[
https://issues.apache.org/jira/browse/KAFKA-8381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16844046#comment-16844046
]
ASF GitHub Bot commented on KAFKA-8381:
---------------------------------------
rajinisivaram commented on pull request #6757: KAFKA-8381; Disable hostname
validation when verifying inter-broker SSL
URL: https://github.com/apache/kafka/pull/6757
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> SSL factory for inter-broker listener is broken
> -----------------------------------------------
>
> Key: KAFKA-8381
> URL: https://issues.apache.org/jira/browse/KAFKA-8381
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 2.3.0
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Blocker
> Fix For: 2.3.0
>
>
> From a system test failure:
> {code}
> [2019-05-17 15:48:12,453] ERROR [KafkaServer id=1] Fatal error during
> KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.kafka.common.KafkaException:
> org.apache.kafka.common.config.ConfigException: Invalid value
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem for
> configuration A client SSLEngine created with the provided settings can't
> connect to a server SSLEngine created with those settings.
> at
> org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:162)
> at
> org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146)
> at
> org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:85)
> at kafka.network.Processor.<init>(SocketServer.scala:747)
> at kafka.network.SocketServer.newProcessor(SocketServer.scala:388)
> at
> kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:282)
> at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
> at
> kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:281)
> at
> kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:244)
> at
> kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:241)
> at
> scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
> at
> scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
> at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
> at
> kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:241)
> at kafka.network.SocketServer.startup(SocketServer.scala:120)
> at kafka.server.KafkaServer.startup(KafkaServer.scala:293)
> {code}
> Looks like the changes under
> https://github.com/apache/kafka/commit/0494cd329f3aaed94b3b46de0abe495f80faaedd
> added validation for inter-broker SSL factory with hostname verification
> enabled and `localhost` as the hostname. As a result, integration tests pass,
> but system tests fail.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
