lib/fluent/plugin/output_node.rb in fluent-plugin-secure-forward-0.3.0 vs lib/fluent/plugin/output_node.rb in fluent-plugin-secure-forward-0.3.1
- old
+ new
@@ -250,9 +250,17 @@
context.ciphers = "ALL:!aNULL:!eNULL:!SSLv2" # OpenSSL >1.0.0 default
end
log.trace "set verify_mode VERIFY_PEER"
context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ if @sender.enable_strict_verification
+ context.ca_store = OpenSSL::X509::Store.new
+ begin
+ context.ca_store.set_default_paths
+ rescue OpenSSL::X509::StoreError => e
+ log.warn "faild to load system default certificates", error: e
+ end
+ end
if @sender.ca_cert_path
log.trace "set to use private CA", path: @sender.ca_cert_path
context.ca_file = @sender.ca_cert_path
end
end