwAWa5m9DdtE5QdfjcsXZkITW2CF2skSgujw
+BS8P8Z+HccKa+qEPQM+eBWjrlzlx/XC2iXKE1w4zZL0wRgY7+W4dIMgJmPmV/Gue
+5wSnZtMueBdyKy+xFrJcszoakKg/JfSesKfnVLC+60EL2FQqbrGCEiTp2A==
+-----END CERTIFICATE-----

data/spec/fixtures/test_certs/test_invalid.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAunKYkXLoAC14bdIveIZlImtrp2rkQ5Ugz/vGVWFJYatJh9x5
+dmqJQeO1gpGayNedbwDI/50CTDoqwCz4aunMKpgQdKHryjeuR1zqElhCQLZtAkzM
+/pCkTnMYvXDfJrBZcSWP+ddlkH8ffmN0Fxf3LsKln+K5A4hASrVGSKYw+eNDV7yI
+xdhthqD0xNRuw/j3lSLxwBbwKOs7Mh+xmdMa4vs3AKJvG9LdTm7xdHtD4rkQAA7T
+RQOR5pl+eDICRnNkGVzgPMdf2kM94ZU7TI1zUMqV1uPNE05Vps14kuWqZ84r8ecE
+xCo6mQxrQ1M7Y2UBGa5NM9kb+UP1famANadEOlS5kAGEtcpHnh1WK+984mxtMQJH
+IOOASde/coA3mZ4Oa8Z0Hzy3fsNvD9ieLo2V8yQN9UAQshbB1BEuOaRr9wQKT4jl
+nCinZ4UU6FpEJ7NIiZ9wBKqNbN8iySPYmRihOj6BDuEQB/W/K54KQB5nctT6MsoT
+yTFgqe3Zn0owMrGCsSDJsvUcaAz7ZsnesoiFtKsYyRZAWJVcLO5R0FxZYjCGk9st
+spLT1cqmJ8VbMLhiW7T4ZP+sZj3B+aSZWnS5r78I4G9sB9swDMJMjNRPO15zvQKI
+RluULhm9WhPET78Iy9Qg1zoiGdnzxBSZ9Sh8+yb57cCRD4da7eLne4SbuU8CAwEA
+AQKCAgEAjd1oLTOrR4dRnO5S5HgON9RYg3iX2rx7zQUb8hcmSMSWHGQrn2iMq6/h
+iknT5oH47l9AkQ4ck3em07bkBiWDDd3Kl5Qk3ybi2rXd/LtfHfIwm5FoYUIZYv+8
+kVhy0vNX+vnDxSyZwQqZIgf2ayP3FoNQlolikUd4899ebSTXGyxLL1TrFO8K12dd
+Fu80oLStXbLLE4fgkKH71rW64vp3+MGBJmBx/k/ByE4uNp0cGEUL4Z9mLZr7xuSA
+EGCszoI6Zfn/PP/O9To4uY5dInB2j8C1pl6KyefO0C6DUfKiaH29fkBzpfcjwxRq
+AT4xb/2IisvPPmYyHMYS4ty4CxsMk7Cu5q+DlmRMa7ShOOdSAw+1k7yUl3rodXuu
+48k806s1cpoowo1aiNYMlZ6scQ0GtYU9/KfeWyfzO3QzgNguyAXifZNepU6qumUw
+S3670/1O/7KfpUCd8zgGmbHXlm6lhGj6ZHRDVDvp9/RKkqySbTGuWAXRgK3iLvEg
+26KTBtqW6WMx0XsZf7T2CDfXqdL+XzDrYNl9GB5rqgCjBUmsaK9QdwDGw4oFY3+k
+9KzBYj7wE7/W9vjBNBoWg/821McHJyYDaFCdOyC0YkppZKNENMcUkNE1noXQB7w5
+ib0NPWum//H+DT+F2iKOzP7N5f4XpHUSRnpYQ3C3d3Jt7n9NRoECggEBAObPgZd/
+ZnrgZtt++tMAsG8wEfjPS4GM/vbAdNJFruT1zamwIQv4ba/7/m2UO2nIpS1T6vBR
+MeVjsaueNe2K/9iRbXWKidTj38EnWCeEQQek9+bCjXqW01WjF+fomXYGSOj2RUWx
