[ https://issues.apache.org/jira/browse/KAFKA-9711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057962#comment-17057962 ]
ASF GitHub Bot commented on KAFKA-9711: --------------------------------------- chia7712 commented on pull request #8287: KAFKA-9711 The authentication failure caused by SSLEngine#beginHandsh… URL: https://github.com/apache/kafka/pull/8287 https://issues.apache.org/jira/browse/KAFKA-9711 ```java @Override public void handshake() throws IOException { if (state == State.NOT_INITALIZED) startHandshake(); // this line if (ready()) throw renegotiationException(); if (state == State.CLOSING) throw closingException(); ``` SSLEngine#beginHandshake is possible to throw authentication failures (for example, no suitable cipher suites) so we ought to catch SSLException and then convert it to SslAuthenticationException so as to process authentication failures correctly. ### Committer Checklist (excluded from commit message) - [ ] Verify design and implementation - [ ] Verify test coverage and CI build status - [ ] Verify documentation (including upgrade notes) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > The authentication failure caused by SSLEngine#beginHandshake is not properly > caught and handled > ------------------------------------------------------------------------------------------------ > > Key: KAFKA-9711 > URL: https://issues.apache.org/jira/browse/KAFKA-9711 > Project: Kafka > Issue Type: Bug > Reporter: Chia-Ping Tsai > Assignee: Chia-Ping Tsai > Priority: Major > > {code:java} > @Override > public void handshake() throws IOException { > if (state == State.NOT_INITALIZED) > startHandshake(); // this line > if (ready()) > throw renegotiationException(); > if (state == State.CLOSING) > throw closingException(); > {code} > SSLEngine#beginHandshake is possible to throw authentication failures (for > example, no suitable cipher suites) so we ought to catch SSLException and > then convert it to SslAuthenticationException so as to process authentication > failures correctly. -- This message was sent by Atlassian Jira (v8.3.4#803005)