out_http: adding support for intermediate certificates

[tyarimi]

Signed-off-by: Tzach Yarimi tyarimi@salesforce.com

Which issue(s) this PR fixes:
Fixes #

What this PR does / why we need it:
Add support for sending a client certificate chain for mutual TLS authentication in the out_http plugin.

Docs Changes:

Release Note:

[repeatedly]

@nurse This patch modifies Net::HTTP directly. Do you know this approach is safe or not?

[tyarimi]

Hi folks. Any chance of merging this PR? We have been running it in production for some time now and it works fine.

[nurse]

Of course it's not safe. It should use public APIs.

[tyarimi]

@nurse extra_chain_cert was added in a later version of ruby. Is there any alternative?

[nurse]

Well, it should add more comment for example referring ruby/ruby@31af0da#diff-8c2ab8e0fb4f052e1d95ab6334e192c1
Also it should have a condition to avoid the monkey patch runs even if latest ruby.

[tyarimi]

@nurse I added the comment, but I'm not sure how to implement the conditional patching (not a ruby expert). Can you please help with that?

[nobu]

This regexp seems to match also the middle of a line, is this intentional?

[nurse]

With assuming SSL_ATTRIBUTES include :extra_chain_cert if SSL_IVNAMES include :@ extra_chain_cert, single condition can enclose the definitions.

Suggested change

	class Net::HTTP
	SSL_IVNAMES << :@extra_chain_cert unless SSL_IVNAMES.include?(:@extra_chain_cert)
	SSL_ATTRIBUTES << :extra_chain_cert unless SSL_ATTRIBUTES.include?(:extra_chain_cert)
	attr_accessor :extra_chain_cert
	end
	unless SSL_IVNAMES.include?(:@extra_chain_cert)
	class Net::HTTP
	SSL_IVNAMES << :@extra_chain_cert
	SSL_ATTRIBUTES << :extra_chain_cert
	attr_accessor :extra_chain_cert
	end
	end

[tyarimi]

Closing this PR in favor of #3146 (switching head branch)