peterprib / node-red-contrib-kafka-manager

Implement
GNU General Public License v3.0
22 stars 12 forks source link

TLS Credentials Assignment Bug #45

Closed sp193 closed 1 year ago

sp193 commented 2 years ago

Hi,

I noted that TLS support with mutual TLS authentication does not appear to be working correctly, resulting in no certificates being sent in response to a certificate request. Since no certificates are presented, the Kafka broker disconnects the client.

From the console, we can see the contents of sslOptions, which is not aligned with the documentation of Nodejs's TLS module.

7 Mar 15:44:27 - [debug] Kafka Broker {"label":"getKafkaClient sslOptions","properties":["rejectUnauthorized","certdata","keydata","cadata"]}

I guess, this may be a bug which was introduced by this deletion, back in 2020. Instead of calling tlsNode.addTLSOptions(), the contents of credentials are now copied directly to sslOptions via assign().

Unfortunately, I cannot tell whether reverting this change is really the answer, as I am inexperienced when it comes to Nodejs development & that commit's message only says the change "fixed tls".

But I have tried to add it back, replacing this part of kafkaBroker.js:

                  Object.assign(options.sslOptions,node.tlsNode.credentials);

....with this:

                  node.tlsNode.addTLSOptions(options.sslOptions);

And I am able to get a working TLS connection, with the same settings. The log also shows the change:

8 Mar 14:09:59 - [debug] Kafka Broker {"label":"getKafkaClient sslOptions","properties":["rejectUnauthorized","key","cert","ca"]}

Steps to replicate the issue:

  1. Configure your Kafka Broker for mutual TLS. It must be configured to require a client certificate.
  2. Drag a Kafka Producer node.
  3. Configure TLS. Select your Kafka client certificate, key and CA certificate(s).
  4. Deploy the flow.
  5. Note that the TLS handshake fails.
peterprib commented 1 year ago

sorry just noticed issue. WIll look at when I get chnace

peterprib commented 1 year ago

your fix applied