dom
/
telegraf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add intermediates when verifying cert in x509 input (#6159)

This commit is contained in:
Greg 2019-07-31 17:59:54 -06:00 committed by Daniel Nelson
parent ef4f4eed3a
commit 004b2cf578
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/inputs/x509_cert/x509_cert.go
View File

@ -176,9 +176,16 @@ func (c *X509Cert) Gather(acc telegraf.Accumulator) error {
// The first certificate is the leaf/end-entity certificate which needs DNS // The first certificate is the leaf/end-entity certificate which needs DNS
// name validation against the URL hostname. // name validation against the URL hostname.
opts := x509.VerifyOptions{} opts := x509.VerifyOptions{
Intermediates: x509.NewCertPool(),
}
if i == 0 { if i == 0 {
opts.DNSName = u.Hostname() opts.DNSName = u.Hostname()
for j, cert := range certs {
if j != 0 {
opts.Intermediates.AddCert(cert)
}
}
} }
if c.tlsCfg.RootCAs != nil { if c.tlsCfg.RootCAs != nil {
opts.Roots = c.tlsCfg.RootCAs opts.Roots = c.tlsCfg.RootCAs