RubyGems - logstash-output-tcp - Versions diffs - 6.0.0 → 6.1.0 - Mend

logstash-output-tcp 6.0.0 → 6.1.0

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +11 -0
data/LICENSE +199 -10
data/README.md +1 -1
data/docs/index.asciidoc +15 -0
data/lib/logstash/outputs/tcp.rb +96 -33
data/logstash-output-tcp.gemspec +5 -2
data/spec/fixtures/encrypted/instance.crt +19 -0
data/spec/fixtures/encrypted/instance.key +30 -0
data/spec/fixtures/plaintext/instance.crt +19 -0
data/spec/fixtures/plaintext/instance.key +27 -0
data/spec/outputs/tcp_spec.rb +204 -6
metadata +53 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ded80f3a5c5c29bbdd311093b9c72a829f328cee904156ae5110d3a91b1902e4
-  data.tar.gz: adb70823265a2cdf190608f999860ea47d79482073e09ffc551756ce887aec9a
+  metadata.gz: d30cf25cfbc7e1cc2e72d5e1eb8ab8179d42b31413a549801a012d5e1be7e640
+  data.tar.gz: 53632382865d4bade1e6d56e9872b1b5db690fd9b866cb4d0952dfa8d1156cee
 SHA512:
-  metadata.gz: 257e5b2bbfd74a4df83a615de141bfa5e1dd14d395461d672bb872804f7454b496481307f175e8d4b677fb9b424682a560f3ca7ceee981282a9ce88b36de7cf9
-  data.tar.gz: a94a4e1664272fa51c13c9d73deacfe6a0438adda36f890e2a0d2ef5ae1e0349c9f79fda178ebdc2669cd23def15e904269969bec485e260ccecceb72aced69f
+  metadata.gz: e48f3511c25df04edb79dfd0425c6a84d18808bce5f8d4910cabe024955e6c16f8b856a8ac7fac01cb7721e7628934101e14e7180497a7c6cc1096169290963e
+  data.tar.gz: 94758e5adb6be529f4c70715aa0796d1a15bd8d17e91d35c63fdc1b29eccea58c0f36e4c29b0cf911a3691fade34c895922ca9b0384cd3df405f723a97ff642f

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,14 @@
+## 6.1.0
+  - Feat: ssl_supported_protocols (TLSv1.3) [#47](https://github.com/logstash-plugins/logstash-output-tcp/pull/47)
+  - Fix: close server and client sockets on plugin close
+## 6.0.2
+  - Fix: unable to start with password protected key [#45](https://github.com/logstash-plugins/logstash-output-tcp/pull/45)
+## 6.0.1
+  - Fixed logging fail retry to stdout [#43](https://github.com/logstash-plugins/logstash-output-tcp/pull/43)
+  - Fixed to use `reconnect_interval` when establish a connection
 ## 6.0.0
   - Removed obsolete field `message_format`

data/LICENSE CHANGED Viewed

@@ -1,13 +1,202 @@
-Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
-    http://www.apache.org/licenses/LICENSE-2.0
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+   1. Definitions.
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+   END OF TERMS AND CONDITIONS
+   APPENDIX: How to apply the Apache License to your work.
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+   Copyright 2020 Elastic and contributors
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Logstash Plugin
-[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-output-tcp.svg)](https://travis-ci.org/logstash-plugins/logstash-output-tcp)
+[![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-output-tcp.svg)](https://travis-ci.com/logstash-plugins/logstash-output-tcp)
 This is a plugin for [Logstash](https://github.com/elastic/logstash).

data/docs/index.asciidoc CHANGED Viewed

@@ -45,6 +45,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_enable>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
+| <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_verify>> |<<boolean,boolean>>|No
 |=======================================================================
@@ -130,6 +131,20 @@ SSL key path
 SSL key passphrase
+[id="plugins-{type}s-{plugin}-ssl_supported_protocols"]
+===== `ssl_supported_protocols`
+  * Value type is <<string,string>>
+  * Allowed values are: `'TLSv1.1'`, `'TLSv1.2'`, `'TLSv1.3'`
+  * Default depends on the JDK being used. With up-to-date Logstash, the default is `['TLSv1.2', 'TLSv1.3']`.
+    `'TLSv1.1'` is not considered secure and is only provided for legacy applications.
+List of allowed SSL/TLS versions to use when establishing a secure connection.
+NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash,
+the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
+the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
 [id="plugins-{type}s-{plugin}-ssl_verify"]
 ===== `ssl_verify`

