[
https://issues.apache.org/jira/browse/KAFKA-7505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16650102#comment-16650102
]
Rajini Sivaram commented on KAFKA-7505:
---------------------------------------
The stack trace shows that the client didn't see SSL handshake notification
from the broker when the broker failed handshake and then closed the connection.
The sequence with older versions where this succeeds:
# Client writes SSL handshake data
# Broker process handshake data from client, fails handshake
# Broker flushes handshake failure notification, waiting if necessary for flush
to complete
# Client reads data from broker, processes SSL handshake notification
# Client processes failure as an authentication exception
We see the same sequence with Java 11 most of the time, but sometimes it fails
because client is attempting to write more data to the broker (which is
possible with the TLS protocol). The sequence is:
# Client writes some SSL handshake data
# Broker process handshake data from client, fails handshake
# Broker flushes failure notification, waiting if necessary for flush to
complete
# Client attempts to write more data, fails with an I/O exception since broker
has closed the connection
# Client processes failure as an I/O exception
We guarantee that we never process an ordinary I/O exception as an
authentication exception, but we don't actually guarantee the reverse. The
tests however are strict because we want to try and handle all known
authentication failure scenarios. I will see if we can fix this scenario in our
implementation.
> Flaky test: SslTransportLayerTest.testListenerConfigOverride
> ------------------------------------------------------------
>
> Key: KAFKA-7505
> URL: https://issues.apache.org/jira/browse/KAFKA-7505
> Project: Kafka
> Issue Type: Bug
> Reporter: Ismael Juma
> Priority: Major
>
> This test seems to fail quite a bit recently. I've seen it happen with Java
> 11 quite a bit so it could be more likely to fail there.
> {code:java}
> java.lang.AssertionError: expected:<AUTHENTICATION_FAILED> but
> was:<AUTHENTICATE> at org.junit.Assert.fail(Assert.java:88) at
> org.junit.Assert.failNotEquals(Assert.java:834) at
> org.junit.Assert.assertEquals(Assert.java:118) at
> org.junit.Assert.assertEquals(Assert.java:144) at
> org.apache.kafka.common.network.NetworkTestUtils.waitForChannelClose(NetworkTestUtils.java:104)
> at
> org.apache.kafka.common.network.NetworkTestUtils.waitForChannelClose(NetworkTestUtils.java:109)
> at
> org.apache.kafka.common.network.SslTransportLayerTest.testListenerConfigOverride(SslTransportLayerTest.java:319){code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
