dpkp
commented
4 years ago No, checking hostnames is a different validation step from checking certificate authority signatures. You must either provide ssl_cafile or have default system CAs available via ssl_context.load_default_certs() . If you do not provide ssl_cafile explicitly, you should see a log message like "Loading system default SSL CAs..."
See https://docs.python.org/3/library/ssl.html#ssl.CERT_REQUIRED
Hi, is the ssl_cafile option required when sercurity_protocol is 'SSL'? My producer is unable to connect when my producer config includes ssl_check_hostname=False, and my broker config has ssl.client.auth=requested. If you provide a proper CA file, the producer connects properly. I was under the assumption that
ssl_check_hostname=Falseimplies no server cert verification. Is this not true?