You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "raphael auv (Jira)" <ji...@apache.org> on 2021/04/08 17:56:00 UTC
[jira] [Updated] (KAFKA-12628) Enable dynamic update of client-side
SSL in consumer or producer clients
[ https://issues.apache.org/jira/browse/KAFKA-12628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
raphael auv updated KAFKA-12628:
--------------------------------
Summary: Enable dynamic update of client-side SSL in consumer or producer clients (was: SSL context is never re-evaluate by consumer or producer)
> Enable dynamic update of client-side SSL in consumer or producer clients
> ------------------------------------------------------------------------
>
> Key: KAFKA-12628
> URL: https://issues.apache.org/jira/browse/KAFKA-12628
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 2.7.0
> Reporter: raphael auv
> Priority: Major
>
> *SslChannelBuilder reconfigure is never call ->*
> [https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/network/SslChannelBuilder.java#L91]
> That mean that the SSL context ( keystore file or trustore file changes ) is never re-evaluate at run time of the consumer or producers.
> So the code checking if there is a new SSL context is never call
> [https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java#L121]
>
>
> how to reproduce:
> delete or edit the keystore , consumer or producer do not detect the change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)