Giter VIP home page Giter VIP logo

Comments (1)

John-LiuJ avatar John-LiuJ commented on August 15, 2024

消息队列 kafka 使用 go SDK 的 confluent 客户端,通过 sasl_ssl 连接 kafka,想在 docker 中运行,但是验证证书看起来有问题【证书文件用的时 demo/conf 内 ca-cert.pem 文件】。

dockerfile 如下:
FROM golang:1.16 as builder
RUN apt-get install gcc && apt-get install ca-certificates
RUN go env -w GOPROXY="https://goproxy.cn,direct"
WORKDIR /opt/kafka
COPY . .
RUN go mod tidy
RUN go build
ENTRYPOINT ["./kafka"]

日志如下:
init kafka producer, it may take a few seconds to init the connection
init kafka producer success
HTTP server Start :7070
%3|1641796736.273|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 78ms in state SSL_HANDSHAKE)
%3|1641796737.008|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 44ms in state SSL_HANDSHAKE, 1 identical error(s) suppressed)

日志提醒两个问题 ssl.ca.location is correctly configured or root CA certificates are installed。 确认证书路径没有问题;

ca-certificates如下:
apt-get install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20200601~deb10u2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

帮看下还有什么会导致这个错误,谢谢

添加这行代码
kafkaconf.SetKey("enable.ssl.certificate.verification", "false")
在配置里面关闭hostname校验即可

from aliware-kafka-demos.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.