Hostname verification failed

[swehner]

• aws-msk-iam-sasl-signer-python version: 1.0.0
• Python version: 3.11
• Operating System: MacOS
• Method of installation: pip3
• Kafka library name: confluent-kafka-python
• Kafka library version: 2.3.0
• Provide us a sample code snippet of your producer/consumer

Producer configuration:

def get_outh(config_str):
    try:
        token, expiration_time = MSKAuthTokenProvider.generate_auth_token('us-east1')
        return token, expiration_time/1000
    except Exception as e:
        print(e)
        raise

producer = Producer(
            {
                'bootstrap.servers': brokers, # AWS MSK kafka isntance using port 9098
                'security.protocol': 'sasl_ssl',
                'logger': logger,
                'debug': 'broker,security',
                'sasl.mechanism': 'OAUTHBEARER',
                'oauth_cb': get_outh,
                'ssl.endpoint.identification.algorithm': 'none',
                'enable.ssl.certificate.verification': 'false'
            },
        )

Description

When trying to instantiate this producer and send a message I get a 'Hostname verification failed' error.

I tried disabling all SSL endpoint verification but it doesn't seem to affect the outcome.

What I Did

Log of the underlying librdkafka implementation

CONNECT [Stefans-MacBook-Pro.local#producer-1] [thrd:sasl_ssl://b-2.demodataplatformmskse.paysss.c14.kafka.us-east-1]: sasl_ssl://b-2.demodataplatformmskse.paysss.c14.kafka.us-east-1.amazonaws.com:9098/bootstrap: broker in state TRY_CONNECT connecting
STATE [Stefans-MacBook-Pro.local#producer-1] [thrd:sasl_ssl://b-2.demodataplatformmskse.paysss.c14.kafka.us-east-1]: sasl_ssl://b-2.demodataplatformmskse.paysss.c14.kafka.us-east-1.amazonaws.com:9098/bootstrap: Broker changed state TRY_CONNECT -> CONNECT
CONNECT [Stefans-MacBook-Pro.local#producer-1] [thrd:sasl_ssl://b-2.demodataplatformmskse.paysss.c14.kafka.us-east-1]: sasl_ssl://b-2.demodataplatformmskse.paysss.c14.kafka.us-east-1.amazonaws.com:9098/bootstrap: Connecting to ipv4#10.2.3.79:9098 (sasl_ssl) with socket 15
FAIL [Stefans-MacBook-Pro.local#producer-1] [thrd:sasl_ssl://b-1.demodataplatformmskse.paysss.c14.kafka.us-east-1]: sasl_ssl://b-1.demodataplatformmskse.paysss.c14.kafka.us-east-1.amazonaws.com:9098/bootstrap: SASL authentication error: [e15f74a3-a70d-44d8-9971-1a78c58919e3]: Hostname verification failed (after 440ms in state AUTH_REQ) (_AUTHENTICATION)
FAIL [Stefans-MacBook-Pro.local#producer-1] [thrd:sasl_ssl://b-1.demodataplatformmskse.paysss.c14.kafka.us-east-1]: sasl_ssl://b-1.demodataplatformmskse.paysss.c14.kafka.us-east-1.amazonaws.com:9098/bootstrap: SASL authentication error: [e15f74a3-a70d-44d8-9971-1a78c58919e3]: Hostname verification failed (after 440ms in state AUTH_REQ)

[sankalpbhatia]

Have you made sure that the region used in generating the token is same as the region of the cluster?