Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-10666

Kafka doesn't use keystore / key / truststore passwords for named SSL connections

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.5.0, 2.6.0
    • Fix Version/s: None
    • Component/s: admin
    • Labels:
      None
    • Environment:
      kafka in an openjdk-11 docker container, the client java application is in an alpine container. zookeeper in a separate container.

      Description

      When configuring named listener SSL connections with ssl key and keystore with passwords including listener.name.ourname.ssl.key.password, listener.name.ourname.ssl.keystore.password, and listener.name.ourname.ssl.truststore.password via via the AdminClient the settings are not used and the setting is not accepted if the default ssl.key.password or ssl.keystore.password are not set.  We configure all keystore and truststore values for the named listener in a single batch using incrementalAlterConfigs. Additionally, when ssl.keystore.password is set to the value of our keystore password the keystore is loaded for SSL communication without issue, however if ssl.keystore.password is incorrect and listener.name.ourname.keystore.password is correct, we are unable to load the keystore with bad password errors.  It appears that only the default ssl.xxx.password settings are used. This setting is immutable as when we attempt to set it we get an error indicating that the listener.name. setting can be set. 

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              pfjason Jason
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: