From 88f3cadf458767e32b99261aa3d318b5ff851b74 Mon Sep 17 00:00:00 2001
From: Ryan Faircloth <35384120+rfaircloth-splunk@users.noreply.github.com>
Date: Fri, 7 Aug 2020 17:56:34 -0400
Subject: [PATCH] [fix] Fixes #604 (#615)

Do not check client cert in TLS connections as we do not support a reasonable means of authorization checking
---
 package/etc/go_templates/source_network.t | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t
index 2b8ea54..8a9408c 100644
--- a/package/etc/go_templates/source_network.t
+++ b/package/etc/go_templates/source_network.t
@@ -64,11 +64,12 @@ source s_{{ .port_id }} {
                 use-fqdn(no)
                 chain-hostnames(off)
                 flags(validate-utf8, no-parse {{- if (conv.ToBool (getenv "SC4S_SOURCE_STORE_RAWMSG" "no")) }} store-raw-message {{- end}})
-                tls(allow-compress(yes)
+                tls(allow-compress(yes)                
                     key-file("/opt/syslog-ng/tls/server.key")
                     cert-file("/opt/syslog-ng/tls/server.pem")
                     ssl-options({{- getenv "SC4S_SOURCE_TLS_OPTIONS" "no-sslv2, no-sslv3, no-tlsv1" }})
                     cipher-suite("{{- getenv "SC4S_SOURCE_TLS_CIPHER_SUITE" "HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH" }}")
+                    peer-verify(no)
                     )
             );
     {{- end }}