+5z7CcsfFe2N4yQxZEv9ynf2PZsA90F5FGcm7RvputhcY79Oyq8/baQmT2JpJMbHT
+X3J1usCQyIBjaGRErh0rSwXKcNL09Z1P5t4TDkZ+bctzO3s/0qdgS0E3keilyE4L
+cKe+hoGl8CsCaUBSmzY5evuLVChoZi6Pwlk84+CxFm5O9l505Bmphb22vZXII3ZS
+k7zDIJEBRzN+Sy8CggEBAM7LqE0yy56c55itsWQOKAVYyObn7HdwylQvd3OaEDhG
+L5MFFdif/GeLHcNzv2eRnd2n7cyjDfHR7znw9H0/xlLlloxonGiGR3XXCGexQYBY
+lJPkeCQRPAqNWXxUKsSPaChXJROsXRy6G2dgcdruM88z9iKnyeu8Ky++y8r6DLrm
+niTcRdqzz2HiGbnUyYdH7mg3IVT5LZsXxNyLAN+t4r0LmeZkijCC5xUd1brOxEAM
+h36qJZ1XXAGmhPgYW31VAqyDZ4oL9PGXEU/MCrxp8xHflbBOWBLm80gYmbZzxvvK
+4aGdXYWRmlEI3MS+HsvtcGXh4WOE1nLSU3cvDDIBa+ECggEBAKO+hvORoIR/+rix
+hwR2srTO55EajzijbKZltvsOEJvCfltp5qf1YOu+3Kukw9myTOyxYjWHhNx2M6/L
+F/sj54oe8ga3eD0eRLllTjcKro/byztcvr4/jkJs6CLQcz62CrerL03YfnOZw5BS
+W80f/ZHTB5VOHSOrvnuX3uFiKH9ja2FzdZ9BQ7NuSFG4GPaAeuRKFQVRLZ+oQgsn
+K/dZjs/Dobpz4k+DZTNkMXOfIexenHwKaZ4ya/puNuYjfIASCmOAaXBk0VFP62DC
+9nWsyjql4BNCCCu4lsXr+sIBnyFr/0aCm6U6Q7KTPtet2oHSyQEf8XiZ8NGzpMD6
+pSa07GUCggEBAJc0JCAmJuoX0eM6BT2ieDLIo0TqiWUf7GC3wECfgoKTFxAJpNqa
+yCQxfRa/WFFzEJnUwrRg+L47AQ89lpbJ/cn5IyYRC2QF4tRP4U5oNfuRSToF0K6W
+h28zwR1+MTM9pCvy5CJJYl+x2H2y8CzjBLDZTnwycRrToEQt3rbQNGSoYTOUd+Mc
+nGL2vla5No2a08ARp2aJN4ZyT7fuTzo9207c36+tDbnAzRQMl40ayDYIsz2zTQOJ
+r7VpO0poDOVMNkNLZXZznarUCY1uJN91HIySDdI2xoEzquipTCMy7miHBIl2Fb6n
+Is1jjICyfrQfLZLhITryExcroGnB1cnubiECggEAdOeyL1Q0MC59nbZ3E0OwCSMe
+HAEbcEp8J6nyyxJ+VVSVSmh5SIEajSh5PPkrzzqKkVo6LSXvHeiwvx5R302RBIew
+GZ41oUJA5ApPWAiZo/pusRR0nnClBXPSqFOb7uYuDTXuma2rWcN3xt4L1zGbSMS7
+de3Wsp6kVv3q2uF/2fv78BwpwaRQaDcmw269iSHjMAtVbBm2QIkN4FI+4CCUdn7H
+plUAW5CXWtAHRKFJwjF/I8PYAlyvGb4i8ll/RK5hworj1VrPgnKIg2JP8LcAm1a4
+9sk2DRryU+7PZBWgqaXeTfoDUzdcKmWx/jbGPP7Wlvh3Ao6ityQ0pauWZKzSFg==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/test_certs/test_self_signed.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdzCCA1+gAwIBAgIUNtmhsOlqXXLvFvsvImAvs9ZrnFkwDQYJKoZIhvcNAQEL
+BQAwSzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMQswCQYDVQQHDAJFUzERMA8G
