[
https://issues.apache.org/jira/browse/KAFKA-4525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15860596#comment-15860596
]
ASF GitHub Bot commented on KAFKA-4525:
---------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/kafka/pull/2246
> Kafka should not require SSL trust store password
> -------------------------------------------------
>
> Key: KAFKA-4525
> URL: https://issues.apache.org/jira/browse/KAFKA-4525
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.0
> Reporter: Grant Henke
> Assignee: Grant Henke
>
> When configuring SSL for Kafka; If the truststore password is not set, Kafka
> fails to start with:
> {noformat}
> org.apache.kafka.common.KafkaException: SSL trust store is specified, but
> trust store password is not specified.
> at
> org.apache.kafka.common.security.ssl.SslFactory.createTruststore(SslFactory.java:195)
> at
> org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:115)
> {noformat}
> The truststore password is not required for read operations. When reading the
> truststore the password is used as an integrity check but not required.
> The risk of not providing a password is that someone could add a certificate
> into the store which you do not want to trust. The store should be protected
> first by the OS permissions. The password is an additional protection.
> Though this risk of trusting the OS permissions is one many may not want to
> take, its not a decision that Kafka should enforce or require.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
