fix: provide ssl engine with advisory peer and algorithm info

Author: yaauie

CHANGELOG.md

@@ -1,3 +1,6 @@
+## 3.6.1
+ - Fix: provide SSL engine with advisory peer and algorithm information [#159](https://github.com/logstash-plugins/logstash-input-http/issues/159)
+
 ## 3.6.0
  - Feat: review and deprecate ssl protocol/cipher related settings [#151](https://github.com/logstash-plugins/logstash-input-http/pull/151)
 

VERSION

@@ -1 +1 @@
-3.6.0
+3.6.1

build.gradle

@@ -24,7 +24,7 @@ dependencies {
     testImplementation 'org.hamcrest:hamcrest-library:1.3'
     testImplementation "org.apache.logging.log4j:log4j-core:${log4jVersion}"
 
-    implementation 'io.netty:netty-all:4.1.65.Final'
+    implementation 'io.netty:netty-all:4.1.85.Final'
     compileOnly "org.apache.logging.log4j:log4j-api:${log4jVersion}" // provided by Logstash
 }
 

src/main/java/org/logstash/plugins/inputs/http/HttpInitializer.java

@@ -10,6 +10,7 @@
 import io.netty.handler.ssl.SslHandler;
 import org.logstash.plugins.inputs.http.util.SslHandlerProvider;
 
+import java.net.InetSocketAddress;
 import java.util.concurrent.ThreadPoolExecutor;
 
 /**
@@ -34,7 +35,7 @@ protected void initChannel(SocketChannel socketChannel) throws Exception {
         ChannelPipeline pipeline = socketChannel.pipeline();
 
         if(sslHandlerProvider != null) {
-            SslHandler sslHandler = sslHandlerProvider.getSslHandler(socketChannel.alloc());
+            SslHandler sslHandler = sslHandlerProvider.getSslHandler(socketChannel);
             pipeline.addLast(sslHandler);
         }
         pipeline.addLast(new HttpServerCodec());

src/main/java/org/logstash/plugins/inputs/http/util/SslHandlerProvider.java

@@ -1,12 +1,15 @@
 package org.logstash.plugins.inputs.http.util;
 
 import io.netty.buffer.ByteBufAllocator;
+import io.netty.channel.socket.SocketChannel;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslHandler;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import java.net.InetSocketAddress;
 import java.util.Arrays;
 
 public class SslHandlerProvider {
@@ -28,14 +31,20 @@ public SslHandlerProvider(SslContext sslContext) {
         this.sslContext = sslContext;
     }
 
-    public SslHandler getSslHandler(ByteBufAllocator bufferAllocator) {
+    public SslHandler getSslHandler(final SocketChannel socketChannel) {
+        final InetSocketAddress remoteAddress = socketChannel.remoteAddress();
+        final String peerHost = remoteAddress.getHostString();
+        final int peerPort = remoteAddress.getPort();
+        final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc(), peerHost, peerPort);
 
-        SslHandler sslHandler = sslContext.newHandler(bufferAllocator);
-
-        SSLEngine engine = sslHandler.engine();
+        final SSLEngine engine = sslHandler.engine();
         engine.setEnabledProtocols(protocols);
         engine.setUseClientMode(false);
 
+        final SSLParameters sslParameters = engine.getSSLParameters();
+        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+        engine.setSSLParameters(sslParameters);
+
         if (verifyMode == SslClientVerifyMode.FORCE_PEER) {
             // Explicitly require a client certificate
             engine.setNeedClientAuth(true);