+A1UECgwITG9nc3Rhc2gxDzANBgNVBAMMBmNsaWVudDAeFw0yMjAxMTgxMzIwMDNa
+Fw0yNTAxMTgxMzIwMDNaMEsxCzAJBgNVBAYTAkxTMQswCQYDVQQIDAJOQTELMAkG
+A1UEBwwCRVMxETAPBgNVBAoMCExvZ3N0YXNoMQ8wDQYDVQQDDAZjbGllbnQwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDT+NYvZzi7y2RHvklPQ7BYV478
+A+nN/ncakJ0JjmdekwDhUjb8VO/YxN68FyLargI89hsa9Aw20GRZrtibUYfl2qZy
+CW5Gydl/t2evCbO2mIcObImsagp/wNbPfopX8efU1aK3KPSlES0qDX6oB2hl9Afx
+oeJY+NBlg1xhVWC8/WAKxG/me9XPYhsOSVYR8UiA2RkPnhSND6dqqR+KGUdhxcZH
+rB2Y/fHyy2uAgErWguNSvVRudy7yZn5eAIhV2cI+710SOGPIXPbMPzdJBiNFNhaK
+QSCze+lC7xJg2lYhR+2H3DofhftemPMLPtFauVUe1xm5rP/hrVSbZuNN8DEffpAO
+whhgsDDmkAh8oY+OTSWCdjKHrir+Dbqo/OfmMK5tkC12LP2e45nvGKLrJGsHtBeP
++l3edtYLy0lvKVXvF/3krujTQYrA04Gqb9JKsvUSFarlhiY3dmJ1+na3kCNRu5Ei
+oFlvr8uWJLeEFTll6ahTGkCnWZ5bHP1NNYD4JRwTNtujArtWxEEomoiyjgw3RfHE
+pGlSaljnCvP9OX72zfrpfbQJx937CEt22jVTyKls4TPvkX+bKXHUVNG0xDlMcUK/
++DdTDLxD+j0gBJofSD/uWeWd8VhwSG7jY5PimUhQxwrHouyKbktF3useuElH/3wn
+pDy0hPKbgZmATChOBQIDAQABo1MwUTAdBgNVHQ4EFgQUKj3kW3xSP4/7D9djf8DM
+XdAG0e8wHwYDVR0jBBgwFoAUKj3kW3xSP4/7D9djf8DMXdAG0e8wDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAbNsBp/QUTXNKblQUPsjK97BDHVLs
+pdcHAabLd5Cwveb+0RyqUoMGz+XmtOiCS4bX5uLnNbjiFQK1zMyen6RBmdfZ4+nv
+/Uh5XMQx3oZCCrmXbTEsFjlSgQuQlTGlaJBZXKwN7KmBgqvsNEPRwteDPOLuQ4DP
+4zc/6euJDeHcrqTYEF4sYB5srkkL4A0Kw3ZaukopKMpdEaAzgqeQdQ5AqbKlfiiI
+/XJxomGLQ7LWY9KWYeZZ3RhdN/mEREFYHZ+OkptPcKqjQimIq6JulHVQJar3A3ec
+zaVsyT4UkDDn0nf8N/D9mjbCuO3Pd/8EHgqRzxMvglkCkDElrucrXjECK6SBpmgu
+nCIvEIJxlHqLicBAQxdv6/N+UILZ37Wg1MyoIkzQA1j6lkw8kMLi0OIStZ6COOVA
+6x00SDH7GwkWEWJCGN7v8xOTd4ftN3Srhsai0wMyNtA39Wi3GiAWo8XwtfrtkWwk
+7zmWYZu/Q98WAKSv7V5UYkCCzI1R9L2ZRBYtl94kQyfCzwVAyw7+x+z2mFm9hKIo
+g4Gc2UVOgMdYeghNwst7GUmCOJGo1hAr36UtZgDV4PnM1V41GAFNff+XArdZTpgu
+dEEhFp2ITlM/+9c68EvFMUhoi8M0GBv7IPwOE70f4blkBvTnNLQqe0bRfwB4FUcI
+8X4SIgxrmMAlKIc=
+-----END CERTIFICATE-----

