You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Ian McDonald (Jira)" <ji...@apache.org> on 2023/03/17 00:16:00 UTC

[jira] [Created] (KAFKA-14816) Connect Http Client

Ian McDonald created KAFKA-14816:
------------------------------------

             Summary: Connect Http Client 
                 Key: KAFKA-14816
                 URL: https://issues.apache.org/jira/browse/KAFKA-14816
             Project: Kafka
          Issue Type: Bug
          Components: KafkaConnect
            Reporter: Ian McDonald


Due to changes made here: [https://github.com/apache/kafka/pull/12828]
Connect now can load ssl configs from the worker into the rest client and use them even when the `security.protocol` is set to another protocol (sasl_plaintext, plaintext).  This could lead to unexpected behavior where one has moved to another security protocol, however has left their ssl properties, and upgraded versions.  This would lead to failure when creating connectors.

In our testing environments - older versions without the linked changes pass with the following configuration, and newer versions with the changes fail:
```
security.protocol = SASL_PLAINTEXT
...
ssl.keystore.location = /mnt/security/test.keystore.jks
ssl.keystore.password = [hidden]
ssl.keystore.type = JKS
ssl.protocol = TLSv1.2
```
its important to note that the file - /mnt/security/test.keystore.jks, isnt generated for our non ssl tests, however these configs are still created

this leads to a 500 response when hitting the create connector rest endpoint with the following error:
```
{
  "error_code":500,
  "message":"Failed to start RestClient:
  /mnt/security/test.keystore.jks is not a valid keystore"
  }
```



--
This message was sent by Atlassian Jira
(v8.20.10#820010)