Skip to content

Commit

Permalink
Fix segfault in x509_cert
Browse files Browse the repository at this point in the history
- When no tls params are in config, tlsCfg will be nil
- fix setting hostname in tlsCfg it will contain the port number and never correctly match server certs
- Add a test that shows that it now works
- Fix readme as port number is required in soruces
  • Loading branch information
mcfedr committed Oct 17, 2018
1 parent 106f5b5 commit 0c69c96
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 2 deletions.
2 changes: 1 addition & 1 deletion plugins/inputs/x509_cert/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ file or network connection.
# Reads metrics from a SSL certificate
[[inputs.x509_cert]]
## List certificate sources
sources = ["/etc/ssl/certs/ssl-cert-snakeoil.pem", "https://example.org"]
sources = ["/etc/ssl/certs/ssl-cert-snakeoil.pem", "https://example.org:443"]

## Timeout for SSL connection
# timeout = "5s"
Expand Down
5 changes: 5 additions & 0 deletions plugins/inputs/x509_cert/dev/telegraf.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[[inputs.x509_cert]]
sources = ["https://www.influxdata.com:443"]

[[outputs.file]]
files = ["stdout"]
5 changes: 4 additions & 1 deletion plugins/inputs/x509_cert/x509_cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,10 @@ func (c *X509Cert) getCert(location string, timeout time.Duration) ([]*x509.Cert
}
defer ipConn.Close()

tlsCfg.ServerName = u.Host
if tlsCfg == nil {
tlsCfg = &tls.Config{}
}
tlsCfg.ServerName = u.Hostname()
conn := tls.Client(ipConn, tlsCfg)
defer conn.Close()

Expand Down
18 changes: 18 additions & 0 deletions plugins/inputs/x509_cert/x509_cert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import (
"crypto/tls"
"encoding/base64"
"fmt"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"io/ioutil"
"os"
"testing"
Expand Down Expand Up @@ -203,3 +205,19 @@ func TestStrings(t *testing.T) {
})
}
}

func TestGatherCert(t *testing.T) {
if testing.Short() {
t.Skip("Skipping integration test in short mode")
}

m := &X509Cert{
Sources: []string{"https://www.influxdata.com:443"},
}

var acc testutil.Accumulator
err := m.Gather(&acc)
require.NoError(t, err)

assert.True(t, acc.HasMeasurement("x509_cert"))
}

0 comments on commit 0c69c96

Please sign in to comment.