data/lib/logstash/outputs/tcp.rb CHANGED Viewed

@@ -51,42 +51,50 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
   # SSL key passphrase
   config :ssl_key_passphrase, :validate => :password, :default => nil
+  # NOTE: the default setting [] uses SSL engine defaults
+  config :ssl_supported_protocols, :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :default => [], :list => true
   class Client
-    public
     def initialize(socket, logger)
       @socket = socket
       @logger = logger
       @queue  = Queue.new
     end
-    public
     def run
       loop do
         begin
           @socket.write(@queue.pop)
         rescue => e
-          @logger.warn("tcp output exception", :socket => @socket,
-                       :exception => e)
+          log_warn 'socket write failed:', e, socket: (@socket ? @socket.to_s : nil)
           break
         end
       end
     end # def run
-    public
     def write(msg)
       @queue.push(msg)
     end # def write
+    def close
+      @socket.close
+    rescue => e
+      log_warn 'socket close failed:', e, socket: (@socket ? @socket.to_s : nil)
+    end
   end # class Client
-  private
   def setup_ssl
     require "openssl"
-    @ssl_context = OpenSSL::SSL::SSLContext.new
+    @ssl_context = new_ssl_context
     if @ssl_cert
       @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
       if @ssl_key
-        @ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase)
+        # if we have an encrypted key and a password is not provided (nil) than OpenSSL::PKey::RSA
+        # prompts the user to enter a password interactively - we do not want to do that,
+        # for plain-text keys the default '' password argument gets simply ignored
+        @ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key), @ssl_key_passphrase.value || '')
       end
     end
     if @ssl_verify
@@ -101,50 +109,74 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
       @ssl_context.cert_store = @cert_store
       @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
     end
-  end # def setup_ssl
-  public
+    @ssl_context.min_version = :TLS1_1 # not strictly required - JVM should have disabled TLSv1
+    if ssl_supported_protocols.any?
+      disabled_protocols = ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'] - ssl_supported_protocols
+      unless OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3 # work-around JRuby-OpenSSL bug - missing constant
+        @ssl_context.max_version = :TLS1_2 if disabled_protocols.delete('TLSv1.3')
+      end
+      # mapping 'TLSv1.2' -> OpenSSL::SSL::OP_NO_TLSv1_2
+      disabled_protocols.map! { |v| OpenSSL::SSL.const_get "OP_NO_#{v.sub('.', '_')}" }
+      @ssl_context.options = disabled_protocols.reduce(@ssl_context.options, :|)
+    end
+    @ssl_context
+  end
+  private :setup_ssl
+  # @note to be able to hook up into #ssl_context from tests
+  def new_ssl_context
+    OpenSSL::SSL::SSLContext.new
+  end
+  private :new_ssl_context
+  # @overload Base#register
   def register
     require "socket"
     require "stud/try"
-    if @ssl_enable
-      setup_ssl
-    end # @ssl_enable
+    @closed = Concurrent::AtomicBoolean.new(false)
+    setup_ssl if @ssl_enable
     if server?
       @logger.info("Starting tcp output listener", :address => "#{@host}:#{@port}")
       begin
         @server_socket = TCPServer.new(@host, @port)
       rescue Errno::EADDRINUSE
-        @logger.error("Could not start TCP server: Address in use",
-                      :host => @host, :port => @port)
+        @logger.error("Could not start tcp server: Address in use", host: @host, port: @port)
         raise
       end
       if @ssl_enable
         @server_socket = OpenSSL::SSL::SSLServer.new(@server_socket, @ssl_context)
       end # @ssl_enable
-      @client_threads = []
+      @client_threads = Concurrent::Array.new
       @accept_thread = Thread.new(@server_socket) do |server_socket|
+        LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|server_accept")
         loop do
-          Thread.start(server_socket.accept) do |client_socket|
