[
https://issues.apache.org/jira/browse/KAFKA-6097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16222556#comment-16222556
]
Damyan Petev Manev commented on KAFKA-6097:
-------------------------------------------
Yes, I am sure. Sending messages succeed, but It should not (according to
documentation).
Thanks for your attention.
> Kafka ssl.endpoint.identification.algorithm=HTTPS not working
> -------------------------------------------------------------
>
> Key: KAFKA-6097
> URL: https://issues.apache.org/jira/browse/KAFKA-6097
> Project: Kafka
> Issue Type: Bug
> Reporter: Damyan Petev Manev
> Attachments: kafka-certificates-script.sh
>
>
> When ssl.endpoint.identification.algorithm is set to HTTPS and I have san
> extension on my server certificate clients do not verify the servers's fully
> qualified domain name (FQDN) agains it.
> Client certificate authentication works. With the following san extension -
> dns:some.thing.here I expect connection to fail, because according to
> http://kafka.apache.org/documentation.html#security_ssl :
> "clients will verify the server's fully qualified domain name (FQDN) against
> one of the following two fields
> Common Name (CN)
> Subject Alternative Name (SAN)",
> but messages are produced and consumed successfully.
> I am using kafka 0.10.2.1 command line tools.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
