Damyan Petev Manev created KAFKA-6097:
-----------------------------------------

             Summary: Kafka ssl.endpoint.identification.algorithm=HTTPS not 
working
                 Key: KAFKA-6097
                 URL: https://issues.apache.org/jira/browse/KAFKA-6097
             Project: Kafka
          Issue Type: Bug
            Reporter: Damyan Petev Manev
         Attachments: kafka-certificates-script.sh

When ssl.endpoint.identification.algorithm is set to HTTPS and I have san 
extension on my server certificate clients do not verify the servers's fully 
qualified domain name (FQDN) agains it.
Client certificate authentication works. With the following san extension - 
dns:some.thing.here I expect connection to fail, because according to  
 http://kafka.apache.org/documentation.html#security_ssl :
 "clients will verify the server's fully qualified domain name (FQDN) against 
one of the following two fields
Common Name (CN)
Subject Alternative Name (SAN)",
but messages are produced and consumed successfully.






--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to