+          break if @closed.value
+          client_socket = server_socket.accept_nonblock exception: false
+          if client_socket == :wait_readable
+            IO.select [ server_socket ]
+            next
+          end
+          Thread.start(client_socket) do |client_socket|
             # monkeypatch a 'peer' method onto the socket.
             client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
-            @logger.debug("Accepted connection", :client => client_socket.peer,
-                          :server => "#{@host}:#{@port}")
+            @logger.debug("accepted connection", client: client_socket.peer, server: "#{@host}:#{@port}")
             client = Client.new(client_socket, @logger)
             Thread.current[:client] = client
+            LogStash::Util.set_thread_name("[#{pipeline_id}]|output|tcp|client_socket-#{@client_threads.size}")
             @client_threads << Thread.current
-            client.run
+            client.run unless @closed.value
           end
         end
       end
       @codec.on_event do |event, payload|
+        @client_threads.select!(&:alive?)
         @client_threads.each do |client_thread|
           client_thread[:client].write(payload)
         end
-        @client_threads.reject! {|t| !t.alive? }
       end
     else
       client_socket = nil
@@ -160,8 +192,7 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
           # Now send the payload
           client_socket.syswrite(payload) if w.any?
         rescue => e
-          @logger.warn("tcp output exception", :host => @host, :port => @port,
-                       :exception => e, :backtrace => e.backtrace)
+          log_warn "client socket failed:", e, host: @host, port: @port, socket: (client_socket ? client_socket.to_s : nil)
           client_socket.close rescue nil
           client_socket = nil
           sleep @reconnect_interval
@@ -169,37 +200,69 @@ class LogStash::Outputs::Tcp < LogStash::Outputs::Base
         end
       end
     end
-  end # def register
+  end
+  # @overload Base#receive
+  def receive(event)
+    @codec.encode(event)
+  end
+  # @overload Base#close
+  def close
+    @closed.make_true
+    @server_socket.close rescue nil if @server_socket
+    return unless @client_threads
+    @client_threads.each do |thread|
+      client = thread[:client]
+      client.close rescue nil if client
+    end
+  end
   private
   def connect
-    Stud::try do
+    begin
       client_socket = TCPSocket.new(@host, @port)
       if @ssl_enable
         client_socket = OpenSSL::SSL::SSLSocket.new(client_socket, @ssl_context)
         begin
           client_socket.connect
         rescue OpenSSL::SSL::SSLError => ssle
-          @logger.error("SSL Error", :exception => ssle,
-                        :backtrace => ssle.backtrace)
+          log_error 'connect ssl failure:', ssle, backtrace: false
           # NOTE(mrichar1): Hack to prevent hammering peer
           sleep(5)
           raise
         end
       end
       client_socket.instance_eval { class << self; include ::LogStash::Util::SocketPeer end }
-      @logger.debug("Opened connection", :client => "#{client_socket.peer}")
+      @logger.debug("opened connection", :client => client_socket.peer)
       return client_socket
+    rescue => e
+      log_error 'failed to connect:', e
+      sleep @reconnect_interval
+      retry
     end
   end # def connect
-  private
   def server?
     @mode == "server"
   end # def server?
-  public
-  def receive(event)
-    @codec.encode(event)
-  end # def receive
+  def pipeline_id
+    execution_context.pipeline_id || 'main'
+  end
+  def log_warn(msg, e, backtrace: @logger.debug?, **details)
+    details = details.merge message: e.message, exception: e.class
+    details[:backtrace] = e.backtrace if backtrace
+    @logger.warn(msg, details)
+  end
+  def log_error(msg, e, backtrace: @logger.info?, **details)
+    details = details.merge message: e.message, exception: e.class
+    details[:backtrace] = e.backtrace if backtrace
+    @logger.error(msg, details)
+  end
 end # class LogStash::Outputs::Tcp

