[ 
https://issues.apache.org/jira/browse/KAFKA-7505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16650102#comment-16650102
 ] 

Rajini Sivaram commented on KAFKA-7505:
---------------------------------------

The stack trace shows that the client didn't see SSL handshake notification 
from the broker when the broker failed handshake and then closed the connection.

The sequence with older versions where this succeeds:
# Client writes SSL handshake data
# Broker process handshake data from client, fails handshake
# Broker flushes handshake failure notification, waiting if necessary for flush 
to complete
# Client reads data from broker, processes SSL handshake notification
# Client processes failure as an authentication exception

We see the same sequence with Java 11 most of the time, but sometimes it fails 
because client is attempting to write more data to the broker (which is 
possible with the TLS protocol). The sequence is:
# Client writes some SSL handshake data
# Broker process handshake data from client, fails handshake
# Broker flushes failure notification, waiting if necessary for flush to 
complete
# Client attempts to write more data, fails with an I/O exception since broker 
has closed the connection
# Client processes failure as an I/O exception

We guarantee that we never process an ordinary I/O exception as an 
authentication exception, but we don't actually guarantee the reverse. The 
tests however are strict because we want to try and handle all known 
authentication failure scenarios. I will see if we can fix this scenario in our 
implementation.


> Flaky test: SslTransportLayerTest.testListenerConfigOverride
> ------------------------------------------------------------
>
>                 Key: KAFKA-7505
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7505
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Ismael Juma
>            Priority: Major
>
> This test seems to fail quite a bit recently. I've seen it happen with Java 
> 11 quite a bit so it could be more likely to fail there.
> {code:java}
> java.lang.AssertionError: expected:<AUTHENTICATION_FAILED> but 
> was:<AUTHENTICATE> at org.junit.Assert.fail(Assert.java:88) at 
> org.junit.Assert.failNotEquals(Assert.java:834) at 
> org.junit.Assert.assertEquals(Assert.java:118) at 
> org.junit.Assert.assertEquals(Assert.java:144) at 
> org.apache.kafka.common.network.NetworkTestUtils.waitForChannelClose(NetworkTestUtils.java:104)
>  at 
> org.apache.kafka.common.network.NetworkTestUtils.waitForChannelClose(NetworkTestUtils.java:109)
>  at 
> org.apache.kafka.common.network.SslTransportLayerTest.testListenerConfigOverride(SslTransportLayerTest.java:319){code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to