[fix] Fixes #604 (#615)

Do not check client cert in TLS connections as we do not support a reasonable means of authorization checking
CSVD · Aug 7, 2020 · 88f3cad · 88f3cad
1 parent 1263e7a
commit 88f3cad
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t
@@ -64,11 +64,12 @@ source s_{{ .port_id }} {
                 use-fqdn(no)
                 chain-hostnames(off)
                 flags(validate-utf8, no-parse {{- if (conv.ToBool (getenv "SC4S_SOURCE_STORE_RAWMSG" "no")) }} store-raw-message {{- end}})
-                tls(allow-compress(yes)
+                tls(allow-compress(yes)                
                     key-file("/opt/syslog-ng/tls/server.key")
                     cert-file("/opt/syslog-ng/tls/server.pem")
                     ssl-options({{- getenv "SC4S_SOURCE_TLS_OPTIONS" "no-sslv2, no-sslv3, no-tlsv1" }})
                     cipher-suite("{{- getenv "SC4S_SOURCE_TLS_CIPHER_SUITE" "HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH" }}")
+                    peer-verify(no)
                     )
             );
     {{- end }}