data/logstash-output-tcp.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-output-tcp'
-  s.version         = '6.0.0'
+  s.version         = '6.1.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Writes events over a TCP socket"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -21,11 +21,14 @@ Gem::Specification.new do |s|
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'logstash-core', '>= 8.1.0'
   s.add_runtime_dependency 'logstash-codec-json'
   s.add_runtime_dependency 'stud'
+  s.add_runtime_dependency 'jruby-openssl', '>= 0.12.2' # 0.12 supports TLSv1.3
   s.add_development_dependency 'logstash-devutils'
+  s.add_development_dependency 'logstash-codec-plain'
   s.add_development_dependency 'flores'
 end

data/spec/fixtures/encrypted/instance.crt ADDED Viewed

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAgqgAwIBAgIUTCjyocBgCYSWU/GYI58F0IBXLHswDQYJKoZIhvcNAQEL
+BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
+cmF0ZWQgQ0EwHhcNMjIwMzIxMDc1NTU2WhcNMjUwMzIwMDc1NTU2WjATMREwDwYD
+VQQDEwhpbnN0YW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJKT
+f0FF/R9WBC7lwN0IJdOn+jPJJ+4M3LY/sfFuTaAUgPSaiRLLzCjox1p1Xy9z+xyk
+C2Dkhb4FdOZBNqS/w0Z7lkrha8VZg2UKW4+i1lq4ANPl9sP9YCbh1R+SRdpHnZX7
+APG798+0+NC4GmEeOIFfWsEE4MiFXAPunhAlAbxMl6e5htX4cgYWMbH67Ur1/uQB
+26Y6PBahKP7dbxaL/ugPE6MDmmA+cNRWMa21Ay2h94IesRXwNRFn1gQ1SqKU0hBJ
+KX7u0IoYyS6nbDlF6E+npLLWzDMCHsykrnadWV5kDSNv1t7Wvk0noNStrryOXgtc
+7iCCOX1oqsP/yDNl9OECAwEAAaNNMEswHQYDVR0OBBYEFBtzuCJPEhHW3ZD1bReq
+S6K3P09OMB8GA1UdIwQYMBaAFJcC1Mw29qzRV0dPCCc6GyB8LXx3MAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggEBAHvXsfMgY+PTBCnW3A6QCGZ3jTSRqqXRFYB8
+b/unfhD4iUFlgO4a/UCL2MTsFYXkzvlzwQyH6ll9/rTslBvJLiqi3+IZMfGNoaNI
+LhTLy0NF9scPju7Q6MxcPAceI4gmxKyBWJxm4XYJ1VwmPKJNzKqFEwfPWMakxUaT
+wiuhVodqZweWi7S2keYiduBLEbqWBJPKAnb8e3PIILBqL0nfhmVw0NSAD19d9oLR
+89AaY8zQ4YL4Txs4FSrK0VQl3L6NAtAaq9JvXqzXD/E0EO1YL8ykM3Zash/GG9iN
+B9Momegqn8/q7pfoWdkE2oL9KUKispUT9Fq3mY6KHZL1T4SbxL8=
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted/instance.key ADDED Viewed

