使用docker起go sdk的一个producer，返回证书验证失败的错误

AliwareMQ / aliware-kafka-demos

提供各种客户端接入阿里云消息队列 Kafka 的demo工程(Provide a demo project for various clients to access Alibaba Cloud message queue Kafka)

408 stars 215 forks source link

消息队列 kafka 使用 go SDK 的 confluent 客户端，通过 sasl_ssl 连接 kafka，想在 docker 中运行，但是验证证书看起来有问题【证书文件用的时 demo/conf 内 ca-cert.pem 文件】。

dockerfile 如下： FROM golang:1.16 as builder RUN apt-get install gcc && apt-get install ca-certificates RUN go env -w GOPROXY="https://goproxy.cn,direct" WORKDIR /opt/kafka COPY . . RUN go mod tidy RUN go build ENTRYPOINT ["./kafka"]

日志如下： init kafka producer, it may take a few seconds to init the connection init kafka producer success HTTP server Start :7070 %3|1641796736.273|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 78ms in state SSL_HANDSHAKE) %3|1641796737.008|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 44ms in state SSL_HANDSHAKE, 1 identical error(s) suppressed)

日志提醒两个问题 ssl.ca.location is correctly configured or root CA certificates are installed。确认证书路径没有问题；

ca-certificates如下： apt-get install ca-certificates Reading package lists... Done Building dependency tree Reading state information... Done ca-certificates is already the newest version (20200601~deb10u2). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

帮看下还有什么会导致这个错误，谢谢

消息队列 kafka 使用 go SDK 的 confluent 客户端，通过 sasl_ssl 连接 kafka，想在 docker 中运行，但是验证证书看起来有问题【证书文件用的时 demo/conf 内 ca-cert.pem 文件】。

dockerfile 如下： FROM golang:1.16 as builder RUN apt-get install gcc && apt-get install ca-certificates RUN go env -w GOPROXY="https://goproxy.cn,direct" WORKDIR /opt/kafka COPY . . RUN go mod tidy RUN go build ENTRYPOINT ["./kafka"]

日志如下： init kafka producer, it may take a few seconds to init the connection init kafka producer success HTTP server Start :7070 %3|1641796736.273|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 78ms in state SSL_HANDSHAKE) %3|1641796737.008|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 44ms in state SSL_HANDSHAKE, 1 identical error(s) suppressed)

日志提醒两个问题 ssl.ca.location is correctly configured or root CA certificates are installed。确认证书路径没有问题；

ca-certificates如下： apt-get install ca-certificates Reading package lists... Done Building dependency tree Reading state information... Done ca-certificates is already the newest version (20200601~deb10u2). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

帮看下还有什么会导致这个错误，谢谢

添加这行代码 kafkaconf.SetKey("enable.ssl.certificate.verification", "false") 在配置里面关闭hostname校验即可

AliwareMQ / aliware-kafka-demos

使用docker起go sdk的一个producer，返回证书验证失败的错误 #62