From cc71824cab1fa3d4893c11c1bea0a7fc5a026fd1 Mon Sep 17 00:00:00 2001
From: Sergey Malinkin <malinkinsa@yandex.ru>
Date: Sun, 3 Dec 2023 15:26:05 +0300
Subject: [PATCH 1/3] Update alerter and tests

---
 elastalert/alerters/gelf.py | 7 ++++---
 elastalert/alerters/iris.py | 4 ++--
 elastalert/schema.yaml      | 4 ++--
 tests/alerters/gelf_test.py | 4 ++--
 tests/alerters/iris_test.py | 2 +-
 5 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/elastalert/alerters/gelf.py b/elastalert/alerters/gelf.py
index 1a3f821c..19221716 100644
--- a/elastalert/alerters/gelf.py
+++ b/elastalert/alerters/gelf.py
@@ -31,7 +31,7 @@ def __init__(self, rule):
         self.gelf_version = self.rule.get('gelf_version', '1.1')
         self.gelf_log_level = self.rule.get('gelf_log_level', 5)
         self.additional_headers = self.rule.get('gelf_http_headers')
-        self.ca_cert = self.rule.get('gelf_ca_cert', False)
+        self.ca_cert = self.rule.get('gelf_ca_cert')
         self.http_ignore_ssl_errors = self.rule.get('gelf_http_ignore_ssl_errors', False)
         self.timeout = self.rule.get('gelf_timeout', 30)
 
@@ -43,7 +43,7 @@ def send_http(self, gelf_msg):
         if self.ca_cert:
             verify = self.ca_cert
         else:
-            verify = False
+            verify = not self.http_ignore_ssl_errors
 
         if self.http_ignore_ssl_errors:
             requests.packages.urllib3.disable_warnings()
@@ -65,7 +65,8 @@ def sent_tcp(self, gelf_msg):
 
         try:
             if self.ca_cert:
-                tcp_socket = ssl.wrap_socket(tcp_socket, ca_certs=self.ca_cert)
+                ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+                tcp_socket = ctx.wrap_socket(tcp_socket, ca_certs=self.ca_cert)
                 tcp_socket.sendall(bytes_msg)
             else:
                 tcp_socket.sendall(bytes_msg)
diff --git a/elastalert/alerters/iris.py b/elastalert/alerters/iris.py
index dd23ca63..0b23e788 100644
--- a/elastalert/alerters/iris.py
+++ b/elastalert/alerters/iris.py
@@ -16,7 +16,7 @@ def __init__(self, rule):
         self.url = f"https://{self.rule.get('iris_host')}"
         self.api_token = self.rule.get('iris_api_token')
         self.customer_id = self.rule.get('iris_customer_id')
-        self.ca_cert = self.rule.get('iris_ca_cert', False)
+        self.ca_cert = self.rule.get('iris_ca_cert')
         self.ignore_ssl_errors = self.rule.get('iris_ignore_ssl_errors', False)
         self.description = self.rule.get('iris_description', None)
         self.overwrite_timestamp = self.rule.get('iris_overwrite_timestamp', False)
@@ -113,7 +113,7 @@ def alert(self, matches):
         if self.ca_cert:
             verify = self.ca_cert
         else:
-            verify = False
+            verify = not self.ignore_ssl_errors
 
         if self.ignore_ssl_errors:
             requests.packages.urllib3.disable_warnings()
diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml
index 666d06b0..6c8efd99 100644
--- a/elastalert/schema.yaml
+++ b/elastalert/schema.yaml
@@ -511,7 +511,7 @@ properties:
             required: [ field ]
             properties:
               field: { type: string, minLength: 1 }
-  gelf_ca_cert: {type: string}
+  gelf_ca_cert: {type: [boolean, string]}
   gelf_http_ignore_ssl_errors: {type: boolean}
   gelf_timeout: {type: integer}
 
