camel-kafka-connector icon indicating copy to clipboard operation
camel-kafka-connector copied to clipboard
verified publisher icon apache

Kafka Connect OpenSearch Sink: Hostname verification not supported

Open XLAQO opened this issue 1 year ago • 1 comments

Hi,

I am trying to configure OpenSearch Sink with SSL/TLS. When running the connector as a plugin for ConfluentPlatform's Kafka Connect I get error listed below. I wonder whether there is a way to disable hostname verification for this connector, since I do not see a dedicated configuration option like some other connectors have. I have tried disabling hostname verification for the Kafka-Connect and Kafka itself, but this doesn't help.

Thanks in advance!

[2024-09-11 23:42:40,905] ERROR Error encountered in task opensearch_sink_2-9. Executing stage 'TASK_PUT' with class 'org.apache.kafka.connect.sink.SinkTask'. (org.apache.kafka.connect.runtime.errors.LogReporter) org.apache.camel.CamelExchangeException: An error occurred while executing the action. Exchange[38FAE99A57E133A-0000000000000001]. Caused by: [java.util.concurrent.CompletionException - javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not match the certificate subject provided by the peer ([email protected], CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE)] at org.apache.camel.component.opensearch.OpensearchProducer.lambda$onComplete$3(OpensearchProducer.java:398) at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:863) at java.base/java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:841) at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510) at java.base/java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2194) at org.opensearch.client.transport.rest_client.RestClientTransport$1.onFailure(RestClientTransport.java:178) at org.opensearch.client.RestClient$FailureTrackingResponseListener.onDefinitiveFailure(RestClient.java:708) at org.opensearch.client.RestClient$1.failed(RestClient.java:451) at org.apache.http.concurrent.BasicFuture.failed(BasicFuture.java:137) at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.executionFailed(DefaultClientExchangeHandlerImpl.java:101) at org.apache.http.impl.nio.client.AbstractClientExchangeHandler.failed(AbstractClientExchangeHandler.java:432) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.exception(HttpAsyncRequestExecutor.java:163) at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:82) at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:40) at org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:156) at org.apache.http.impl.nio.reactor.BaseIOReactor.writable(BaseIOReactor.java:187) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:341) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591) at java.base/java.lang.Thread.run(Thread.java:1583) Caused by: java.util.concurrent.CompletionException: javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not match the certificate subject provided by the peer ([email protected], CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE) at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:332) at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:347) at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:636) ... 19 more Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not match the certificate subject provided by the peer ([email protected], CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE) at org.apache.http.nio.conn.ssl.SSLIOSessionStrategy.verifySession(SSLIOSessionStrategy.java:217) at org.apache.http.nio.conn.ssl.SSLIOSessionStrategy$1.verify(SSLIOSessionStrategy.java:197) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:373) at org.apache.http.nio.reactor.ssl.SSLIOSession.outboundTransport(SSLIOSession.java:594) at org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:154) ... 7 more

XLAQO avatar Sep 11 '24 23:09 XLAQO

Opened this https://issues.apache.org/jira/browse/CAMEL-21207 on camel core.

oscerd avatar Sep 12 '24 06:09 oscerd