|
当使用较新版本SpringBoot时,对应的 kafka-client 版本也比较新,如果使用了 2.x 以上的 kafka-client ,并且配置了 kafka ssl 连接方式时,可能会报如下异常:
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
.....
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
.....
Caused by: java.security.cert.CertificateException: No subject alternative names present
.....
2019-10-09 10:12:55.683 DEBUG 23524 --- [ main] o.s.kafka.core.KafkaTemplate : Failed to send: ProducerRecord
.....
该原因是因为新版本 kafka-client 会校验证书的主机名,配置忽略主机名校验即可。
配置方法主要代码如下:
1 spring:
2 kafka:
3 properties:
4 ssl:
5 endpoint:
6 identification:
7 algorithm: ''
另附SpringBoot 使用 ssl 证书连接 kafka 完整配置如下:
1 ########## kafka ##########
2 spring:
3 kafka:
4 producer:
5 batch-size: 16384
6 retries: 1
7 buffer-memory: 33554432
8 bootstrap-servers: 192.168.1.100:9092
9 value-serializer: org.apache.kafka.common.serialization.StringSerializer
10 key-serializer: org.apache.kafka.common.serialization.StringSerializer
11 consumer:
12 group-id: test-group-001
13 auto-offset-reset: earliest
14 auto-commit-interval: 100
15 bootstrap-servers: 192.168.1.100:9092
16 value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
17 key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
18 enable-auto-commit: true
19 ssl:
20 protocol: SSL
21 trust-store-type: JKS
22 trust-store-location: file:D:/source-files/kafka/kafkatest.client.truststore.test.jks
23 trust-store-password: 123456
24 key-store-type: JKS
25 key-store-location: file:D:/source-files/kafka/kafkatest.client.keystore.test.jks
26 key-store-password: 123456
27 key-password: 123456
28 properties:
29 ssl:
30 endpoint:
31 identification:
32 algorithm: ''
33 security:
34 protocol: SSL
问题解决。
| 
|手机版|小黑屋|Java自学者论坛
( 声明:本站文章及资料整理自互联网,用于Java自学者交流学习使用,对资料版权不负任何法律责任,若有侵权请及时联系客服屏蔽删除 )
发表于 2021-5-11 16:35:07