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,635374A0A566A0189BE4366E77881457
+LbCmLGC8BAWKYUt+fYIIxUC5rh3D7CFN8LXjjGIYMVRs2seMqhCNJjtdLQ6poin5
+H6W/c5+VXzzsgczFgZnQecoqWgqg4FoTZSacVVx/waekkdua9zjPReastV+7AcBG
+MJJi8lYEIv+qacqxEzDJSis7XO0YXp2OBqUtfcaT5PunJ1bj5SQnqf7k1hb193bZ
+C03MhZ6HdblY6IKvslqV5VWU38gPN0F6JN5/7vLgZyExYjTA1wkzdJXCzKAEwlfU
+vF5/AKDGFpQAYMTnPwszpeUj+wyuAwaxt8uNkVFrfVIf+eaPqX1OStEAIiRNZerl
+dTsKxLdYBBJz6G9wZLz+bWNpFsvS9gG1LlvMsycnwrfmwWTidmS8nDdLVfja2/XH
+LXvwSnI+NHtnQ/R+duMZpJrqQljBZAZsyzW8Eyjaqi1ybwi50J/pwsX/J0jVQly/
+Gr8A/SDfr1qJ82SQUfi0ZGoKVXaSJ31pPKBy9LpDGFZS7rFJsL/Aysd2lhyF/Tj1
+kG60MAxFjfoRsNhBWj7pm/13hVlidwNrmhbzrnsFPuWDVWFYq71oljJ+YLlbljLB
+L6rnQXr2iy+y3W03lryAsxtCrcJ6Sa+9EUNp55loGhK3EXCXnhNr3B1SfxGCXbAv
+GI2h1RRbn/Pnht17pkiXsajE8vESWLqzZj6gtmYmMHQ+GY5l8SHTTMhV2DpYZFfE
+nnUxyPOlXnm2uegQRf/ee8kKeUQZl9Bs2ZyniE0uzRGZqhQLlJCwYhOmEYFsv5kk
+vD1Go4N2NqbMOipCFHbnm3IvG1rOBYtqHzHLwycsJw+2f1Dyu5T9GlEcJL7GeCWO
+muY4Gjx7p84N1wwJ/IN4BRjkMD0qAXbKg9cnh/nDSaFgMez6jiaR+lJGV/srfpwB
+6bDOpRN/RarjRcQGVEfkP/UqJVWU8ZwnNqar5202WGSXI9HUYTQapVCh2NvBdYOS
+VV+Ah2qE48s3qI95h80Ix0G7Or7ALJbSn6d190frUnXOUOye4+4MB3w+G0kGTQq8
+w+pjqrSAGLA3yobrPki374X3ZMdYbdggDHn3pl/NvQVHZ4FRmYXyUVZfckV/7w0C
+t1wBqh83ZM3XusivAy0/g6/124Xe2jkl6B0aNlAtxj3VTMBJNjLRIpoX5hR6TZq8
+cHRvWaIOif8oOn6Q6PIGtpsAjejZ0jUPuvPHUwuYSYFUk/WH09k8tXD/ZZnoKZWV
+xqrx3cBCKjoBu9HnPsPoQ6sedaM/L/i3osW7GBSMt2GApOqDoKQ70Ya6TSmbnDYv
+roYy/R5vDqzTGK0gUyLNNCNhpuzEXjjaCwXegJ/GYl3mwcB8o5y1insyqfc0JPy1
+oF0tYxw62Ovx9Udg9Ib94q0BQDhi5L55QZYKQAAz4+CW71aG30ETw32EtnUMnB4f
+2cswibLj7JhER/4pjOoKHF47wLJtlWlaceFvGWzno8uSY74qaRQHslwNHwx61I2q
+rhsbD1wsvyEkxlIdSIlyUf8yj5LXWNMoixFppqh4VY4OAINxkNBEaJRzU6aMKn1n
+Btvg2OePOvebCvJRvWousIgB2brZ5ioU336Tjb0uDeHIPF51+o78wtaS+jK084Bu
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/plaintext/instance.crt ADDED Viewed

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAgqgAwIBAgIURM555Ac4/c8UOP5fB12+1bo+b7owDQYJKoZIhvcNAQEL
+BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
+cmF0ZWQgQ0EwHhcNMjIwMzIxMDc1NTA4WhcNMjUwMzIwMDc1NTA4WjATMREwDwYD
+VQQDEwhpbnN0YW5jZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI0s
+sYPGWeca0YMIVATxnEA/+WFL/eWWcbaX5JeaJA+g6WxMs2B6FEMfaSxauGrHZJWt
+YNP1s0pptzJEPAZyx3Tkv8oNtSai3rpOocY3ebE/SWXlQd7xHWvy+w5ls1LRHINU
+pEnMZhjdHqXFjIipmsAXihzU/BrHkWGfddco88YuaMgtWbLIqQr/oHyd2F6KgQby
+HPSD35hCYvLQiHEY7vIntA6A9mYSdbZg0ZvI+QGEvZmhYXZjKOy7Vfg8p1zmfbIn
+XdddCOkBp5gXDu8aRxigaQAi3Y+ESnVPxDr62+VEzCdmd/PCW8blHfvE9bTgqjYm
+gH01PAoqQewkuxclufECAwEAAaNNMEswHQYDVR0OBBYEFNIW9layQi7V2kbYjwIu
+NWT0QXOdMB8GA1UdIwQYMBaAFEyJvLXizLXiGu8sBnIcIS001ArxMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggEBAAOnGIKiJxEc684Y6w1WpRftiD8VnkzE+A8n
+uVXJibZzEKqxMWZ83A4lTugG+vKpOj1+8hcYUdXhIo2Qt92ArIOr2S7awdkMeoRq
+eIKPElC9/8mm3572kdlqBuiT12bA2oD4zrI2hS0HV21DMLAxoorzLqn0TjMnnpm3
+J1KLJzzMSRtiUtwiLXG4tx2ThXfTwcJmsRMQqZW/mFajEVs0jafUAeBH7hZoZX8o
+7e0O3TCQ5JWW3/xeGK/JnAZ1IyA6jQU/J5LbGgPVu0FBGmVn3PhtwYASrdXWzK4s
+ncofcBHflmi8dkiKHVWNnOTdZdzkApYo59/eq4iDESR8YNgOCKA=
+-----END CERTIFICATE-----

