Jérémy LE BERRE created FLUME-3315:
--------------------------------------
Summary: [KafkaSink][KafkaSource] Impossible to disable hostname
verification with SSL enryption
Key: FLUME-3315
URL: https://issues.apache.org/jira/browse/FLUME-3315
Project: Flume
Issue Type: Bug
Components: Configuration, Sinks+Sources
Affects Versions: 1.9.0
Environment: Flume 1.9.0
Kafka 2.1.0
Reporter: Jérémy LE BERRE
The documentation says :
{quote}Note: By default the property {{ssl.endpoint.identification.algorithm}}
is not defined, so hostname verification is not performed. In order to enable
hostname verification, set the following properties
{code:java}
a1.sources.source1.kafka.consumer.ssl.endpoint.identification.algorithm=HTTPS{code}
{quote}
But with Flume *1.9.0* this is not true anymore because since Kafka 2.0.0
hostname verification is enable by default.
{quote}*+Notable changes in 2.0.0+*
...
The default value for {{ssl.endpoint.identification.algorithm}} was changed to
{{https}}, which performs hostname verification (man-in-the-middle attacks are
possible otherwise). Set {{ssl.endpoint.identification.algorithm}} to an empty
string to restore the previous behaviour.
{quote}
The problem is that it is impossible to disable hostname verification since
flume does not support empty values in configuration (cf
{{FlumeConfiguration.addRawProperty}})
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
