SSL auth doesn't work on Windows

[root691]

Description

Hi! I have Kafka with two way SSL. Faced strange behavior on Windows.

Firstly, it looks like the SslCaLocation parameter does not work correctly on Windows. The library always tries to take the CA certificate to check the broker from the Windows certificate store. Even if the path to a specific file is set in SslCaLocation.

But the problem with SslCaLocation at least has a workaround - add the CA to the store. I ran into a problem that the client certificate for authentication does not work at all under Windows. At the same time, the same code works perfectly fine under Linux. From Windows Kafka broker always raise error Empty client certificate chain.

And yes, I am fully confident in the correctness of the certificates. I am running the same code with the same certs from Windows and Linux.

Can you please help with that? I've searched half the Internet but couldn't find any solution to the problem or a clue that I'm doing something wrong.

How to reproduce

I made a small repository where it is described step by step how to reproduce the problem. With running Kafka locally in docker and checking behavior under Windows and Linux. The only thing you need is WSL. https://github.com/root691/kafka-ssl-test

Checklist

• [x] Demonstrating the problem - https://github.com/root691/kafka-ssl-test
• [x] Confluent.Kafka nuget version - 2.0.2
• [x] Apache Kafka version - docker container confluentinc/cp-kafka 6.1.9, latest at the moment of creating issue
• [x] Client configuration - can see in repository in Program.cs file
• [x] Operating system - Windows 10
• [x] Provide logs - get this on client side with Debug: all - Disconnected while requesting ApiVersion, that's all
• [x] Provide broker log excerpts - Empty client certificate chain. But you can see the logs yourself by following the instructions from the repository
• [x] Critical issue - YES

[x-strong]

I met the same problem using Clenfluent.Kafka v2.0.2 SDK but it is OK using v.1.9.3.