Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9711

The authentication failure caused by SSLEngine#beginHandshake is not properly caught and handled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: None
    • Labels:
      None

      Description

          @Override
          public void handshake() throws IOException {
              if (state == State.NOT_INITALIZED)
                  startHandshake(); // this line
              if (ready())
                  throw renegotiationException();
              if (state == State.CLOSING)
                  throw closingException();
      
      

      SSLEngine#beginHandshake is possible to throw authentication failures (for example, no suitable cipher suites) so we ought to catch SSLException and then convert it to SslAuthenticationException so as to process authentication failures correctly.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chia7712 Chia-Ping Tsai
                Reporter:
                chia7712 Chia-Ping Tsai
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: