Hello, I would like to know if there have been any changes related to Extended Key Usage (EKU) in SSL certificates starting from Apache Kafka version 3.3.2. Recently, I attempted to upgrade from version 3.3.1 to 3.3.2, but encountered the following error: "ERROR [BrokerServer id=1] Fatal error during broker startup. Prepare to shutdown (kafka.server.BrokerServer) org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: Extended key usage does not permit use for TLS client authentication for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings."
The current certificate I’m using for SSL has EKU set to serverAuth only (no clientAuth). While this certificate works without issues in Kafka version 3.3.1, it triggers above error in version 3.3.2. Is having EKU configured for both serverAuth and clientAuth mandatory in certificates for Kafka version 3.3.2 and later? I checked the release notes but couldn't find any details regarding changes in certificate EKU requirements. Could you clarify this? Regards, Tushar Patil.