data/spec/fixtures/plaintext/instance.key ADDED Viewed

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAjSyxg8ZZ5xrRgwhUBPGcQD/5YUv95ZZxtpfkl5okD6DpbEyz
+YHoUQx9pLFq4asdkla1g0/WzSmm3MkQ8BnLHdOS/yg21JqLeuk6hxjd5sT9JZeVB
+3vEda/L7DmWzUtEcg1SkScxmGN0epcWMiKmawBeKHNT8GseRYZ911yjzxi5oyC1Z
+ssipCv+gfJ3YXoqBBvIc9IPfmEJi8tCIcRju8ie0DoD2ZhJ1tmDRm8j5AYS9maFh
+dmMo7LtV+DynXOZ9sidd110I6QGnmBcO7xpHGKBpACLdj4RKdU/EOvrb5UTMJ2Z3
+88JbxuUd+8T1tOCqNiaAfTU8CipB7CS7FyW58QIDAQABAoIBAD10dD4J7X72JLgm
+uvR//OXXM4cQXpFAAXZb/s2j8wi+on5bkUZxPjrOBKmjQF5zOC0UEW+TqJ2/EVmX
+bI3eD0eqgHbDqtUL12tA6Zlw8s+e3iO2Pgt/6K/iUTm+OebWUtQ012Osz9EJCNte
++MNRGaV/WccdTDWYJIhbsx+bmyrsxxW49rwvgxI26tpJYp0QEmwEiDqfc8kRFWgy
+xVSt8Rjwk418YdsYUIGrO6RsGkwsCOTJWUJpBOzLBKwj4do5l5fC2g1/MSlj7Odj
+0HH/riBmzBj/YcyMlkhfGU0Zj/OlDnz8FP5HhfpYsGxvrjOYJ49Cl4cu8r47wnFP
+nx4RMmUCgYEA4U9hOtp8oJ+Ztio/1I6bAb/hKLJ3LNeV46697/lTy6tSVmYJ1DGJ
+YU3P5wmOpjZC2xs22VyX/vgC1v5RT0Jg8CGgXukmMV1gQQch6gAQci9+ZJ4LRz9U
+++dXyKuUbqncx9ezFwddBr+jQuu6Wn2AHljEp7wZGaijxD2lsp4B8vcCgYEAoGd8
+w+hre2pGy5PKJPSoPp+9tNVJasXe3DM6ZYEZkd+96gStA+8UlSYe9hP+Taik7oUJ
+SYzELfyU8s+9XWozaa1T5PeyY8jIbEnUHWy8Uag4dHY7ooR+7b3iAD4RLfx3o2GP
+vJwP3i2FwklDbbyugVXZBfkSf2NJ4QidYIWzGFcCgYAD4MHjqW8LtLOIlyGSHwI7
+/Xl6ode7RdqmmJNcVgZDMyevpQH2TQP4UMaLS3bRFY4BB27iPt2+3bXuzWHI43OX
+rnx8JbcqkljdxamnxWiDDp42TSIUj9p+m3S/V3Suku3h4qyKcO4A97tvo28Jr69M
+1mpMGMi10FlBP25irKWL8QKBgQCZqKlnjrWwA24QROJnpoupeiMkIRH0m9rS/Kwb
+YqHZEQoALTyEwTnpaxxLxXlecYiWCZGNCLFCEG2rcQBJhZv8xxLQC8yzNDtzKQJu
+saRxYQG75ytXky94lebzLoIMmIcPVz13g9TblKZHKSHT9OUCdvewdhqXN8klLrh8
+J3gafwKBgQDcn/8lzfmbsKO/V9fzEbqUQJOJkwyf2adLFD+KlHM3+VAghnj70j05
+1XDkQ3LOgKrqPdC/HIGjjlkTn6vaieXltHguMg99nPpzj+LXrtN22ru2eTjjUNsD
++uB9N4kgUAR00xu60xkkOSK1TcudeL5uwejO2ul0tkDu1YGDvhXymA==
+-----END RSA PRIVATE KEY-----

