[jira] [Updated] (KAFKA-12628) SSL context is never re-evaluate by consumer or producer

raphael auv (Jira) Wed, 07 Apr 2021 09:35:03 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-12628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


raphael auv updated KAFKA-12628:
--------------------------------
    Description: 
*SslChannelBuilder reconfigure is never call ->*

[https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/network/SslChannelBuilder.java#L91]

That mean that the SSL context ( keystore file or trustore file changes ) is 
never re-evaluate at run time of the consumer or producers.

So the code checking if there is a new SSL context is never call

[https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java#L121]

 

 

how to reproduce: 

delete or edit the keystore , consumer or producer do not detect the change.

  was:
*SslChannelBuilder reconfigure is never call ->*

[https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/network/SslChannelBuilder.java#L91]

That mean that the SSL context ( keystore file or trustore file changes ) is 
never re-evaluate at run time of the consumer or producers.

So the code checking if there is a new SSL context is never call

[https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java#L121]


> SSL context is never re-evaluate by consumer or producer
> --------------------------------------------------------
>
>                 Key: KAFKA-12628
>                 URL: https://issues.apache.org/jira/browse/KAFKA-12628
>             Project: Kafka
>          Issue Type: Improvement
>    Affects Versions: 2.7.0
>            Reporter: raphael auv
>            Priority: Major
>
> *SslChannelBuilder reconfigure is never call ->*
> [https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/network/SslChannelBuilder.java#L91]
> That mean that the SSL context ( keystore file or trustore file changes ) is 
> never re-evaluate at run time of the consumer or producers.
> So the code checking if there is a new SSL context is never call
> [https://github.com/apache/kafka/blob/fe1804370680b965a68fdd2978e2afa450daafe4/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java#L121]
>  
>  
> how to reproduce: 
> delete or edit the keystore , consumer or producer do not detect the change.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KAFKA-12628) SSL context is never re-evaluate by consumer or producer

Reply via email to