[
https://issues.apache.org/jira/browse/KAFKA-9771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konstantine Karantasis resolved KAFKA-9771.
-------------------------------------------
Resolution: Fixed
The fix was merged in `trunk` and the `2.5` release branch in time for the
release of `2.5.0`
> Inter-worker SSL is broken for keystores with multiple certificates
> -------------------------------------------------------------------
>
> Key: KAFKA-9771
> URL: https://issues.apache.org/jira/browse/KAFKA-9771
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Blocker
>
> The recent bump in Jetty version causes inter-worker communication to fail in
> Connect when SSL is enabled and the keystore for the worker contains multiple
> certificates (which it might, in the case that SNI is enabled and the
> worker's REST interface is bound to multiple domain names). This is caused by
> [changes introduced in Jetty
> 9.4.23|https://github.com/eclipse/jetty.project/pull/4085], which are later
> [fixed in Jetty 9.4.25|https://github.com/eclipse/jetty.project/pull/4404].
> We recently tried and failed to [upgrade to Jetty
> 9.4.25|https://github.com/apache/kafka/pull/8183], so upgrading the Jetty
> version to fix this issue isn't a viable option. Additionally, the [earliest
> clean version of Jetty|https://www.eclipse.org/jetty/security-reports.html]
> (at the time of writing) with regards to CVEs is 9.4.24, so reverting to a
> pre-9.4.23 version is also not a viable option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