data/spec/outputs/tcp_spec.rb CHANGED Viewed

@@ -4,18 +4,118 @@ require "flores/pki"
 describe LogStash::Outputs::Tcp do
   subject { described_class.new(config) }
-  let(:config) { {
-    "host" => "localhost",
-    "port" => 2000 + rand(3000),
-  } }
+  let(:port) do
+    begin
+      # Start high to better avoid common services
+      port = rand(10000..65535)
+      s = TCPServer.new("127.0.0.1", port)
+      s.close
+      port
+    rescue Errno::EADDRINUSE
+      retry
+    end
+  end
+  let(:server) { TCPServer.new("127.0.0.1", port) }
+  let(:config) { { "host" => "localhost", "port" => port } }
+  let(:event) { LogStash::Event.new('message' => 'foo bar') }
+  context 'failing to connect' do
+    before { subject.register }
+    let(:config) { super().merge 'port' => 1000 }
+    it 'fails to connect' do
+      expect( subject ).to receive(:log_error).and_call_original
+      Thread.start { subject.receive(event) }
+      sleep 1.0
+    end
+  end
+  context 'server mode' do
+    before { subject.register }
+    let(:config) { super().merge 'mode' => 'server' }
+    let(:client) do
+      Stud::try(3.times) { TCPSocket.new("127.0.0.1", port) }
+    end
+    after { subject.close }
+    it 'receives serialized data' do; require 'json'
+      client # connect
+      Thread.start { sleep 0.5; subject.receive event }
+      read = client.recv(1000)
+      expect( read.size ).to be > 0
+      expect( JSON.parse(read)['message'] ).to eql 'foo bar'
+    end
+  end
+  context "with forced protocol" do
+    let(:config) do
+      super().merge 'ssl_supported_protocols' => [ 'TLSv1.1' ]
+    end
+    it "limits protocol selection" do
+      if OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3
+        ssl_context = subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_3).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      else
+        ssl_context = OpenSSL::SSL::SSLContext.new
+        allow(subject).to receive(:new_ssl_context).and_return(ssl_context)
+        expect(ssl_context).to receive(:max_version=).with(:'TLS1_2').and_call_original
+        ssl_context = subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to_not eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      end
+    end
+  end
+  context "with protocol range" do
+    let(:config) do
+      super().merge 'ssl_supported_protocols' => [ 'TLSv1.3', 'TLSv1.1', 'TLSv1.2' ]
+    end
+    it "does not limit protocol selection (except min_version)" do
+      ssl_context = OpenSSL::SSL::SSLContext.new
+      allow(subject).to receive(:new_ssl_context).and_return(ssl_context)
+      expect(ssl_context).to receive(:min_version=).with(:'TLS1_1').at_least(1).and_call_original
+      if OpenSSL::SSL.const_defined? :OP_NO_TLSv1_3
+        subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_3).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      else
+        subject.send :setup_ssl
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_2).to eql 0
+        expect(ssl_context.options & OpenSSL::SSL::OP_NO_TLSv1_1).to eql 0
+      end
+      subject.send :setup_ssl
+    end
+  end
   context "when enabling SSL" do
-    let(:config) { super.merge("ssl_enable" => true) }
+    let(:config) { super().merge("ssl_enable" => true, 'codec' => 'plain') }
     context "and not providing a certificate/key pair" do
       it "registers without error" do
         expect { subject.register }.to_not raise_error
       end
     end
     context "and providing a certificate/key pair" do
       let(:cert_key_pair) { Flores::PKI.generate }
       let(:certificate) { cert_key_pair.first }
@@ -24,10 +124,108 @@ describe LogStash::Outputs::Tcp do
         IO.write(path, certificate.to_s)
         path
       end
-      let(:config) { super.merge("ssl_cert" => true, "ssl_cert" => cert_file) }
+      let(:config) { super().merge("ssl_cert" => cert_file) }
       it "registers without error" do
         expect { subject.register }.to_not raise_error
       end
     end
+    FIXTURES_PATH = File.expand_path('../fixtures', File.dirname(__FILE__))
+    context "ES generated plain-text certificate/key" do
+      let(:key_file) { File.join(FIXTURES_PATH, 'plaintext/instance.key') }
+      let(:crt_file) { File.join(FIXTURES_PATH, 'plaintext/instance.crt') }
+      let(:config) { super().merge("ssl_cert" => crt_file, "ssl_key" => key_file) }
+      it "registers without error" do
+        expect { subject.register }.to_not raise_error
+      end
