You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Rajini Sivaram (Jira)" <ji...@apache.org> on 2020/03/20 15:39:00 UTC
[jira] [Updated] (KAFKA-8381) SSL factory for inter-broker listener
is broken
[ https://issues.apache.org/jira/browse/KAFKA-8381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajini Sivaram updated KAFKA-8381:
----------------------------------
Affects Version/s: (was: 2.3.0)
Removed AffectedVersion=2.3.0 since this was fixed before the release and the issue wasn't in any released version.
> SSL factory for inter-broker listener is broken
> -----------------------------------------------
>
> Key: KAFKA-8381
> URL: https://issues.apache.org/jira/browse/KAFKA-8381
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Blocker
> Fix For: 2.3.0
>
>
> From a system test failure:
> {code}
> [2019-05-17 15:48:12,453] ERROR [KafkaServer id=1] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: General SSLEngine problem for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
> at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:162)
> at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146)
> at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:85)
> at kafka.network.Processor.<init>(SocketServer.scala:747)
> at kafka.network.SocketServer.newProcessor(SocketServer.scala:388)
> at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:282)
> at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
> at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:281)
> at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:244)
> at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:241)
> at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
> at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
> at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
> at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:241)
> at kafka.network.SocketServer.startup(SocketServer.scala:120)
> at kafka.server.KafkaServer.startup(KafkaServer.scala:293)
> {code}
> Looks like the changes under https://github.com/apache/kafka/commit/0494cd329f3aaed94b3b46de0abe495f80faaedd added validation for inter-broker SSL factory with hostname verification enabled and `localhost` as the hostname. As a result, integration tests pass, but system tests fail.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)