data/spec/fixtures/test_certs/test_self_signed.key

@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI+GmeuhQKe3oCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBMDAiAm75L9BIIJSAuO3VTZO5tn
+F16ZpsL/9CW03G78wIGfiDE3Z4cWGfV/b+0eLUiPEPTWXwsT2dKOK1ih7yWecOLY
+Bb1jE/RJGd6SdAvE7Ur8xyEQhDgVbybcn0hubjQj4koP/k7HwcVVyR4cyXUCKcsr
+105LS4lagX3RI6zQCpK47dKbBj3YpZKN8CZPM03SEnmFh+QMDoXAegP2941hIdvL
+UO+VY5UpCe1VweBaMAXS6xWSk+LCQ/rlvR7vOTFkXqqC9KybkmrwN8hP2DPi218P
+XdQ720tP5gfhYLZtWoEQGrSgoJ7P4we3YyTMtCMmBZLuk5zk/OfwvX7Z+RlxX2rN
+TQxn2DlOc5anEG23r3Opv/ETm4awPgpdYYm7by3MJEY0lnOTZRuze8LcW6NjvyVd
+oi7geDPmVdvs5AQTV4aSBNfd9xvaq5NWiFPTbtnK17FqWSnWYlmrGJLaWvmSSBdZ
+4BLKElaU9v5uOmCCExaTpx4r+RcNZIdfAggCpcThwJuLtS1Kt0VhDvW5vkUbEq7h
+lhObPkUQfCEOgcNgo97ww1E4GxJEth6TN1hP78pcDYg7/Lb4p4DzrBTHH2IFYVmW
+cd195YeJIHOt96LWQuslv1HK24Of4+8luR/aLEfT1pGjyvm+5ShsgklEv21YVLJZ
+a4NKw8VNL5Y0ErlgN5RXd0n4MAdQHfpHSSUmcW3WNkC607OiS5f4DOAwoyWu8Roa
+9RaHpvJcQEtT1g0qCmLPoaqXOXqXJL+/ayEPXtaTv9wfUYgYpQdaB1b88/USneCx
+yUpSnI1Sn4HiZiaNzh+ZpHf0qBDdwPslRXFjtBefoOfJidklTTMQ4kEx4j6Uh2lM
+u2EEq0/kldydIUKhqpNdvOBmsylAzOoeWX/PQrVneRXZwe18aZb4QbEtPdB+Lobf
+oqRSObI98o9B7joXDJ891GnlsiNg+JvKBgUR9hce14EV8wU25/DiuFr6Mm8yUv3f
+UaGf8Cz6H8poj8djBoSF5vrVxu9Ucxkt4thN6J7/OXCnCCOU0vV+FUQqE23FPadh
+VK9MMA3cQKPiv+d4HNJriThLEgj2s+5xxZ2QXMl1gGNmMEHclIOA2BOSqoq8VkKS
+BpLQEZHMyfkRHzB+bclJnkAFLb2Vh/y3SkOgFggJFIRq0kL7g5PYrOwS6qRgHnNZ
+tw+hdTMWBLMwLNgMs1rWkEvTxvT//mDRKFmOV/rlG3xozb6OKB+7O60Tx1N5o3oP
+KH7qD3bzJ8JyIg85oJJHqOvvMlkoFk4qhL0l8N79EQy/+bOKpQeOxhWDuIpd0sCA
+FJjVEBFlYVI25ZO0pjFYvFQKd8IwfA2DpnXX7DRLZmzUvNG7mfkhmzKzqjwAw3GY
+RKfRdYF3OMo6/QcKDE3xl/x7XyepAnFlTEQzHHD6o+uhWEvX0+7McY2YAmPrXUjf
+bC+au6vp6945FoBe1AcqbQb2ZdJqQq9F1bgi0QwWhh/JlQfvRMz3PqcYct/92Wvr
