Don't require client authentication if kafka configured not to require it

fgeller / kt

Kafka command line tool that likes JSON

MIT License

950 stars 100 forks source link

Don't require client authentication if kafka configured not to require it #109

Closed dangogh closed 4 years ago

dangogh commented 4 years ago

Currently, kt will not attempt to use TLS unless cert, ca, and key paths are all provided and valid. Is this necessary if the host running kt has default system certs set up properly? If so, a -tls option would be handy that causes an empty&tls.Config{} to be returned from setupCerts().

Forgive me if this over-simplifies the issue..

    if cmd.UseTLS {
       return &tls.Config{}, nil
   }

dangogh commented 4 years ago

Changing the title to reflect the real issue.. If kafka is configured for 1-way authentication as described in https://docs.confluent.io/current/kafka/authentication_ssl.html, kt as the client does not need to present certificates.

The kafka configuration for that is ssl.client.auth=requested (rather than =required).

dangogh commented 4 years ago

this repo doesn't seem to be maintained any longer.. closing.