From 90bb4232260e0be56e0303f2e81eed73741e3631 Mon Sep 17 00:00:00 2001
From: Michael Insel <michael@insel.email>
Date: Fri, 30 Nov 2018 22:08:18 +0100
Subject: [PATCH] Implement TLS support for the GelfWriter

This implements TLS support for the GelfWriter.
---
 lib/perfdata/gelfwriter.cpp | 25 ++++++++++++++++++++++++-
 lib/perfdata/gelfwriter.ti  |  6 ++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/lib/perfdata/gelfwriter.cpp b/lib/perfdata/gelfwriter.cpp
index 55199d717..9623cbe87 100644
--- a/lib/perfdata/gelfwriter.cpp
+++ b/lib/perfdata/gelfwriter.cpp
@@ -169,7 +169,30 @@ void GelfWriter::ReconnectInternal()
 		throw ex;
 	}
 
-	m_Stream = new NetworkStream(socket);
+	if (GetEnableTls()) {
+		std::shared_ptr<SSL_CTX> sslContext;
+
+		try  {
+			sslContext = MakeSSLContext(GetCertPath(), GetKeyPath(), GetCaPath());
+		} catch (const std::exception& ex) {
+			Log(LogWarning, "GelfWriter")
+				<< "Unable to create SSL context.";
+			throw ex;
+		}
+
+		TlsStream::Ptr tlsStream = new TlsStream(socket, GetHost(), RoleClient, sslContext);
+
+		try {
+			tlsStream->Handshake();
+		} catch (const std::exception& ex) {
+			Log(LogWarning, "GelfWriter")
+				<< "TLS handshake with host'" << GetHost() << "' on port '" << GetPort() << "' failed.'";
+			throw ex;
+		}
+
+		m_Stream = tlsStream;
+	} else
+		m_Stream = new NetworkStream(socket);
 
 	SetConnected(true);
 
diff --git a/lib/perfdata/gelfwriter.ti b/lib/perfdata/gelfwriter.ti
index 1d20cc28e..2176fd877 100644
--- a/lib/perfdata/gelfwriter.ti
+++ b/lib/perfdata/gelfwriter.ti
@@ -31,6 +31,12 @@ class GelfWriter : ConfigObject
 	[config] bool enable_ha {
 		default {{{ return false; }}}
 	};
+    [config] bool enable_tls {
+        default {{{ return false; }}}
+    };
+    [config] String ca_path;
+    [config] String cert_path;
+    [config] String key_path;
 };
 
 }