You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Ray Chiang (JIRA)" <ji...@apache.org> on 2018/07/19 20:21:01 UTC

[jira] [Updated] (KAFKA-6097) Kafka ssl.endpoint.identification.algorithm=HTTPS not working

     [ https://issues.apache.org/jira/browse/KAFKA-6097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ray Chiang updated KAFKA-6097:
------------------------------
    Component/s: security

> Kafka ssl.endpoint.identification.algorithm=HTTPS not working
> -------------------------------------------------------------
>
>                 Key: KAFKA-6097
>                 URL: https://issues.apache.org/jira/browse/KAFKA-6097
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>            Reporter: Damyan Petev Manev
>            Priority: Major
>         Attachments: kafka-certificates-script.sh
>
>
> When ssl.endpoint.identification.algorithm is set to HTTPS and I have san extension on my server certificate clients do not verify the servers's fully qualified domain name (FQDN) agains it.
> Client certificate authentication works. With the following san extension - dns:some.thing.here I expect connection to fail, because according to  
>  http://kafka.apache.org/documentation.html#security_ssl :
>  "clients will verify the server's fully qualified domain name (FQDN) against one of the following two fields
> Common Name (CN)
> Subject Alternative Name (SAN)",
> but messages are produced and consumed successfully.
> I am using kafka 0.10.2.1 command line tools. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)