[FLUME-3315] [KafkaSink][KafkaSource] Impossible to disable hostname verification with SSL enryption - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.0
Fix Version/s: 1.11.0
Component/s: Configuration, Sinks+Sources
Labels:
None
Environment:

Flume 1.9.0

Kafka 2.1.0

Description

The documentation says :

Note: By default the property ssl.endpoint.identification.algorithm is not defined, so hostname verification is not performed. In order to enable hostname verification, set the following properties
a1.sources.source1.kafka.consumer.ssl.endpoint.identification.algorithm=HTTPS

But with Flume 1.9.0 this is not true anymore because since Kafka 2.0.0 hostname verification is enable by default.

Notable changes in 2.0.0
...
The default value for ssl.endpoint.identification.algorithm was changed to https, which performs hostname verification (man-in-the-middle attacks are possible otherwise). Set ssl.endpoint.identification.algorithm to an empty string to restore the previous behaviour.

The problem is that it is impossible to disable hostname verification since flume does not support empty values in configuration (cf FlumeConfiguration.addRawProperty)

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jérémy LE BERRE

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Jan/19 14:46

Updated:: 09/Oct/22 23:24

Resolved:: 09/Oct/22 23:24

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

4h 10m