[I] Kafka Connect OpenSearch Sink: Hostname verification issue [camel-kafka-connector]

[via GitHub]

XLAQO opened a new issue, #1667:
URL: https://github.com/apache/camel-kafka-connector/issues/1667

   Hi,
   
   I am trying to configure OpenSearch Sink with SSL/TLS. When running the 
connector in CP's Kafka Connect I get error listed below. I wonder whether 
there is a way to disable hostname verification for this connector. I have 
tried disabling hostname verification for the Kafka-Connect and Kafka itself, 
but this doesn't help.
   
   
   [2024-09-11 23:42:40,905] ERROR Error encountered in task 
opensearch_sink_2-9. Executing stage 'TASK_PUT' with class 
'org.apache.kafka.connect.sink.SinkTask'. 
(org.apache.kafka.connect.runtime.errors.LogReporter)
   org.apache.camel.CamelExchangeException: An error occurred while executing 
the action. Exchange[38FAE99A57E133A-0000000000000001]. Caused by: 
[java.util.concurrent.CompletionException - 
javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not 
match the certificate subject provided by the peer (EMAILADDRESS=t...@x.com, 
CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE)]
        at 
org.apache.camel.component.opensearch.OpensearchProducer.lambda$onComplete$3(OpensearchProducer.java:398)
        at 
java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:863)
        at 
java.base/java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:841)
        at 
java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
        at 
java.base/java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2194)
        at 
org.opensearch.client.transport.rest_client.RestClientTransport$1.onFailure(RestClientTransport.java:178)
        at 
org.opensearch.client.RestClient$FailureTrackingResponseListener.onDefinitiveFailure(RestClient.java:708)
        at org.opensearch.client.RestClient$1.failed(RestClient.java:451)
        at org.apache.http.concurrent.BasicFuture.failed(BasicFuture.java:137)
        at 
org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.executionFailed(DefaultClientExchangeHandlerImpl.java:101)
        at 
org.apache.http.impl.nio.client.AbstractClientExchangeHandler.failed(AbstractClientExchangeHandler.java:432)
        at 
org.apache.http.nio.protocol.HttpAsyncRequestExecutor.exception(HttpAsyncRequestExecutor.java:163)
        at 
org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:82)
        at 
org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:40)
        at 
org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:156)
        at 
org.apache.http.impl.nio.reactor.BaseIOReactor.writable(BaseIOReactor.java:187)
        at 
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:341)
        at 
org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
        at 
org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
        at 
org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
        at 
org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
        at java.base/java.lang.Thread.run(Thread.java:1583)
   Caused by: java.util.concurrent.CompletionException: 
javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not 
match the certificate subject provided by the peer (EMAILADDRESS=t...@x.com, 
CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE)
        at 
java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:332)
        at 
java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:347)
        at 
java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:636)
        ... 19 more
   Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' 
does not match the certificate subject provided by the peer 
(EMAILADDRESS=t...@x.com, CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE)
        at 
org.apache.http.nio.conn.ssl.SSLIOSessionStrategy.verifySession(SSLIOSessionStrategy.java:217)
        at 
org.apache.http.nio.conn.ssl.SSLIOSessionStrategy$1.verify(SSLIOSessionStrategy.java:197)
        at 
org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:373)
        at 
org.apache.http.nio.reactor.ssl.SSLIOSession.outboundTransport(SSLIOSession.java:594)
        at 
org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:154)
        ... 7 more
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org