Description

Following some more poking, this appears to be a regression with 1.8.0. I’ve gone to Confluent.Kafka 1.6.3 and 1.7.0 and the same code works without changes and I can push messages. As soon as I push to 1.8.0, I get the “no OPENSSL_AppLink” error, which remains through 1.8.1 and 1.8.2. Original report follows:

I am trying to write a piece of C# that can authenticate with a client certificate to a test kafka instance. On running the code, I get the following error when calling ProducerBuilder(), and the code immediately terminates (doesn’t even throw an exception):

OPENSSL_Uplink(00007FF9C9C78D30,08): no OPENSSL_Applink

No errors or messages appear in the Kafka server logs.

If I comment out the lines that set the certificate (i.e., remove the config for SslKeystoreLocation and both passwords), then the error doesn’t occur (but I don’t authenticate either as the Kafka server is configured for mutual authentication), and I do see an “Failed authentication with /10.168.84.10 (SSL handshake failed)” error message in the Kafka logs, so the server is reachable.

Client machine is Windows 10 20H2, C# code is built against .Net Core 3.1. Confluent.Kafka version 1.8.2 Server machine is Linux (Ubuntu 21.04) running Kafka 2.13

C# code: Program.txt

How to reproduce

Execute the code in the attachment (having configured BootstrapServers and a suitable PKCS#12 certificate and password) against a Kafka configured for TLS authentication.

Checklist

Please provide the following information:

• A complete (i.e. we can run it), minimal program demonstrating the problem. No need to supply a project file.
• Confluent.Kafka nuget version.
• Apache Kafka version.
• Client configuration.
• Operating system.
• Provide logs (with “debug” : “…” as necessary in configuration).
• Provide broker log excerpts. [Reporter note – There are no log entries created server-side, so no log included]