From 1adc4f0f2ae939b8d0e56281574062b78078a8de Mon Sep 17 00:00:00 2001
From: Daniel Nelson <daniel.nelson@influxdb.com>
Date: Tue, 30 Jun 2020 00:31:07 -0700
Subject: [PATCH] Allow any key usage type on x509 certificate (#7760)

---
 plugins/inputs/x509_cert/x509_cert.go      | 1 +
 plugins/inputs/x509_cert/x509_cert_test.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/plugins/inputs/x509_cert/x509_cert.go b/plugins/inputs/x509_cert/x509_cert.go
index d90193dc3..983926af1 100644
--- a/plugins/inputs/x509_cert/x509_cert.go
+++ b/plugins/inputs/x509_cert/x509_cert.go
@@ -211,6 +211,7 @@ func (c *X509Cert) Gather(acc telegraf.Accumulator) error {
 			// name validation against the URL hostname.
 			opts := x509.VerifyOptions{
 				Intermediates: x509.NewCertPool(),
+				KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
 			}
 			if i == 0 {
 				if c.ServerName == "" {
diff --git a/plugins/inputs/x509_cert/x509_cert_test.go b/plugins/inputs/x509_cert/x509_cert_test.go
index fa90a90eb..c34524457 100644
--- a/plugins/inputs/x509_cert/x509_cert_test.go
+++ b/plugins/inputs/x509_cert/x509_cert_test.go
@@ -142,6 +142,7 @@ func TestGatherLocal(t *testing.T) {
 		{name: "not a certificate", mode: 0640, content: "test", error: true},
 		{name: "wrong certificate", mode: 0640, content: wrongCert, error: true},
 		{name: "correct certificate", mode: 0640, content: pki.ReadServerCert()},
+		{name: "correct client certificate", mode: 0640, content: pki.ReadClientCert()},
 		{name: "correct certificate and extra trailing space", mode: 0640, content: pki.ReadServerCert() + " "},
 		{name: "correct certificate and extra leading space", mode: 0640, content: " " + pki.ReadServerCert()},
 		{name: "correct multiple certificates", mode: 0640, content: pki.ReadServerCert() + pki.ReadCACert()},