Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugin x509_certs fails when a key is included in local files #6890

Closed
benschweizer opened this issue Jan 10, 2020 · 0 comments · Fixed by #6893
Closed

plugin x509_certs fails when a key is included in local files #6890

benschweizer opened this issue Jan 10, 2020 · 0 comments · Fixed by #6893

Comments

@benschweizer
Copy link
Contributor

Software like haproxy require ssl keys to be in the same pem file like certs and chains.
Though, the plugins fails to handle that case when using local file input.

Relevant telegraf.conf:

[[inputs.x509_cert]]
  # parse a local pem file that includes cert+chain+key
  sources= ["/etc/ssl/private/something.pem"]
~

System info:

Telegraf 1.13.0 (git: HEAD 773e4ca)

Steps to reproduce:

  1. create a pem file that contains a ssl key aside the certs
  2. use local file as source

Expected behavior:

The plugin should just skip over the ssl key and only parse certificates.

Actual behavior:

The plugin aborts as the ssl key is not a valid certificate.

Additional info:

The pem module has an example how to parse this:

	block, rest := pem.Decode(pubPEMData)
	if block == nil || block.Type != "PUBLIC KEY" {
		log.Fatal("failed to decode PEM block containing public key")
	}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

skip all blocks except certificates, closes #6890
1 participant
@benschweizer