Skip to content

Inputs can not read trusted TLS certs from directory #5939

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#5958
Closed
Inputs can not read trusted TLS certs from directory#5939
#5958
Assignees
mpfz0r
Labels
buginputstriaged
@mpfz0r

Description

@mpfz0r
mpfz0r
opened on May 14, 2019

The Input configuration TLS Client Auth Trusted Certs used to support
either a file, or a directory of certificates.

Expected Behavior

Providing a directory should read all the certs within it

Current Behavior

2019-05-14 09:34:15,120 WARN : io.netty.channel.ChannelInitializer - Failed to initialize a channel. Closing: [id: 0x45383efc, L:/172.16.1.1:5044 - R:/172.16.1.2:46930]
java.security.cert.CertificateException: java.io.IOException: Is a directory
	at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:358) ~[?:1.8.0_191]
	at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462) ~[?:1.8.0_191]
	at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java:112) ~[classes/:?]
[...]

Possible Solution

Bring back the code that got dropped in 3.0 with #4397

The former code handled directories:
https://github.com/Graylog2/graylog2-server/blob/2.4/graylog2-server/src/main/java/org/graylog2/plugin/inputs/transports/util/KeyUtil.java#L87

Possible Workaround

cat(1) all the needed certificates into one file (untested)
$ cat *.crt > jumbo.crt

Your Environment

  • Graylog Version: 3.0

Metadata

Assignees

Labels

buginputstriaged

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions