You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Ian McDonald (Jira)" <ji...@apache.org> on 2023/03/17 00:21:00 UTC

[jira] [Updated] (KAFKA-14816) Connect Http Client loading SSL data when security protocol doesn't include ssl

     [ https://issues.apache.org/jira/browse/KAFKA-14816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ian McDonald updated KAFKA-14816:
---------------------------------
    Summary: Connect Http Client loading SSL data when security protocol doesn't include ssl  (was: Connect Http Client )

> Connect Http Client loading SSL data when security protocol doesn't include ssl
> -------------------------------------------------------------------------------
>
>                 Key: KAFKA-14816
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14816
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>            Reporter: Ian McDonald
>            Priority: Trivial
>
> Due to changes made here: [https://github.com/apache/kafka/pull/12828]
> Connect now can load ssl configs from the worker into the rest client and use them even when the `security.protocol` is set to another protocol (sasl_plaintext, plaintext).  This could lead to unexpected behavior where one has moved to another security protocol, however has left their ssl properties, and upgraded versions.  This would lead to failure when creating connectors.
> In our testing environments - older versions without the linked changes pass with the following configuration, and newer versions with the changes fail:
> ```
> security.protocol = SASL_PLAINTEXT
> ...
> ssl.keystore.location = /mnt/security/test.keystore.jks
> ssl.keystore.password = [hidden]
> ssl.keystore.type = JKS
> ssl.protocol = TLSv1.2
> ```
> its important to note that the file - /mnt/security/test.keystore.jks, isnt generated for our non ssl tests, however these configs are still created
> this leads to a 500 response when hitting the create connector rest endpoint with the following error:
> ```
> {
>   "error_code":500,
>   "message":"Failed to start RestClient:
>   /mnt/security/test.keystore.jks is not a valid keystore"
>   }
> ```



--
This message was sent by Atlassian Jira
(v8.20.10#820010)