Git Product home page Git Product logo

Comments (8)

avatar commented on June 30, 2024

I too am in need of this. Is there any plan for it? Dotnet core doesn't seem to have a cert validation callback like the original dot net does.

from serilog-sinks-splunk.

merbla avatar merbla commented on June 30, 2024

@veccsolutions a new release is out with the HttpMessageHandler exposed. I will update the wiki however it may be of use to your situation.

from serilog-sinks-splunk.

avatar commented on June 30, 2024

Thanks! I'll be checking this out in the next couple of days.

from serilog-sinks-splunk.

avatar commented on June 30, 2024

@merbla Thanks for exposing it. However, I can't specify whether to ignore it or not through the config files. I was able to write my own sink configuration method to do it using the one you have already created as a template.

My custom configuration method is identical to yours except for the following changes.

  1. In project.json I increased the netstandard framework to 1.6 (I didn't try earlier versions, but the ServerCertificateCustomValidationCallback property wasn't in the netstandard 1.1 framework)
  2. I added an ignoreSsl parameter, and the following between your null checks and newing up the eventcollectorsink object: 
             if (ignoreSsl)
         {
             //only ignore the certificates for correct host
             var uri = new Uri(splunkHost);
             var lowerHost = uri.Host?.ToLowerInvariant() ?? string.Empty;

 #if NET45
             ServicePointManager.ServerCertificateValidationCallback +=
                 (object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors) =>
                     ServerCertificateCallback((sender as WebRequest)?.RequestUri?.Host, lowerHost, policyErrors);
 #else
             HttpClientHandler client;
             //allow custom httpmessagehandlers
             if (messageHandler == null)
             {
                 client = new HttpClientHandler();
             }
             else
             {
                 client = messageHandler as HttpClientHandler;
             }

             //if the message handler is either HttpClientHandler or derived from it we can add to the callback
             if (client != null)
             {
                 client.ServerCertificateCustomValidationCallback +=
                     (HttpRequestMessage message, X509Certificate2 cert, X509Chain chain, SslPolicyErrors policyErrors) =>
                         ServerCertificateCallback(message?.RequestUri?.Host, lowerHost, policyErrors);

                 messageHandler = client;
             }
 #endif
         }
  3. The ServerCertificateCallback method is: 
        private static bool ServerCertificateCallback(string requestHost, string splunkHost, SslPolicyErrors policyErrors)
    {
        //quick check for no error
        if (policyErrors == SslPolicyErrors.None)
        {
            return true;
        }

        return requestHost.ToLowerInvariant() == splunkHost;
    }

from serilog-sinks-splunk.

merbla avatar merbla commented on June 30, 2024

@veccsolutions you are correct. The change was generally targeted at dotnet core and opening up the HttpMessageHandler for more than just the situation to ignore SSL certs.

We would have overload the config with an ignoreSSLValidation like param for the configuration from file to work. I am a little reluctant to implement however I know it can be a pain in development.

Generally what frameworks are you targeting?

from serilog-sinks-splunk.

nblumhardt avatar nblumhardt commented on June 30, 2024

Just to add to @merbla's remarks about being reluctant to add this - I think we'd expose ourselves to some criticism by dealing with SSL certificate policy in the sink. (Even in the case of self-signed certificates, it's usually better to add the certificate to the list trusted by the client machine rather than disable validation entirely.)

from serilog-sinks-splunk.

avatar commented on June 30, 2024

That's fine. I'll continue with my separate config method. I just need to be able to do it without managing the certs on the local system and still using the config file for different deployment targets like local development vs QA vs Production etc.

from serilog-sinks-splunk.

merbla avatar merbla commented on June 30, 2024

Closing this for now.

from serilog-sinks-splunk.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.