Different behavior observed for 1way vs 2way SSL when deploying pulsar connector NAR File to pulsar cluster

[praagraw-tibco]

I am using Cassandra 4 and cdc-apache-cassandra 2.2.3.

I am seeing different behaviour for two way vs one way ssl when trying to deploy pulsar connector NAR file in the Pulsar cluster. I have my certificates created using JDK (JAVA Key Tool). If am setting value of ssl.provider as "OpenSSL", I am getting exception while deploying pulsar connector NAR File But for 1way SSL it's getting deployed successfully without any exception.

For 2way SSL, I am using below configuration:

ssl.provider="OpenSSL" ssl.hostnameValidation="false" ssl.keystore.password= ssl.keystore.path= ssl.truststore.password= ssl.truststore.path=

For 1way SSL, I am using below configuration:

ssl.provider="OpenSSL" ssl.hostnameValidation="false" ssl.truststore.password= ssl.truststore.path=

Could you please confirm if this is expected?

[aymkhalil]

would you be able to try your 2-way TLS setup with tlsRequireTrustedClientCertOnConnect=true on your brokers/proxies and see if it goes through?

Reference: https://pulsar.apache.org/docs/2.11.x/security-tls-transport/#configure-brokers-1

[praagraw-tibco]

I tried it out but still am able to see different behavior

[aymkhalil]

@praagraw-tibco looking closer into this, it seems we are configure the mTLS between the connector and Cassandra - not between the connector and the brokers. For the latter:

• Use Pulsar Admin CLI settings for experimenting if you are running the connector in local mode. Relevant settings can be found if you run but also see here:

  ./bin/pulsar-admin source localrun

• Use the functions_worker.yml if when you deploy the connector in cluster mode:

Hope that helps. Please note that those settings are pulsar connector related and not CDC specific.