@@ -544,7 +544,7 @@ properties:
   iris_type: {type: string, enum: ['alert', 'case']}
   iris_customer_id: {type: integer}
   iris_ignore_ssl_errors: {type: boolean}
-  iris_ca_cert: {type: string}
+  iris_ca_cert: {type: [boolean, string]}
   iris_overwrite_timestamp: {type: boolean}
   iris_case_template_id: {type: integer}
   iris_description: {type: string}
diff --git a/tests/alerters/gelf_test.py b/tests/alerters/gelf_test.py
index e663264b..5799d37b 100644
--- a/tests/alerters/gelf_test.py
+++ b/tests/alerters/gelf_test.py
@@ -41,7 +41,7 @@ def test_gelf_sent_http(caplog):
         url=rule['gelf_endpoint'],
         headers={'Content-Type': 'application/json'},
         json=mock.ANY,
-        verify=False,
+        verify=True,
         timeout=30,
     )
 
@@ -211,7 +211,7 @@ def test_gelf_sent_tcp_with_custom_ca(caplog):
     expected_data = json.dumps(expected_data).encode('utf-8') + b'\x00'
 
     with mock.patch('socket.socket') as mock_socket:
-        with mock.patch('ssl.wrap_socket') as mock_ssl_wrap_socket:
+        with mock.patch('ssl.SSLContext.wrap_socket') as mock_ssl_wrap_socket:
             mock_ssl_wrap_socket.return_value = mock_socket
             alert.alert([match])
             mock_socket.assert_called_once_with(socket.AF_INET, socket.SOCK_STREAM)
diff --git a/tests/alerters/iris_test.py b/tests/alerters/iris_test.py
index 79884538..62257aec 100644
--- a/tests/alerters/iris_test.py
+++ b/tests/alerters/iris_test.py
@@ -406,7 +406,7 @@ def test_iris_alert_alert(caplog):
             'Authorization': f'Bearer {rule["iris_api_token"]}'
         },
         json=mock.ANY,
-        verify=False,
+        verify=True,
     )
 
     assert expected_data == mock_post_request.call_args_list[0][1]['json']

From 40e10c5d1c3130884a20da45c2fa31c2a34d364c Mon Sep 17 00:00:00 2001
From: Sergey Malinkin <malinkinsa@yandex.ru>
Date: Sun, 3 Dec 2023 15:41:41 +0300
Subject: [PATCH 2/3] Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 61e85778..19375c73 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,8 @@
 - [Docs] Clarify how to reference query_key values in flatline alerts - [#1320](https://github.com/jertel/elastalert2/pull/1320) - @jertel
 - Fix percentiles aggregation type in Spike Metric Aggregation rules - [#1323](https://github.com/jertel/elastalert2/pull/1323) - @jertel
 - [Docs] Extend FAQ / troubleshooting section with information on Elasticsearch RBAC - [#1324](https://github.com/jertel/elastalert2/pull/1324) - @chr-b
+- Upgrade to Python 3.12 - [#1327](https://github.com/jertel/elastalert2/pull/1327) - @jertel
+- Correction in IRIS and GELF alerter [#1331](https://github.com/jertel/elastalert2/pull/1331) - @malinkinsa
 
 # 2.15.0
 

From 24fb5cc85d3f2def08d4c308e1a55aa7ed4180da Mon Sep 17 00:00:00 2001
From: Sergey Malinkin <malinkinsa@yandex.ru>
Date: Sun, 3 Dec 2023 16:47:21 +0300
Subject: [PATCH 3/3] Update docs

---
 docs/source/ruletypes.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst
index 64309e70..13a6579b 100644
--- a/docs/source/ruletypes.rst
+++ b/docs/source/ruletypes.rst
@@ -2576,9 +2576,9 @@ Optional:
 
 ``gelf_http_headers``: Additional headers. (Only used if gelf_type=http)
 
-``gelf_ca_cert``: Path to custom CA certificate.
+``gelf_ca_cert``: Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.The default value is: False.
 
-``gelf_http_ignore_ssl_errors``: Ignore ssl error. (Only used if gelf_type=http)
+``gelf_http_ignore_ssl_errors``: Ignore ssl error. (Only used if gelf_type=http).The default value is: False.
 
 ``gelf_timeout``: Custom timeout.
 
@@ -2727,7 +2727,7 @@ The alerter requires the following option:
 
 Optional:
 
-``iris_ca_cert``: Path to custom CA certificate.
+``iris_ca_cert``: Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.The default value is: False.
 
 ``iris_ignore_ssl_errors``: Ignore ssl error. The default value is: ``False``.