[
https://issues.apache.org/jira/browse/KAFKA-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17224605#comment-17224605
]
lqjacklee commented on KAFKA-10666:
-----------------------------------
[~pfjason] checked the code. we just load the configuration from the static
key.
> Kafka doesn't use keystore / key / truststore passwords for named SSL
> connections
> ---------------------------------------------------------------------------------
>
> Key: KAFKA-10666
> URL: https://issues.apache.org/jira/browse/KAFKA-10666
> Project: Kafka
> Issue Type: Bug
> Components: admin
> Affects Versions: 2.5.0, 2.6.0
> Environment: kafka in an openjdk-11 docker container, the client java
> application is in an alpine container. zookeeper in a separate container.
> Reporter: Jason
> Priority: Minor
>
> When configuring named listener SSL connections with ssl key and keystore
> with passwords including listener.name.ourname.ssl.key.password,
> listener.name.ourname.ssl.keystore.password, and
> listener.name.ourname.ssl.truststore.password via via the AdminClient the
> settings are not used and the setting is not accepted if the default
> ssl.key.password or ssl.keystore.password are not set. We configure all
> keystore and truststore values for the named listener in a single batch using
> incrementalAlterConfigs. Additionally, when ssl.keystore.password is set to
> the value of our keystore password the keystore is loaded for SSL
> communication without issue, however if ssl.keystore.password is incorrect
> and listener.name.ourname.keystore.password is correct, we are unable to load
> the keystore with bad password errors. It appears that only the default
> ssl.xxx.password settings are used. This setting is immutable as when we
> attempt to set it we get an error indicating that the listener.name. setting
> can be set.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
