Description

running producer with SSL config pointing to keystore fails

“_producerConfig.SslKeystoreLocation = {KEYSTORENAME}”; “_producerConfig.SslKeystorePassword = {KEYSTOREPASSWORD}”;

error msg: Error reading ssl.keystore.location PKCS#12 file: #\Test\keystore.p12: error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data

stack trace:

at Confluent.Kafka.Impl.SafeKafkaHandle.Create(RdKafkaType type, IntPtr config, IClient owner) at Confluent.Kafka.Producer2..ctor(ProducerBuilder2 builder) at Confluent.Kafka.ProducerBuilder`2.Build()

i dug a bit and see that this safehandle uses runtime lbrdkafka.dll to create the connection. on their site i see that to setup ssl they make no mention of using keystore, instead suggest using file location ssl.key

Exposing the client key in a file poses a serious security risk and cannot be used on production environment.

is loading the keystore supported?

How to reproduce

setup a simple kafka producer that points to a valid keystore with a valid certificate in producerconfig. run the application.

Checklist

Please provide the following information:

• A complete (i.e. we can run it), minimal program demonstrating the problem. No need to supply a project file.
• Confluent.Kafka nuget version.
• Apache Kafka version.
• Client configuration.
• [ win 10/2019 serv] Operating system.
• Provide logs (with “debug” : “…” as necessary in configuration).
• Provide broker log excerpts.
• [ x] Critical issue.