当使用较新版本SpringBoot时,对应的 kafka-client 版本也比较新,如果使用了 2.x 以上的 kafka-client ,并且配置了 kafka ssl 连接方式时,可能会报如下异常:
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? ..... org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem ..... Caused by: java.security.cert.CertificateException: No subject alternative names present ..... 2019-10-09 10:12:55.683 DEBUG 23524 --- [ main] o.s.kafka.core.KafkaTemplate : Failed to send: ProducerRecord .....
该原因是因为新版本 kafka-client 会校验证书的主机名,配置忽略主机名校验即可。
配置方法主要代码如下:
1 spring: 2 kafka: 3 properties: 4 ssl: 5 endpoint: 6 identification: 7 algorithm: ''
另附SpringBoot 使用 ssl 证书连接 kafka 完整配置如下:
1 ########## kafka ########## 2 spring: 3 kafka: 4 producer: 5 batch-size: 16384 6 retries: 1 7 buffer-memory: 33554432 8 bootstrap-servers: 192.168.1.100:9092 9 value-serializer: org.apache.kafka.common.serialization.StringSerializer 10 key-serializer: org.apache.kafka.common.serialization.StringSerializer 11 consumer: 12 group-id: test-group-001 13 auto-offset-reset: earliest 14 auto-commit-interval: 100 15 bootstrap-servers: 192.168.1.100:9092 16 value-deserializer: org.apache.kafka.common.serialization.StringDeserializer 17 key-deserializer: org.apache.kafka.common.serialization.StringDeserializer 18 enable-auto-commit: true 19 ssl: 20 protocol: SSL 21 trust-store-type: JKS 22 trust-store-location: file:D:/source-files/kafka/kafkatest.client.truststore.test.jks 23 trust-store-password: 123456 24 key-store-type: JKS 25 key-store-location: file:D:/source-files/kafka/kafkatest.client.keystore.test.jks 26 key-store-password: 123456 27 key-password: 123456 28 properties: 29 ssl: 30 endpoint: 31 identification: 32 algorithm: '' 33 security: 34 protocol: SSL
问题解决。