You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is there SSL support for mock cluster?
I am working with the new proposed post quantum algorithms, and I am trying to use librdkafka and openssl as a use case.
I have successfully compiled librdkafka 2.0.2 with openquantum safe support:
$ ldd examples/rdkafka_example |grep local
libssl.so.1.1 => /usr/local/lib/libssl.so.1.1 (0x00007efd4a418000)
libcrypto.so.1.1 => /usr/local/lib/libcrypto.so.1.1 (0x00007efd4a120000)
liboqs.so.2 => /usr/local/lib/liboqs.so.2 (0x00007efd4937b000)
But when I launch the kcat (Version 1.7.1-11-gab6ce8) as a mock cluster, I see that it send a RST after the TLS Helo Client.
The mock cluster works great with plaintext, but it send RST when the openssl s_client tries to connect.
I have tried with RSA key-certificates, but it does not work: kcat -M 1 -X security.protocol=SSL -X ssl.ca.location=../openssl/container/demoCA/cacert.pem -X ssl.key.location=../openssl/container/server.key -X ssl.certificate.location=../openssl/container/server.pem -X debug=security %7|1678120509.975|OPENSSL|rdkafka#producer-1| [thrd:app]: Using OpenSSL version OpenSSL 1.1.1q 5 Jul 2022, Open Quantum Safe 2022-08 (0x1010111f, librdkafka built with 0x1010111f) %7|1678120509.976|SSL|rdkafka#producer-1| [thrd:app]: Loading CA certificate(s) from file ../openssl/container/demoCA/cacert.pem %7|1678120509.976|SSL|rdkafka#producer-1| [thrd:app]: Loading public key from file ../openssl/container/server.pem %7|1678120509.976|SSL|rdkafka#producer-1| [thrd:app]: Loading private key file from ../openssl/container/server.key %7|1678120509.977|INIT|rdkafka#producer-1| [thrd:app]: librdkafka v2.0.2 (0x20002ff) rdkafka#producer-1 initialized (builtin.features gzip,snappy,ssl,sasl,regex,lz4,sasl_plain,sasl_scram,plugins,sasl_oauthbearer,http,oidc, GCC GXX PKGCONFIG INSTALL GNULD LDS C11THREADS LIBDL PLUGINS ZLIB SSL CURL HDRHISTOGRAM SYSLOG SNAPPY SOCKEM SASL_SCRAM SASL_OAUTHBEARER OAUTHBEARER_OIDC CRC32C_HW, debug 0x200) %5|1678120509.977|CONFWARN|rdkafka#producer-1| [thrd:app]: No bootstrap.serversconfigured: client will not be able to connect to Kafka cluster % Mock cluster started with bootstrap.servers=127.0.0.1:34323 % Press Ctrl-C+Enter or Ctrl-D to terminate. BROKERS=127.0.0.1:34323 %1|1678120554.621|PROTOERR|rdkafka#producer-1| [thrd:mock]: mock:0/internal: Protocol parse failure for Unknown--32767? v1 at 8/12 (rd_kafka_mock_connection_read_request:914) (incorrect broker.version.fallback?) %1|1678120554.621|PROTOERR|rdkafka#producer-1| [thrd:mock]: mock:0/internal: Invalid ApiKey -32767 from 127.0.0.1:57022
Is there any plan for SSL/TLS server support in librdkafka?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Is there SSL support for mock cluster?
I am working with the new proposed post quantum algorithms, and I am trying to use librdkafka and openssl as a use case.
I have successfully compiled librdkafka 2.0.2 with openquantum safe support:
$ ldd examples/rdkafka_example |grep local
libssl.so.1.1 => /usr/local/lib/libssl.so.1.1 (0x00007efd4a418000)
libcrypto.so.1.1 => /usr/local/lib/libcrypto.so.1.1 (0x00007efd4a120000)
liboqs.so.2 => /usr/local/lib/liboqs.so.2 (0x00007efd4937b000)
But when I launch the kcat (Version 1.7.1-11-gab6ce8) as a mock cluster, I see that it send a RST after the TLS Helo Client.
The mock cluster works great with plaintext, but it send RST when the openssl s_client tries to connect.
I have tried with RSA key-certificates, but it does not work:
kcat -M 1 -X security.protocol=SSL -X ssl.ca.location=../openssl/container/demoCA/cacert.pem -X ssl.key.location=../openssl/container/server.key -X ssl.certificate.location=../openssl/container/server.pem -X debug=security %7|1678120509.975|OPENSSL|rdkafka#producer-1| [thrd:app]: Using OpenSSL version OpenSSL 1.1.1q 5 Jul 2022, Open Quantum Safe 2022-08 (0x1010111f, librdkafka built with 0x1010111f) %7|1678120509.976|SSL|rdkafka#producer-1| [thrd:app]: Loading CA certificate(s) from file ../openssl/container/demoCA/cacert.pem %7|1678120509.976|SSL|rdkafka#producer-1| [thrd:app]: Loading public key from file ../openssl/container/server.pem %7|1678120509.976|SSL|rdkafka#producer-1| [thrd:app]: Loading private key file from ../openssl/container/server.key %7|1678120509.977|INIT|rdkafka#producer-1| [thrd:app]: librdkafka v2.0.2 (0x20002ff) rdkafka#producer-1 initialized (builtin.features gzip,snappy,ssl,sasl,regex,lz4,sasl_plain,sasl_scram,plugins,sasl_oauthbearer,http,oidc, GCC GXX PKGCONFIG INSTALL GNULD LDS C11THREADS LIBDL PLUGINS ZLIB SSL CURL HDRHISTOGRAM SYSLOG SNAPPY SOCKEM SASL_SCRAM SASL_OAUTHBEARER OAUTHBEARER_OIDC CRC32C_HW, debug 0x200) %5|1678120509.977|CONFWARN|rdkafka#producer-1| [thrd:app]: Nobootstrap.serversconfigured: client will not be able to connect to Kafka cluster % Mock cluster started with bootstrap.servers=127.0.0.1:34323 % Press Ctrl-C+Enter or Ctrl-D to terminate. BROKERS=127.0.0.1:34323 %1|1678120554.621|PROTOERR|rdkafka#producer-1| [thrd:mock]: mock:0/internal: Protocol parse failure for Unknown--32767? v1 at 8/12 (rd_kafka_mock_connection_read_request:914) (incorrect broker.version.fallback?) %1|1678120554.621|PROTOERR|rdkafka#producer-1| [thrd:mock]: mock:0/internal: Invalid ApiKey -32767 from 127.0.0.1:57022Is there any plan for SSL/TLS server support in librdkafka?
Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions