[jira] [Created] (KAFKA-8381) SSL factory for inter-broker listener is broken

Fri, 17 May 2019 09:37:18 -0700 

Rajini Sivaram created KAFKA-8381:
-------------------------------------

             Summary: SSL factory for inter-broker listener is broken
                 Key: KAFKA-8381
                 URL: https://issues.apache.org/jira/browse/KAFKA-8381
             Project: Kafka
          Issue Type: Bug
          Components: security
    Affects Versions: 2.3.0
            Reporter: Rajini Sivaram
            Assignee: Rajini Sivaram
             Fix For: 2.3.0


>From a system test failure:

{code}
[2019-05-17 15:48:12,453] ERROR [KafkaServer id=1] Fatal error during 
KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: 
org.apache.kafka.common.config.ConfigException: Invalid value 
javax.net.ssl.SSLHandshakeException: General SSLEngine problem for 
configuration A client SSLEngine created with the provided settings can't 
connect to a server SSLEngine created with those settings.
        at 
org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:162)
        at 
org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146)
        at 
org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:85)
        at kafka.network.Processor.<init>(SocketServer.scala:747)
        at kafka.network.SocketServer.newProcessor(SocketServer.scala:388)
        at 
kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:282)
        at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
        at 
kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:281)
        at 
kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:244)
        at 
kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:241)
        at 
scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
        at 
scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
        at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
        at 
kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:241)
        at kafka.network.SocketServer.startup(SocketServer.scala:120)
        at kafka.server.KafkaServer.startup(KafkaServer.scala:293)
{code}

Looks like the changes under 
https://github.com/apache/kafka/commit/0494cd329f3aaed94b3b46de0abe495f80faaedd 
added validation for inter-broker SSL factory with hostname verification 
enabled and `localhost` as the hostname. As a result, integration tests pass, 
but system tests fail.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to