+      context 'with password set' do
+        let(:config) { super().merge("ssl_key_passphrase" => 'ignored') }
+        it "registers without error" do # password simply ignored
+          expect { subject.register }.to_not raise_error
+        end
+      end
+      let(:secure_server) do
+        ssl_context = OpenSSL::SSL::SSLContext.new
+        ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(crt_file))
+        ssl_context.key = OpenSSL::PKey::RSA.new(File.read(key_file), nil)
+        ssl_context.ssl_version = server_ssl_version if server_ssl_version
+        ssl_context.min_version = server_min_version if server_min_version
+        ssl_context.max_version = server_max_version if server_max_version
+        OpenSSL::SSL::SSLServer.new(server, ssl_context)
+      end
+      let(:server_min_version) { nil }
+      let(:server_max_version) { nil }
+      let(:server_ssl_version) { nil }
+      context 'with supported protocol' do
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.2']) }
+        let(:server_min_version) { 'TLS1_2' }
+        before { subject.register }
+        after { secure_server.close }
+        it 'reads plain data' do
+          Thread.start { sleep 0.25; subject.receive event }
+          socket = secure_server.accept
+          read = socket.sysread(100)
+          expect( read.size ).to be > 0
+          expect( read ).to end_with 'foo bar'
+        end
+      end
+      context 'with unsupported protocol (on server)' do
+        let(:config) { super().merge("ssl_supported_protocols" => ['TLSv1.1']) }
+        let(:server_min_version) { 'TLS1_2' }
+        before { subject.register }
+        after { secure_server.close }
+        it 'fails (and loops retrying)' do
+          expect(subject.logger).to receive(:error).with(/connect ssl failure/i, hash_including(message: /No appropriate protocol/i)).and_call_original
+          expect(subject.logger).to receive(:error).with(/failed to connect/i, hash_including(exception: OpenSSL::SSL::SSLError)).and_call_original
+          expect(subject).to receive(:sleep).once.and_call_original
+          expect(subject).to receive(:sleep).once.and_throw :TEST_DONE # to be able to abort the retry loop
+          Thread.start { secure_server.accept rescue nil }
+          expect { subject.receive event }.to throw_symbol(:TEST_DONE)
+        end
+      end if LOGSTASH_VERSION > '7.0'
+    end
+    context "encrypted key using PKCS#1" do
+      let(:key_file) { File.join(FIXTURES_PATH, 'encrypted/instance.key') }
+      let(:crt_file) { File.join(FIXTURES_PATH, 'encrypted/instance.crt') }
+      let(:config) { super().merge("ssl_cert" => crt_file, "ssl_key" => key_file) }
+      it "registers with error (due missing password)" do
+        expect { subject.register }.to raise_error(OpenSSL::PKey::RSAError) # TODO need a better error
+      end
+      context 'with valid password' do
+        let(:config) { super().merge("ssl_key_passphrase" => '1234567890') }
+        it "registers without error" do
+          expect { subject.register }.to_not raise_error
+        end
+      end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-tcp
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.1.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-11 00:00:00.000000000 Z
+date: 2022-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -30,6 +30,20 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0
+  name: logstash-core
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -58,6 +72,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.2
+  name: jruby-openssl
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.2
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -72,6 +100,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-codec-plain
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -103,6 +145,10 @@ files:
 - docs/index.asciidoc
 - lib/logstash/outputs/tcp.rb
 - logstash-output-tcp.gemspec
+- spec/fixtures/encrypted/instance.crt
+- spec/fixtures/encrypted/instance.key
+- spec/fixtures/plaintext/instance.crt
+- spec/fixtures/plaintext/instance.key
 - spec/outputs/tcp_spec.rb
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
@@ -125,10 +171,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Writes events over a TCP socket
 test_files:
+- spec/fixtures/encrypted/instance.crt
+- spec/fixtures/encrypted/instance.key
+- spec/fixtures/plaintext/instance.crt
+- spec/fixtures/plaintext/instance.key
 - spec/outputs/tcp_spec.rb