HTTP Alert - Disable SSL Verification

[davama]

What?

Currently, there is no option on the HTTP notification page to disable SSL verification.

Why?

Many other applications have this feature included in their HTTP event hooks. Thought it would make sense that Graylog should have it too..

Had originally submitted this on the community forum. Was told to post here. https://community.graylog.org/t/feature-request-http-notification-disable-ssl-verification/24501

Your Environment

• Graylog Version: 4.3.2+313b6bc
• Elasticsearch Version: 7.17.4-1.x86_64
• MongoDB Version: 4.2.21-1.el7.x86_64
• Operating System: Red Hat, Inc. 1.8.0_312 on Linux 3.10.0-1160.11.1.el7.x86_64
• Browser version: Google Chrome - Version 102.0.5005.61 (Official Build) (64-bit)

I would be more than happy to help in testing.

Thank you for your consideration.

Best, Dave

[patrickmann]

@davama Can you detail the desired scenario / UI a bit more? Looking at the UI to configure HTTP notifications, I am able to enter an HTTP URL without any problem.

[davama]

Thank you for the reply @patrickmann

Here is a sample of how GitLab does it:

They have the SSL Verification Enabled by default, which graylog already does, but if the user unchecks it, the app would do the equivalent of curl with the -k option

So something similar for Graylog's UI, a simple checkbox, (enabled by default) that a user can choose to disable if they want.

[BSpendlove]

There is so many Java problems with SSL/TLS sometimes and it'll just be great to disable this for troubleshooting purposes, makes me want to go away from Graylog and even never recommend it to people that want to implement a basic syslog in their environment...