inputs.x509_cert not handling multiple sources correctly

[bsper2]

Relevant telegraf.conf:

[[inputs.x509_cert]]
   sources = [
      "https://web1.domain.edu:443",
      "https://web2.domain.edu:443",
      "https://web3.domain.edu:443",
   ]

  timeout = "5s"

System info:

telegraf-1.17.1+ (versions before are ok), RHEL 8.3 and CentOS 7.9

Steps to reproduce:

1. Setup a x509_cert input which has multiple servers in the sources block, where they each resolve to different hostnames (cert for server1 is not valid for server2, etc)
2. telegraf --config sslcert-check.conf --test

Expected behavior:

As long as all certificates in the sources list are valid there should be no verification errors reported.

Actual behavior:

Verification errors are printed like so:

# telegraf --config sslcert-check.conf --test | egrep -o 'verification_error=".*"'
verification_error="x509: certificate is valid for web2.domain.edu not web1.domain.edu"
verification_error="x509: certificate is valid for web3.domain.edu not web1.domain.edu"

From the errors it looks like it's trying to verify all certs listed against the hostname for the first server given in the list.

Additional info:

Same config has no such errors prior to version 1.17.1.

Breaking each server out into individual checks is still fine and gives no issues:

[[inputs.x509_cert]]
   sources = [
      "https://web1.domain.edu:443",
   ]
[[inputs.x509_cert]]
   sources = [
      "https://web2.domain.edu:443",
   ]

#...etc...

But would still be nice to have the old behavior where one [[inputs.x509_cert]] block could include all the servers needed to be monitored.

[jjh74]

I think this is duplicate of #8914

[bsper2]

@jjh74 Yes this does look to be a duplicate.

Did not come across that issue number since I was searching for the verification_error message I was getting which wasn't pasted over there. Will close this out.