Add OpenSSL::PKey::EC password protected keys to fleuntd

out_splunk_hec.rb.diff

diff --git a/lib/fluent/plugin/out_splunk_hec.rb b/lib/fluent/plugin/out_splunk_hec.rb
index fe1b486..9d8d5ad 100644
--- a/lib/fluent/plugin/out_splunk_hec.rb
+++ b/lib/fluent/plugin/out_splunk_hec.rb
@@ -42,6 +42,9 @@ module Fluent::Plugin
     desc 'The private key for this client.'
     config_param :client_key, :string, default: nil

+    desc 'An optional password in a case when the private key is encrypted.'
+    config_param :client_key_password, :string, default: nil
+
     desc 'The path to a file containing a PEM-format CA certificate.'
     config_param :ca_file, :string, default: nil

@@ -97,7 +100,7 @@ module Fluent::Plugin
     config_section :fields, init: false, multi: false, required: false do
       # this is blank on purpose
     end
-
+
     config_section :format do
       config_set_default :usage, '**'
       config_set_default :@type, 'json'
@@ -311,7 +314,15 @@ module Fluent::Plugin
       Net::HTTP::Persistent.new.tap do |c|
         c.verify_mode = @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
         c.cert = OpenSSL::X509::Certificate.new File.read(@client_cert) if @client_cert
-        c.key = OpenSSL::PKey::RSA.new File.read(@client_key) if @client_key
+        if @client_key
+           pkey_arguments = [File.read(@client_key)]
+           pkey_arguments << @client_key_password if @client_key_password
+           key = OpenSSL::PKey.read(*pkey_arguments)
+           unless key.is_a?(OpenSSL::PKey::RSA) || key.is_a?(OpenSSL::PKey::EC)
+              raise ::Fluent::ConfigError, 'uknown client key type'
+           end
+          c.key = key
+        end
         c.ca_file = @ca_file
         c.ca_path = @ca_path
         c.ciphers = @ssl_ciphers