+Fq6P+awwEq0V2XvOU376f5qC2TPOoEyErCHj+m5zUTezP6rmeO6G1txf1qdVfvcS
+yqU5iOyQZnf++ObJCsV3HILu3FyOVKrjplFYF7VzLwcNw/ulUK4d2LaZX99WTTJA
+H18OG3x0Y0OqLyWKkO9Pl5WkCW8v8IvocDwVl3KsZI6m6JE+92t+IDI2p27hiN8+
+PzoOQ51EGY/nmtDevaxAy4HcOxXYQJV3gZrAOOlBe+7KwPw1mhR/BW64y7JZaCsj
+m7CTWbu/tt+xio+PGJ4woj5K5zKDKkP2O46shJRS5/03r3EDrfySgYvfT1M2y9Aw
+tGdFQhF8tMSRUYWVPaj8dBH/cRoFvOSI4ARek/TbbJO0XHYPV+rf76MA8VpE6EFK
+BskLXLsgxti3sm5p/6D6tg6iC7efBkEebtKmjMvLK38Td1h8aVRZ1tVtJj7K/hYw
+Zp2WQaEwpZskgVGXvN+fMN33VUNTYqNS6jTYwPY9OyN1lwoaxw4yAhJolLKp9qJZ
+SF7CdYFbao6pgBj5/pzTwANPeRtm5M2gzrNrLgPHjM5w43R3mC6L2qG47Apw8DnI
+HhyfzWbnS4UNP64yZoeIY7QpykGcOsR3wO5qjg9hH3WFOgWMciOzOKn3LnhcA05I
+C8a4W+xYEcWYfRG7oTBpMKgswWz+++Ho09MuDbkDO3WSwmaKw+dU+ACJc0L6Rov2
+wEe0vE4vNugvUbS15ST9Z3zKZuEnMVDw8u5qFLDRz9tEhF/wgi4O9W4k/Qy6Ib42
+SUJxbLxPRC8w/CnzRa6xHPxzDcfYQbwnNG+hq5PPgn8xyoIjNJatfigo9o3THRbv
+wwDzJEWEzhew9MVYz0Re09KZrCi4BqCNCMwkAM8nOdPu38+MO+0DylqgIY+0u/zt
+HbfKl+cbImCuRWzUZFzb6lo3uEJeUZa0UjrxykYCupzMNJ15ezXYxSsWgH58ah/0
+6uqw0I8XwJM6mWY7BQvhixUXmeOgRBFBaNaLBe/bvvEideoEAXgLWw5ID40PZvh4
+4nRtMSOdEJFt6EGLnNl+WCC/f9B/NXHKx2yTzXam52UEe0SDnDcDca3v4z54U2MY
+v3qozFf8GSM1EFAcEHRDfCLj+/gXgOHK2DFcMc3YwGJUfiSbz2LfGzFG34nezJDA
+TtRFdRlW4ctqUKA4CkGbbZlJ6v9WFAg72BD5OognB035vtpdvfLOiUfUeflskMTt
+Uyci5s5sxw8TWRIpaXwk1pnLcivXC0TSVnzi1HhD6pNsejkBXBeQPxB6qMbWUhQb
+RDzRqbe4z0/IjG6uAXhacXw087iPjPN7+xtZJWwCaQjWGuNn2Fs76CJRrWlt/DF9
+PgaBlpul8EuNyMqZWKaehln0zBvH5Y177BXlrEeTpuUo5/kPWj2jEu51jfe+xIW8
+3RejLknCS39KjOV794ImLw8B1WlCwrfajVnXwgga8fCY6KGz7u3Prqq9irhRfycO
+pAl7Rja/fb/1yBuQHrUU1lgYIXqb262lebMhLlDHntc+J8Vjk++UuP2WjPNeztp2
+H4VF5NxMKJU8gScaN67FUtFYst5cz2aJuDHxbitFHKgoxNFYHVMjY26X/kmZVnUb
+aNCsaa8YbPPUDmHf2rJjIlK+PZLvLlENFbWDxaRC7/ab39Za9DTD9zH4aut6gw3Y
+q/eu/hnuc3qa580zbpgcAg==
+-----END ENCRYPTED PRIVATE KEY-----

