any way to avoid the ca_location flag?

ibm-messaging / event-streams-samples

Apache License 2.0

95 stars 168 forks source link

any way to avoid the ca_location flag? #43

Closed aaadir closed 5 years ago

aaadir commented 5 years ago

The code currently uses the ca_location flag to set the ssl certificate path: self.opts['ca_location'] = '/etc/ssl/certs'

Is there anyway to avoid this step? I tried passing False, None, '' but this failed in various way. Any help would be welcome.

Thanks, Allon.

mimaison commented 5 years ago

You need to provide this settings in order to enable the kafka client to verify the broker keys. This is necessary to ensure you indeed connect to the IBM Event Streams brokers.

You should NOT try to disable this security feature but instead understand where this file/folder is located on your system and ensure you follow the best security practices. If you're having issues locating the correct path for your environment, let us know and we can try helping.

mimaison commented 5 years ago

Closing due to inactivity.

ericqqqqq commented 4 years ago

Hey @mimaison

I am going to use node-rdkafka in IBM Functions. In other words, I need to locate certificate in IBM Functions(serverless).

Any solutions?

Thanks, Eric

mimaison commented 4 years ago

Have you tried using /etc/ssl/certs like mentioned in https://github.com/ibm-messaging/event-streams-samples/blob/master/kafka-nodejs-console-sample/app.js#L70?