You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Konstantine Karantasis (Jira)" <ji...@apache.org> on 2020/03/27 17:38:00 UTC
[jira] [Resolved] (KAFKA-9771) Inter-worker SSL is broken for
keystores with multiple certificates
[ https://issues.apache.org/jira/browse/KAFKA-9771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Konstantine Karantasis resolved KAFKA-9771.
-------------------------------------------
Resolution: Fixed
The fix was merged in `trunk` and the `2.5` release branch in time for the release of `2.5.0`
> Inter-worker SSL is broken for keystores with multiple certificates
> -------------------------------------------------------------------
>
> Key: KAFKA-9771
> URL: https://issues.apache.org/jira/browse/KAFKA-9771
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Blocker
>
> The recent bump in Jetty version causes inter-worker communication to fail in Connect when SSL is enabled and the keystore for the worker contains multiple certificates (which it might, in the case that SNI is enabled and the worker's REST interface is bound to multiple domain names). This is caused by [changes introduced in Jetty 9.4.23|https://github.com/eclipse/jetty.project/pull/4085], which are later [fixed in Jetty 9.4.25|https://github.com/eclipse/jetty.project/pull/4404].
> We recently tried and failed to [upgrade to Jetty 9.4.25|https://github.com/apache/kafka/pull/8183], so upgrading the Jetty version to fix this issue isn't a viable option. Additionally, the [earliest clean version of Jetty|https://www.eclipse.org/jetty/security-reports.html] (at the time of writing) with regards to CVEs is 9.4.24, so reverting to a pre-9.4.23 version is also not a viable option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)