You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/03/12 14:25:00 UTC

[jira] [Commented] (KAFKA-9711) The authentication failure caused by SSLEngine#beginHandshake is not properly caught and handled

    [ https://issues.apache.org/jira/browse/KAFKA-9711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057962#comment-17057962 ] 

ASF GitHub Bot commented on KAFKA-9711:
---------------------------------------

chia7712 commented on pull request #8287: KAFKA-9711 The authentication failure caused by SSLEngine#beginHandsh…
URL: https://github.com/apache/kafka/pull/8287
 
 
   https://issues.apache.org/jira/browse/KAFKA-9711
   
   ```java
    @Override
       public void handshake() throws IOException {
           if (state == State.NOT_INITALIZED)
               startHandshake(); // this line
           if (ready())
               throw renegotiationException();
           if (state == State.CLOSING)
               throw closingException();
   ```
   
   SSLEngine#beginHandshake is possible to throw authentication failures (for example, no suitable cipher suites) so we ought to catch SSLException and then convert it to SslAuthenticationException so as to process authentication failures correctly.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> The authentication failure caused by SSLEngine#beginHandshake is not properly caught and handled
> ------------------------------------------------------------------------------------------------
>
>                 Key: KAFKA-9711
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9711
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Chia-Ping Tsai
>            Assignee: Chia-Ping Tsai
>            Priority: Major
>
> {code:java}
>     @Override
>     public void handshake() throws IOException {
>         if (state == State.NOT_INITALIZED)
>             startHandshake(); // this line
>         if (ready())
>             throw renegotiationException();
>         if (state == State.CLOSING)
>             throw closingException();
> {code}
> SSLEngine#beginHandshake is possible to throw authentication failures (for example, no suitable cipher suites) so we ought to catch SSLException and then convert it to SslAuthenticationException so as to process authentication failures correctly.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)