From 918d57b57eddc71049079ef30345cad2e8c921d6 Mon Sep 17 00:00:00 2001 From: joe miller Date: Thu, 8 Jun 2023 21:12:44 +0000 Subject: [PATCH 1/3] fix(vector sink): cert verification with proxy enabled fixes https://github.com/vectordotdev/vector/issues/17629 --- src/sinks/vector/config.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/sinks/vector/config.rs b/src/sinks/vector/config.rs index 7c2ebfea410c9..65b20b904cd8a 100644 --- a/src/sinks/vector/config.rs +++ b/src/sinks/vector/config.rs @@ -224,6 +224,9 @@ fn new_client( }); let mut proxy = ProxyConnector::new(https).unwrap(); + // Make proxy connector aware of user TLS settings by setting the TLS connector: + let proxy_tls = tls_connector_builder(tls_settings)?.build(); + proxy.set_tls(Some(proxy_tls)); proxy_config.configure(&mut proxy)?; Ok(hyper::Client::builder().http2_only(true).build(proxy)) From bf16c3bc47e37376b7469ac89998bcaca12a4008 Mon Sep 17 00:00:00 2001 From: neuronull Date: Mon, 3 Jul 2023 10:49:32 -0600 Subject: [PATCH 2/3] use the build proxy connector helper function --- src/sinks/vector/config.rs | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/sinks/vector/config.rs b/src/sinks/vector/config.rs index 65b20b904cd8a..cf09495a5fe7f 100644 --- a/src/sinks/vector/config.rs +++ b/src/sinks/vector/config.rs @@ -16,6 +16,7 @@ use crate::{ AcknowledgementsConfig, GenerateConfig, Input, ProxyConfig, SinkConfig, SinkContext, SinkHealthcheckOptions, }, + http::build_proxy_connector, proto::vector as proto, sinks::{ util::{ @@ -223,11 +224,7 @@ fn new_client( Ok(()) }); - let mut proxy = ProxyConnector::new(https).unwrap(); - // Make proxy connector aware of user TLS settings by setting the TLS connector: - let proxy_tls = tls_connector_builder(tls_settings)?.build(); - proxy.set_tls(Some(proxy_tls)); - proxy_config.configure(&mut proxy)?; + let proxy = build_proxy_connector(tls_settings.clone(), proxy_config)?; Ok(hyper::Client::builder().http2_only(true).build(proxy)) } From 347370d4cc50d5a170d807aea8db4600eebf686b Mon Sep 17 00:00:00 2001 From: neuronull Date: Thu, 6 Jul 2023 14:16:50 -0600 Subject: [PATCH 3/3] feedback sw --- src/sinks/vector/config.rs | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/src/sinks/vector/config.rs b/src/sinks/vector/config.rs index 5ad64c049c503..472139eb865c9 100644 --- a/src/sinks/vector/config.rs +++ b/src/sinks/vector/config.rs @@ -25,7 +25,7 @@ use crate::{ }, Healthcheck, VectorSink as VectorSinkType, }, - tls::{tls_connector_builder, MaybeTlsSettings, TlsEnableableConfig}, + tls::{MaybeTlsSettings, TlsEnableableConfig}, }; /// Configuration for the `vector` sink. @@ -210,21 +210,6 @@ fn new_client( tls_settings: &MaybeTlsSettings, proxy_config: &ProxyConfig, ) -> crate::Result>, BoxBody>> { - let mut http = HttpConnector::new(); - http.enforce_http(false); - - let tls = tls_connector_builder(tls_settings)?; - let mut https = HttpsConnector::with_connector(http, tls)?; - - let settings = tls_settings.tls().cloned(); - https.set_callback(move |c, _uri| { - if let Some(settings) = &settings { - settings.apply_connect_configuration(c); - } - - Ok(()) - }); - let proxy = build_proxy_connector(tls_settings.clone(), proxy_config)?; Ok(hyper::Client::builder().http2_only(true).build(proxy))