You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Ray Chiang (JIRA)" <ji...@apache.org> on 2018/07/19 20:21:01 UTC
[jira] [Updated] (KAFKA-6097) Kafka
ssl.endpoint.identification.algorithm=HTTPS not working
[ https://issues.apache.org/jira/browse/KAFKA-6097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ray Chiang updated KAFKA-6097:
------------------------------
Component/s: security
> Kafka ssl.endpoint.identification.algorithm=HTTPS not working
> -------------------------------------------------------------
>
> Key: KAFKA-6097
> URL: https://issues.apache.org/jira/browse/KAFKA-6097
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Damyan Petev Manev
> Priority: Major
> Attachments: kafka-certificates-script.sh
>
>
> When ssl.endpoint.identification.algorithm is set to HTTPS and I have san extension on my server certificate clients do not verify the servers's fully qualified domain name (FQDN) agains it.
> Client certificate authentication works. With the following san extension - dns:some.thing.here I expect connection to fail, because according to
> http://kafka.apache.org/documentation.html#security_ssl :
> "clients will verify the server's fully qualified domain name (FQDN) against one of the following two fields
> Common Name (CN)
> Subject Alternative Name (SAN)",
> but messages are produced and consumed successfully.
> I am using kafka 0.10.2.1 command line tools.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)