[
https://issues.apache.org/jira/browse/KAFKA-14816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ian McDonald updated KAFKA-14816:
---------------------------------
Summary: Connect Http Client loading SSL configs when security protocol
doesn't include ssl (was: Connect Http Client loading SSL data when security
protocol doesn't include ssl)
> Connect Http Client loading SSL configs when security protocol doesn't
> include ssl
> ----------------------------------------------------------------------------------
>
> Key: KAFKA-14816
> URL: https://issues.apache.org/jira/browse/KAFKA-14816
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Ian McDonald
> Priority: Trivial
>
> Due to changes made here: [https://github.com/apache/kafka/pull/12828]
> Connect now can load ssl configs from the worker into the rest client and use
> them even when the `security.protocol` is set to another protocol
> (sasl_plaintext, plaintext). This could lead to unexpected behavior where
> one has moved to another security protocol, however has left their ssl
> properties, and upgraded versions. This would lead to failure when creating
> connectors.
> In our testing environments - older versions without the linked changes pass
> with the following configuration, and newer versions with the changes fail:
> ```
> security.protocol = SASL_PLAINTEXT
> ...
> ssl.keystore.location = /mnt/security/test.keystore.jks
> ssl.keystore.password = [hidden]
> ssl.keystore.type = JKS
> ssl.protocol = TLSv1.2
> ```
> its important to note that the file - /mnt/security/test.keystore.jks, isnt
> generated for our non ssl tests, however these configs are still created
> this leads to a 500 response when hitting the create connector rest endpoint
> with the following error:
> ```
> {
> "error_code":500,
> "message":"Failed to start RestClient:
> /mnt/security/test.keystore.jks is not a valid keystore"
> }
> ```
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
