diff --git a/Cargo.toml b/Cargo.toml index 4645895bf99cf..bb408e08684f6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "vector" -version = "0.39.0-databricks-v1" +version = "0.39.0-databricks-v2" authors = ["Vector Contributors "] edition = "2021" description = "A lightweight and ultra-fast tool for building observability pipelines" diff --git a/README.databricks.md b/README.databricks.md index 90ce931ce6c24..17758ee941055 100644 --- a/README.databricks.md +++ b/README.databricks.md @@ -10,3 +10,4 @@ This lists custom changes merged in Databricks fork of Vector. 9. Provide an option to override the Content-Encoding header for files uploaded by Google Cloud Storage sink https://github.com/databricks/vector/pull/30 10. Add functionality to derive topic from file upload path https://github.com/databricks/vector/pull/33 11. Update event logs to support emitting granular upload events https://github.com/databricks/vector/pull/35 +12. Add support for SNI. A PR for upstream is also been created. https://github.com/databricks/vector/pull/39 upstream PR: https://github.com/vectordotdev/vector/pull/21365 diff --git a/lib/vector-core/src/tls/mod.rs b/lib/vector-core/src/tls/mod.rs index 3180981fb0ec6..ada663be4abfd 100644 --- a/lib/vector-core/src/tls/mod.rs +++ b/lib/vector-core/src/tls/mod.rs @@ -183,13 +183,13 @@ pub fn tls_connector_builder(settings: &MaybeTlsSettings) -> Result Result { - let verify_hostname = settings - .tls() - .map_or(true, |settings| settings.verify_hostname); - let configure = tls_connector_builder(settings)? + let mut configure = tls_connector_builder(settings)? .build() .configure() - .context(TlsBuildConnectorSnafu)? - .verify_hostname(verify_hostname); + .context(TlsBuildConnectorSnafu)?; + let tls_setting = settings.tls().cloned(); + if let Some(tls_setting) = &tls_setting { + tls_setting.apply_connect_configuration(&mut configure) + } Ok(configure) } diff --git a/lib/vector-core/src/tls/settings.rs b/lib/vector-core/src/tls/settings.rs index 23725e47496dd..dc305bf22016b 100644 --- a/lib/vector-core/src/tls/settings.rs +++ b/lib/vector-core/src/tls/settings.rs @@ -148,6 +148,14 @@ pub struct TlsConfig { #[configurable(metadata(docs::examples = "PassWord1"))] #[configurable(metadata(docs::human_name = "Key File Password"))] pub key_pass: Option, + + /// Server name to use when using Server Name Indication (SNI). + /// + /// Only relevant for outgoing connections. + #[serde(alias = "server_name")] + #[configurable(metadata(docs::examples = "www.example.com"))] + #[configurable(metadata(docs::human_name = "Server Name"))] + pub server_name: Option, } impl TlsConfig { @@ -169,6 +177,7 @@ pub struct TlsSettings { authorities: Vec, pub(super) identity: Option, // openssl::pkcs12::ParsedPkcs12 doesn't impl Clone yet alpn_protocols: Option>, + server_name: Option, } #[derive(Clone)] @@ -203,6 +212,7 @@ impl TlsSettings { authorities: options.load_authorities()?, identity: options.load_identity()?, alpn_protocols: options.parse_alpn_protocols()?, + server_name: options.server_name.clone(), }) } @@ -335,6 +345,14 @@ impl TlsSettings { pub fn apply_connect_configuration(&self, connection: &mut ConnectConfiguration) { connection.set_verify_hostname(self.verify_hostname); + if let Some(server_name) = &self.server_name { + // Prevent native TLS lib from inferring default SNI using domain name from url. + connection.set_use_server_name_indication(false); + match connection.set_hostname(server_name) { + Ok(_) => (), + Err(e) => error!("Failed to set server name indication: {}", e), + } + } } }