data/spec/integration/outputs/index_spec.rb

@@ -46,7 +46,8 @@ describe "TARGET_BULK_BYTES", :integration => true do
 end
 
 describe "indexing" do
-  let(:event) { LogStash::Event.new("message" => "Hello World!", "type" => type) }
+  let(:message) { "Hello from #{__FILE__}" }
+  let(:event) { LogStash::Event.new("message" => message, "type" => type) }
   let(:index) { 10.times.collect { rand(10).to_s }.join("") }
   let(:type) { ESHelper.es_version_satisfies?("< 7") ? "doc" : "_doc" }
   let(:event_count) { 1 + rand(2) }
@@ -55,10 +56,22 @@ describe "indexing" do
   subject { LogStash::Outputs::ElasticSearch.new(config) }
   
   let(:es_url) { "http://#{get_host_port}" }
-  let(:index_url) {"#{es_url}/#{index}"}
-  let(:http_client_options) { {} }
-  let(:http_client) do
-    Manticore::Client.new(http_client_options)
+  let(:index_url) { "#{es_url}/#{index}" }
+
+  let(:curl_opts) { nil }
+
+  def curl_and_get_json_response(url, method: :get); require 'open3'
+    begin
+      stdout, status = Open3.capture2("curl #{curl_opts} -X #{method.to_s.upcase} -k #{url}")
+    rescue Errno::ENOENT
+      fail "curl not available, make sure curl binary is installed and available on $PATH"
+    end
+
+    if status.success?
+      LogStash::Json.load(stdout)
+    else
+      fail "curl failed: #{status}\n  #{stdout}"
+    end
   end
 
   before do
@@ -70,16 +83,16 @@ describe "indexing" do
     it "ships events" do
       subject.multi_receive(events)
 
-      http_client.post("#{es_url}/_refresh").call
+      curl_and_get_json_response "#{es_url}/_refresh", method: :post
 
-      response = http_client.get("#{index_url}/_count?q=*")
-      result = LogStash::Json.load(response.body)
+      result = curl_and_get_json_response "#{index_url}/_count?q=*"
       cur_count = result["count"]
       expect(cur_count).to eq(event_count)
 
