cp-docker-images
cp-docker-images copied to clipboard
confluentinc
Always require truststore when using TLS.
A truststore isn't just needed for TLS client auth, you'll always need a truststore for TLS to work if you're using self-signed certs. E.g: without the truststore settings interbroker communication over TLS won't work. This results in PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target errors due to missing CA certs. Hence you'll need a truststore.
UPDATE: looks like #611 has the same request.
It looks like @rkettelerij hasn't signed our Contributor License Agreement, yet.
The purpose of a CLA is to ensure that the guardian of a project's outputs has the necessary ownership or grants of rights over all contributions to allow them to distribute under the chosen licence. Wikipedia
You can read and sign our full Contributor License Agreement here.
Once you've signed reply with [clabot:check] to prove it.
Appreciation of efforts,
clabot
It looks like @rkettelerij hasn't signed our Contributor License Agreement, yet.
The purpose of a CLA is to ensure that the guardian of a project's outputs has the necessary ownership or grants of rights over all contributions to allow them to distribute under the chosen licence. Wikipedia
You can read and sign our full Contributor License Agreement here.
Once you've signed reply with [clabot:check] to prove it.
Appreciation of efforts,
clabot
@confluentinc It looks like @rkettelerij just signed our Contributor License Agreement. :+1:
Always at your service,
clabot
I can't believe this is still open. Funny enough, this is a regression. Like five years ago, the code looked exactly like you are proposing in this PR.
Fortunately, the issue can easily be workarounded by using the variable KAFKA_SSL_TRUSTSTORE_LOCATION directly instead of KAFKA_SSL_TRUSTSTORE_FILENAME. Just make sure that your advertised listeners do not contain the word SSL and the problematic code won't be executed.
