output: Load CertStore with a user-defined store name

cosmo0920 · cosmo0920 · commit ea38ae232ac3 · 2025-07-15T11:39:44.000+09:00
Signed-off-by: Hiroshi Hatake &lt;hiroshi@chronosphere.io&gt;
diff --git a/include/fluent-bit/flb_output.h b/include/fluent-bit/flb_output.h
@@ -369,6 +369,9 @@ struct flb_output_instance {
     char *tls_min_version;               /* Minimum protocol version of TLS */
     char *tls_max_version;               /* Maximum protocol version of TLS */
     char *tls_ciphers;                   /* TLS ciphers */
+# if defined(FLB_SYSTEM_WINDOWS)
+    char *tls_win_certstore_name;            /* CertStore Name (Windows) */
+# endif
 #endif
 
     /*
diff --git a/src/flb_output.c b/src/flb_output.c
@@ -83,6 +83,11 @@ struct flb_config_map output_global_properties[] = {
         "Accepted values: a positive integer, 'no_limits', 'false', or 'off' to disable retry limits, "
         "or 'no_retries' to disable retries entirely."
     },
+    {
+        FLB_CONFIG_MAP_STR, "tls.windows.certstore_name", NULL,
+        0, FLB_FALSE, 0,
+        "Sets the certstore name on an output (Windows)"
+    },
 
     {0}
 };
@@ -174,6 +179,11 @@ static void flb_output_free_properties(struct flb_output_instance *ins)
     if (ins->tls_ciphers) {
         flb_sds_destroy(ins->tls_ciphers);
     }
+# if defined(FLB_SYSTEM_WINDOWS)
+    if (ins->tls_win_certstore_name) {
+        flb_sds_destroy(ins->tls_win_certstore_name);
+    }
+# endif
 #endif
 }
 
@@ -751,6 +761,9 @@ struct flb_output_instance *flb_output_new(struct flb_config *config,
     instance->tls_crt_file          = NULL;
     instance->tls_key_file          = NULL;
     instance->tls_key_passwd        = NULL;
+# if defined(FLB_SYSTEM_WINDOWS)
+    instance->tls_win_certstore_name = NULL;
+# endif
 #endif
 
     if (plugin->flags & FLB_OUTPUT_NET) {
@@ -975,6 +988,11 @@ int flb_output_set_property(struct flb_output_instance *ins,
     else if (prop_key_check("tls.ciphers", k, len) == 0) {
         flb_utils_set_plugin_string_property("tls.ciphers", &ins->tls_ciphers, tmp);
     }
+#  if defined(FLB_SYSTEM_WINDOWS)
+    else if (prop_key_check("tls.windows.certstore_name", k, len) == 0 && tmp) {
+        flb_utils_set_plugin_string_property("tls.windows.certstore_name", &ins->tls_win_certstore_name, tmp);
+    }
+#  endif
 #endif
     else if (prop_key_check("storage.total_limit_size", k, len) == 0 && tmp) {
         if (strcasecmp(tmp, "off") == 0 ||
@@ -1359,6 +1377,26 @@ int flb_output_init_all(struct flb_config *config)
                     return -1;
                 }
             }
+
+# if defined (FLB_SYSTEM_WINDOWS)
+        if (ins->tls_win_certstore_name) {
+            ret = flb_tls_set_certstore_name(ins->tls, ins->tls_win_certstore_name);
+            if (ret == -1) {
+                flb_error("[output %s] error specify certstore name in TLS context",
+                          ins->name);
+
+                return -1;
+            }
+
+            ret = flb_tls_load_system_certificates(ins->tls);
+            if (ret == -1) {
+                flb_error("[output %s] error set up to load certstore with a user-defined name in TLS context",
+                          ins->name);
+
+                return -1;
+            }
+        }
+# endif
         }
 #endif
         /*
