Use -tls to enable 1-way TLS (no client authentication)
#110
Conversation
|
didn't realize how long this has been idle... |
|
@dangogh hi there - sorry for the delay, i focused on family for the past 2.5 years, but have been resuming github work since yesterday. give me a few days and i'll get back to you on this. |
|
No need to apologize -- family **should** come first! I did find a fork
with much more recent activity and submitted related changes there:
heetch#24
It does look like they've done quite a bit of cleanup to get rid of some
duplicate code which made this change somewhat easier...
…-dan
On Tue, Mar 10, 2020 at 7:45 AM Felix Geller ***@***.***> wrote:
@dangogh <https://github.com/dangogh> hi there - sorry for the delay, i
focused on family for the past 2.5 years, but have been resuming github
work since yesterday. give me a few days and i'll get back to you on this.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#110?email_source=notifications&email_token=AAAVXHXJJWJZVINORZTIJLDRGY76HA5CNFSM4LEPWI22YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOLOZUQ#issuecomment-597093586>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAVXHU5MTWDFE7VLXSY5BDRGY76HANCNFSM4LEPWI2Q>
.
|
|
hi @dangogh -- if i get this right, than all you're trying to setup is an empty tls config that somehow enables 1-way tls with kafka? mind testing it if i add that to the current setup? |
|
i'm about to cut a release and was wondering if i should include this change - but i've made some changes to the way auth works with kt so i'd be happy to add these changes, just need a tester 😁 |
|
@fgeller yes -- an empty tls.Config tells it to connect to the server using TLS, but not require the server to verify the client. I have tested this change with my environment and it works well. I think this ought to be included.. |
|
@dangogh |
|
not sure I'll be able to get to it today or tomorrow w/ work targets, but I'll try to get to it when I can.. |
|
fair enough! i'll cut the release optimistically then -- assuming this doesn't break any functionality for anyone else. please let me know if you do run into any issues once you get around to testing it 👍 thanks again for your patience! i'll close this pr, adding the above commit was easier for me - i hope that's ok |
|
works for me! thanks!
…On Mon, Mar 16, 2020 at 10:20 AM Felix Geller ***@***.***> wrote:
fair enough! i'll cut the release optimistically then -- assuming this
doesn't break any functionality for anyone else. please let me know if you
do run into any issues once you get around to testing it 👍
thanks again for your patience! i'll close this pr, adding the above
commit was easier for me - i hope that's ok
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#110 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAVXHRNBQGYHRRELY3XOPTRHZGTTANCNFSM4LEPWI2Q>
.
|
This fixes #109 by adding a
-tlsoption to indicate to use tls for authentication to the kafka server without also requiring mutual authentication between server and client.