Some Kafka clusters use TLS as a backdoor load-balancing mechanism, see e.g. strimzi's ingress feature. These are impossible to use with kt if the cluster uses a self-signed certificate, as it uses a default tls.Config in 1-way TLS mode. This PR adds the following features:
use ca-certificate if provided even in 1-way TLS mode
raise authentication errors in group and topic commands, rather than silently falling back to an unencrypted connection
Some Kafka clusters use TLS as a backdoor load-balancing mechanism, see e.g. strimzi's ingress feature. These are impossible to use with kt if the cluster uses a self-signed certificate, as it uses a default tls.Config in 1-way TLS mode. This PR adds the following features:
group
andtopic
commands, rather than silently falling back to an unencrypted connection