-      response = http_client.get("#{index_url}/_search?q=*&size=1000")
-      result = LogStash::Json.load(response.body)
+      result = curl_and_get_json_response "#{index_url}/_search?q=*&size=1000"
       result["hits"]["hits"].each do |doc|
+        expect(doc["_source"]["message"]).to eq(message)
+
         if ESHelper.es_version_satisfies?("< 8")
           expect(doc["_type"]).to eq(type)
         else
@@ -132,7 +145,7 @@ describe "indexing" do
   describe "a secured indexer", :secure_integration => true do
     let(:user) { "simpleuser" }
     let(:password) { "abc123" }
-    let(:cacert) { "spec/fixtures/test_certs/test.crt" }
+    let(:cacert) { "spec/fixtures/test_certs/ca.crt" }
     let(:es_url) {"https://elasticsearch:9200"}
     let(:config) do
       {
@@ -140,42 +153,73 @@ describe "indexing" do
         "user" => user,
         "password" => password,
         "ssl" => true,
-        "cacert" => "spec/fixtures/test_certs/test.crt",
+        "cacert" => cacert,
         "index" => index
       }
     end
-    let(:http_client_options) do
-      {
-        :auth => {
-          :user => user,
-          :password => password
-        }, 
-        :ssl => {
-          :enabled => true,
-          :ca_file => cacert
-        }
-      }
-    end
-    it_behaves_like("an indexer", true)
-    
-    describe "with a password requiring escaping" do
-      let(:user) { "f@ncyuser" }
-      let(:password) { "ab%12#" }
-      
-      include_examples("an indexer", true)
-    end
-    
-    describe "with a user/password requiring escaping in the URL" do
-      let(:config) do
-        {
-          "hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
-          "ssl" => true,
-          "cacert" => "spec/fixtures/test_certs/test.crt",
-          "index" => index
-        }
+
+    let(:curl_opts) { "-u #{user}:#{password}" }
+
+    if ENV['ES_SSL_KEY_INVALID'] == 'true' # test_invalid.crt (configured in ES) has SAN: DNS:localhost
+      # javax.net.ssl.SSLPeerUnverifiedException: Host name 'elasticsearch' does not match the certificate subject ...
+
+      context "when no keystore nor ca cert set and verification is disabled" do
+        let(:config) do
+          super().tap { |config| config.delete('cacert') }.merge('ssl_certificate_verification' => false)
+        end
+
+        include_examples("an indexer", true)
+      end
+
+      context "when keystore is set and verification is disabled" do
+        let(:config) do
+          super().merge(
+              'ssl_certificate_verification' => false,
+              'keystore' => 'spec/fixtures/test_certs/test.p12',
+              'keystore_password' => '1234567890'
+          )
+        end
+
+        include_examples("an indexer", true)
+      end
+
+      context "when keystore has self-signed cert and verification is disabled" do
+        let(:config) do
+          super().tap { |config| config.delete('cacert') }.merge(
+              'ssl_certificate_verification' => false,
+              'keystore' => 'spec/fixtures/test_certs/test_self_signed.p12',
+              'keystore_password' => '1234567890'
+          )
+        end
+
+        include_examples("an indexer", true)
+      end
+
+    else
+
+      it_behaves_like("an indexer", true)
+
+      describe "with a password requiring escaping" do
+        let(:user) { "f@ncyuser" }
+        let(:password) { "ab%12#" }
+
+        include_examples("an indexer", true)
       end
-      
-      include_examples("an indexer", true)
+
+      describe "with a user/password requiring escaping in the URL" do
+        let(:config) do
+          {
+              "hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
+              "ssl" => true,
+              "cacert" => "spec/fixtures/test_certs/test.crt",
+              "index" => index
+          }
+        end
+
+        include_examples("an indexer", true)
+      end
+
     end
+
   end
 end

data/spec/integration/outputs/no_es_on_startup_spec.rb

@@ -12,13 +12,13 @@ describe "elasticsearch is down on startup", :integration => true do
                                            "template_overwrite" => true,
                                            "hosts" => get_host_port(),
                                            "retry_max_interval" => 64,
-                                           "retry_initial_interval" => 2
+                                           "retry_initial_interval" => 2,
+                                           'ecs_compatibility' => 'disabled'
                                        })
   }
 
   before :each do
     # Delete all templates first.
-    require "elasticsearch"
     allow(Stud).to receive(:stoppable_sleep)
 
