Damyan Petev Manev created KAFKA-6097: -----------------------------------------
Summary: Kafka ssl.endpoint.identification.algorithm=HTTPS not working Key: KAFKA-6097 URL: https://issues.apache.org/jira/browse/KAFKA-6097 Project: Kafka Issue Type: Bug Reporter: Damyan Petev Manev Attachments: kafka-certificates-script.sh When ssl.endpoint.identification.algorithm is set to HTTPS and I have san extension on my server certificate clients do not verify the servers's fully qualified domain name (FQDN) agains it. Client certificate authentication works. With the following san extension - dns:some.thing.here I expect connection to fail, because according to http://kafka.apache.org/documentation.html#security_ssl : "clients will verify the server's fully qualified domain name (FQDN) against one of the following two fields Common Name (CN) Subject Alternative Name (SAN)", but messages are produced and consumed successfully. -- This message was sent by Atlassian JIRA (v6.4.14#64029)