SSLSUBJECT broken again

[markwj]

Was using v5.0.9 for a while, and sslsubject worked well. But, since upgrading to latest (v6.0.2), sslsubject is broken again.

My configuration is:

input {
  tcp {
    port => <redacted>
    ssl_enable => true
    ssl_verify => true
    ssl_cert => <redacted>
    ssl_key => <redacted>
    ssl_certificate_authorities => <redacted>
    dns_reverse_lookup_enabled => false
    tcp_keep_alive => true
    codec => json_lines
    id => <redacted>
  }
}

A simple

output {
  stdout { codec => rubydebug { metadata => true } }
}

can show the issue clearly.

I did start some debugging, and find tcp.rb decode_buffer is being called with a nil socket from tcp/decoder_impl.rb decode. Not sure what has changed between v5.0.9 and v6.0.2.

I did a bisect. v5.0.10 works fine, but v5.2.0 is broken for this SSLSUBJECT. I see a large change there to convert to use netty ssl.

[rwaweber]

Seconding this, it appears as though it's still broken as of 6.0.6 with the same pipeline as above.

And by broken, I mean the sslsubject field does not appear in events. My guess, is the extraction here is no longer working.

[rwaweber]

I put a PR together internally, needs to go through some internal review first but should be able to submit it in the next couple days hopefully