     # Clean ES of data before we start.
@@ -33,7 +33,9 @@ describe "elasticsearch is down on startup", :integration => true do
   end
 
   it 'should ingest events when Elasticsearch recovers before documents are sent' do
-    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(
+        ::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new StandardError.new("TEST: before docs are sent"), 'http://test.es/'
+    )
     subject.register
     allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_return(ESHelper.es_version)
     subject.multi_receive([event1, event2])
@@ -43,7 +45,9 @@ describe "elasticsearch is down on startup", :integration => true do
   end
 
   it 'should ingest events when Elasticsearch recovers after documents are sent' do
-    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(
+        ::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new StandardError.new("TEST: after docs are sent"), 'http://test.es/'
+    )
     subject.register
     Thread.new do
       sleep 4
@@ -56,11 +60,13 @@ describe "elasticsearch is down on startup", :integration => true do
   end
 
   it 'should get cluster_uuid when Elasticsearch recovers from license check failure' do
-    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).with(instance_of(LogStash::Util::SafeURI)).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).and_raise(
+        ::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new StandardError.new("TEST: docs are sent"), 'http://test.es/_license'
+    )
     subject.register
     Thread.new do
       sleep 4
-      allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).with(instance_of(LogStash::Util::SafeURI)).and_call_original
+      allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_license).and_call_original
     end
     subject.multi_receive([event1, event2])
     @es.indices.refresh

data/spec/unit/outputs/elasticsearch_ssl_spec.rb

@@ -33,7 +33,7 @@ describe "SSL option" do
     
     it "should pass the flag to the ES client" do
       expect(::Manticore::Client).to receive(:new) do |args|
-        expect(args[:ssl]).to eq(:enabled => true, :verify => false)
+        expect(args[:ssl]).to eq(:enabled => true, :verify => :disable)
       end.and_return(manticore_double)
       
       subject.register

metadata

@@ -1,21 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-elasticsearch
 version: !ruby/object:Gem::Version
-  version: 11.4.0
+  version: 11.4.1
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-13 00:00:00.000000000 Z
+date: 2022-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.1
+        version: 0.8.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 1.0.0
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.1
+        version: 0.8.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 1.0.0
@@ -244,10 +244,17 @@ files:
 - spec/fixtures/template-with-policy-es6x.json
 - spec/fixtures/template-with-policy-es7x.json
 - spec/fixtures/template-with-policy-es8x.json
-- spec/fixtures/test_certs/ca/ca.crt
-- spec/fixtures/test_certs/ca/ca.key
+- spec/fixtures/test_certs/ca.crt
+- spec/fixtures/test_certs/ca.key
 - spec/fixtures/test_certs/test.crt
 - spec/fixtures/test_certs/test.key
+- spec/fixtures/test_certs/test.p12
+- spec/fixtures/test_certs/test_invalid.crt
+- spec/fixtures/test_certs/test_invalid.key
+- spec/fixtures/test_certs/test_invalid.p12
+- spec/fixtures/test_certs/test_self_signed.crt
+- spec/fixtures/test_certs/test_self_signed.key
+- spec/fixtures/test_certs/test_self_signed.p12
 - spec/integration/outputs/compressed_indexing_spec.rb
 - spec/integration/outputs/create_spec.rb
 - spec/integration/outputs/data_stream_spec.rb
@@ -319,10 +326,17 @@ test_files:
 - spec/fixtures/template-with-policy-es6x.json
 - spec/fixtures/template-with-policy-es7x.json
 - spec/fixtures/template-with-policy-es8x.json
-- spec/fixtures/test_certs/ca/ca.crt
-- spec/fixtures/test_certs/ca/ca.key
+- spec/fixtures/test_certs/ca.crt
+- spec/fixtures/test_certs/ca.key
 - spec/fixtures/test_certs/test.crt
 - spec/fixtures/test_certs/test.key
+- spec/fixtures/test_certs/test.p12
+- spec/fixtures/test_certs/test_invalid.crt
+- spec/fixtures/test_certs/test_invalid.key
+- spec/fixtures/test_certs/test_invalid.p12
+- spec/fixtures/test_certs/test_self_signed.crt
+- spec/fixtures/test_certs/test_self_signed.key
+- spec/fixtures/test_certs/test_self_signed.p12
 - spec/integration/outputs/compressed_indexing_spec.rb
 - spec/integration/outputs/create_spec.rb
 - spec/integration/outputs/data_stream_spec.rb