aiokafka icon indicating copy to clipboard operation
aiokafka copied to clipboard

Published 20 hours ago verified publisher icon aio-libs

Add support to disable hostname matching

Open sid-maddy opened this issue 3 years ago • 1 comments

Describe the solution you'd like The ability to set ssl_check_hostname in addition to the ssl_context.

Additional context kafka-python's KafkaConsumer supports this parameter to be able to disable whether the SSL/TLS handshake should verify that the certificate matches the broker's hostname.

Now, I know this opens up the possibility for man-in-the-middle attacks (as mentioned even in the Python docs for loop.create_connection), but would you consider adding the option to support this?

sid-maddy avatar Aug 24 '22 21:08 sid-maddy

we had this in our dev setup and went in for this to tackle it:

from aiokafka.helpers import create_ssl_context
ssl_context = create_ssl_context()
ssl_context.check_hostname = False
kafka_producer = AIOKafkaProducer(
  bootstrap_servers=kafka_servers,
  security_protocol="SSL",
  ssl_context=ssl_context)

mikhailadvani avatar Aug 31 '22 14:08 mikhailadvani