You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "raphael auv (Jira)" <ji...@apache.org> on 2021/04/08 17:56:00 UTC

[jira] [Updated] (KAFKA-12628) Enable dynamic update of client-side SSL in consumer or producer clients

     [ https://issues.apache.org/jira/browse/KAFKA-12628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

raphael auv updated KAFKA-12628:
--------------------------------
    Summary: Enable dynamic update of client-side SSL in consumer or producer clients  (was: SSL context is never re-evaluate by consumer or producer)

> Enable dynamic update of client-side SSL in consumer or producer clients
> ------------------------------------------------------------------------
>
>                 Key: KAFKA-12628
>                 URL: https://issues.apache.org/jira/browse/KAFKA-12628
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 2.7.0
>            Reporter: raphael auv
>            Priority: Major
>
> *SslChannelBuilder reconfigure is never call ->*
> [https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/network/SslChannelBuilder.java#L91]
> That mean that the SSL context ( keystore file or trustore file changes ) is never re-evaluate at run time of the consumer or producers.
> So the code checking if there is a new SSL context is never call
> [https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java#L121]
>  
>  
> how to reproduce: 
> delete or edit the keystore , consumer or producer do not detect the change.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)