You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Jason (Jira)" <ji...@apache.org> on 2020/10/30 20:42:00 UTC
[jira] [Created] (KAFKA-10666) Kafka doesn't used keystore / key /
truststore passwords for named SSL connections
Jason created KAFKA-10666:
-----------------------------
Summary: Kafka doesn't used keystore / key / truststore passwords for named SSL connections
Key: KAFKA-10666
URL: https://issues.apache.org/jira/browse/KAFKA-10666
Project: Kafka
Issue Type: Bug
Components: admin
Affects Versions: 2.6.0, 2.5.0
Environment: kafka in an openjdk-11 docker container, the client java application is in an alpine container. zookeeper in a separate container.
Reporter: Jason
When configuring named listener SSL connections with ssl key and keystore with passwords including listener.name.ourname.ssl.key.password, listener.name.ourname.ssl.keystore.password, and listener.name.ourname.ssl.truststore.password via via the AdminClient the settings are not used and the setting is not accepted if the default ssl.key.password or ssl.keystore.password are not set. We configure all keystore and truststore values for the named listener in a single batch using incrementalAlterConfigs. Additionally, when ssl.keystore.password is set to the value of our keystore password the keystore is loaded for SSL communication without issue, however if ssl.keystore.password is incorrect and listener.name.ourname.keystore.password is correct, we are unable to load the keystore with bad password errors. It appears that only the default ssl.xxx.password settings are used. This setting is immutable as when we attempt to set it we get an error indicating that the listener.name. setting can be set.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)