tolerate absense of certificate when enabling ssl

jsvd · jsvd · commit 54ce0563fa43 · 2019-01-02T19:57:19.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 5.0.4
+  - Removed requirement to have a certificate/key pair when enabling ssl
+
 ## 5.0.3
   - Docs: Set the default_codec doc attribute.
 
diff --git a/lib/logstash/outputs/tcp.rb b/lib/logstash/outputs/tcp.rb
@@ -85,8 +85,12 @@ def setup_ssl
     require "openssl"
 
     @ssl_context = OpenSSL::SSL::SSLContext.new
-    @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
-    @ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase)
+    if @ssl_cert
+      @ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
+      if @ssl_key
+        @ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase)
+      end
+    end
     if @ssl_verify
       @cert_store = OpenSSL::X509::Store.new
       # Load the system default certificate path to the store
diff --git a/logstash-output-tcp.gemspec b/logstash-output-tcp.gemspec
@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-output-tcp'
-  s.version         = '5.0.3'
+  s.version         = '5.0.4'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Writes events over a TCP socket"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -26,5 +26,6 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'stud'
 
   s.add_development_dependency 'logstash-devutils'
+  s.add_development_dependency 'flores'
 end
 
diff --git a/spec/outputs/tcp_spec.rb b/spec/outputs/tcp_spec.rb
@@ -1 +1,33 @@
 require "logstash/devutils/rspec/spec_helper"
+require "logstash/outputs/tcp"
+require "flores/pki"
+
+describe LogStash::Outputs::Tcp do
+  subject { described_class.new(config) }
+  let(:config) { {
+    "host" => "localhost",
+    "port" => 2000 + rand(3000),
+  } }
+
+  context "when enabling SSL" do
+    let(:config) { super.merge("ssl_enable" => true) }
+    context "and not providing a certificate/key pair" do
+      it "registers without error" do
+        expect { subject.register }.to_not raise_error
+      end
+    end
+    context "and providing a certificate/key pair" do
+      let(:cert_key_pair) { Flores::PKI.generate }
+      let(:certificate) { cert_key_pair.first }
+      let(:cert_file) do
+        path = Tempfile.new('foo').path
+        IO.write(path, certificate.to_s)
+        path
+      end
+      let(:config) { super.merge("ssl_cert" => true, "ssl_cert" => cert_file) }
+      it "registers without error" do
+        expect { subject.register }.to_not raise_error
+      end
+    end
+  end
+end
