You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Damyan Petev Manev (JIRA)" <ji...@apache.org> on 2017/10/20 15:31:00 UTC

[jira] [Created] (KAFKA-6097) Kafka ssl.endpoint.identification.algorithm=HTTPS not working

Damyan Petev Manev created KAFKA-6097:
-----------------------------------------

             Summary: Kafka ssl.endpoint.identification.algorithm=HTTPS not working
                 Key: KAFKA-6097
                 URL: https://issues.apache.org/jira/browse/KAFKA-6097
             Project: Kafka
          Issue Type: Bug
            Reporter: Damyan Petev Manev
         Attachments: kafka-certificates-script.sh

When ssl.endpoint.identification.algorithm is set to HTTPS and I have san extension on my server certificate clients do not verify the servers's fully qualified domain name (FQDN) agains it.
Client certificate authentication works. With the following san extension - dns:some.thing.here I expect connection to fail, because according to  
 http://kafka.apache.org/documentation.html#security_ssl :
 "clients will verify the server's fully qualified domain name (FQDN) against one of the following two fields
Common Name (CN)
Subject Alternative Name (SAN)",
but messages are produced and consumed successfully.






--
This message was sent by Atlassian JIRA
(v6.4.14#64029)