You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Damyan Petev Manev (JIRA)" <ji...@apache.org> on 2017/10/20 15:31:00 UTC
[jira] [Created] (KAFKA-6097) Kafka
ssl.endpoint.identification.algorithm=HTTPS not working
Damyan Petev Manev created KAFKA-6097:
-----------------------------------------
Summary: Kafka ssl.endpoint.identification.algorithm=HTTPS not working
Key: KAFKA-6097
URL: https://issues.apache.org/jira/browse/KAFKA-6097
Project: Kafka
Issue Type: Bug
Reporter: Damyan Petev Manev
Attachments: kafka-certificates-script.sh
When ssl.endpoint.identification.algorithm is set to HTTPS and I have san extension on my server certificate clients do not verify the servers's fully qualified domain name (FQDN) agains it.
Client certificate authentication works. With the following san extension - dns:some.thing.here I expect connection to fail, because according to
http://kafka.apache.org/documentation.html#security_ssl :
"clients will verify the server's fully qualified domain name (FQDN) against one of the following two fields
Common Name (CN)
Subject Alternative Name (SAN)",
but messages are produced and consumed successfully.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)