Comments (8)
I too am in need of this. Is there any plan for it? Dotnet core doesn't seem to have a cert validation callback like the original dot net does.
from serilog-sinks-splunk.
@veccsolutions a new release is out with the HttpMessageHandler
exposed. I will update the wiki however it may be of use to your situation.
from serilog-sinks-splunk.
Thanks! I'll be checking this out in the next couple of days.
from serilog-sinks-splunk.
@merbla Thanks for exposing it. However, I can't specify whether to ignore it or not through the config files. I was able to write my own sink configuration method to do it using the one you have already created as a template.
My custom configuration method is identical to yours except for the following changes.
- In project.json I increased the netstandard framework to 1.6 (I didn't try earlier versions, but the ServerCertificateCustomValidationCallback property wasn't in the netstandard 1.1 framework)
- I added an ignoreSsl parameter, and the following between your null checks and newing up the eventcollectorsink object:
if (ignoreSsl) { //only ignore the certificates for correct host var uri = new Uri(splunkHost); var lowerHost = uri.Host?.ToLowerInvariant() ?? string.Empty; #if NET45 ServicePointManager.ServerCertificateValidationCallback += (object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors) => ServerCertificateCallback((sender as WebRequest)?.RequestUri?.Host, lowerHost, policyErrors); #else HttpClientHandler client; //allow custom httpmessagehandlers if (messageHandler == null) { client = new HttpClientHandler(); } else { client = messageHandler as HttpClientHandler; } //if the message handler is either HttpClientHandler or derived from it we can add to the callback if (client != null) { client.ServerCertificateCustomValidationCallback += (HttpRequestMessage message, X509Certificate2 cert, X509Chain chain, SslPolicyErrors policyErrors) => ServerCertificateCallback(message?.RequestUri?.Host, lowerHost, policyErrors); messageHandler = client; } #endif }
- The ServerCertificateCallback method is:
private static bool ServerCertificateCallback(string requestHost, string splunkHost, SslPolicyErrors policyErrors) { //quick check for no error if (policyErrors == SslPolicyErrors.None) { return true; } return requestHost.ToLowerInvariant() == splunkHost; }
from serilog-sinks-splunk.
@veccsolutions you are correct. The change was generally targeted at dotnet core and opening up the HttpMessageHandler
for more than just the situation to ignore SSL certs.
We would have overload the config with an ignoreSSLValidation
like param for the configuration from file to work. I am a little reluctant to implement however I know it can be a pain in development.
Generally what frameworks are you targeting?
from serilog-sinks-splunk.
Just to add to @merbla's remarks about being reluctant to add this - I think we'd expose ourselves to some criticism by dealing with SSL certificate policy in the sink. (Even in the case of self-signed certificates, it's usually better to add the certificate to the list trusted by the client machine rather than disable validation entirely.)
from serilog-sinks-splunk.
That's fine. I'll continue with my separate config method. I just need to be able to do it without managing the certs on the local system and still using the config file for different deployment targets like local development vs QA vs Production etc.
from serilog-sinks-splunk.
Closing this for now.
from serilog-sinks-splunk.
Related Issues (20)
- Add default constructor for CustomField
- Splunk sink is not working in asp.net core 6 HOT 4
- Timestamp precision HOT 4
- Issue with overload HOT 1
- Is there any option to set http timeout for Collector HOT 2
- Support set meta data field host easily by code (dynamic resolution) HOT 1
- Support disabling of rendered message HOT 1
- EventCollectorSink relies on sealed type PeriodicBatchingSink HOT 1
- Appveyor/Nuget Package Release HOT 3
- Update security scanning and security policy.
- Fix TCP and UDP package upstream nuget
- Release build script issues
- Just updated from 3.7.0 to 4.0.0/4.0.1 and I cant get splunk to index the data HOT 18
- Bumped to 4.0.2 - Could not load file or assembly 'Serilog.Sinks.Splunk' or one of its dependencies. Strong name signature could not be verified. HOT 3
- [Request for Comments] Gitter vs GitHub Discussions for interactive interaction
- TraceId and SpanId are missing from the logs HOT 4
- Breaking changes between 3.7.0 and 4+ HOT 4
- Update Serilog.Sinks.PeriodicBatching to Version 4.1.0 HOT 2
- Allow for providing splunkHost as-is? HOT 5
- Update 3.7.0 -> 4.1.0 not working HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serilog-sinks-splunk.