Merge pull request #4718 from daipom/transport-tls-use-SSL_VERIFY_NON…

…E-by-default transport tls: use SSL_VERIFY_NONE by default
fluent · Nov 28, 2024 · 4db97a3 · 4db97a3
2 parents 2d8c9d4 + 144eb23
commit 4db97a3
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/lib/fluent/plugin_helper/cert_option.rb b/lib/fluent/plugin_helper/cert_option.rb
@@ -33,6 +33,8 @@ def cert_option_create_context(version, insecure, ciphers, conf)
 
         if conf.client_cert_auth
           ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+        else
+          ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
         end
 
         ctx.ca_file = conf.ca_path