You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This does not work, when we're accessing a SchemaRegistry that is served via https with self-signed certificate, without using client certificates.
How to reproduce
Use a self-signed certificate for the schema-registry
set EnableSslCertificateVerification = true
try to get schema, receive an error
HttpRequestException: The SSL connection could not be established, see inner exception.
varschemaRegistryConfig=new SchemaRegistryConfig
{Url="https://localhost:8085",EnableSslCertificateVerification=false// this does not work};using(varschemaRegistry=new CachedSchemaRegistryClient(schemaRegistryConfig)){varsubjects=await schemaRegistry.GetAllSubjectsAsync();foreach(var subject in subjects){
Console.WriteLine(subject);}}
Checklist
Please provide the following information:
A complete (i.e. we can run it), minimal program demonstrating the problem. No need to supply a project file.
Confluent.Kafka nuget version - 1.8.2
The text was updated successfully, but these errors were encountered:
Hello
We have the same problem in an environment where the self signed certificate has been issued by the Confluent for Kubernetes operator. As I understand it, this means that with our setup a self signed certificate is used for Schema Registry by design.
I assume this means that there that the missing support for client self signed certificates is a bug (or potentially a design flaw)? Currently we do not have a good way to connect to the Schema Registry with a .net client when the Schema Registry certificate has been issued and distributed by the Confluent for Kubernetes operator. Or rather - the only "good way" is to place/mount the CA certificate into /etc/ssl/certs (local certificate store).
Br
Hans K.
dolifer
added a commit
to dolifer/confluent-kafka-dotnet
that referenced
this issue
Jan 7, 2023
Description
I found in the sources, that when HttpClient is created, it bypasses the server SSL CA check only when we're using client certs.
confluent-kafka-dotnet/src/Confluent.SchemaRegistry/Rest/RestService.cs
Lines 67 to 78 in 895b72d
This does not work, when we're accessing a SchemaRegistry that is served via https with self-signed certificate, without using client certificates.
How to reproduce
EnableSslCertificateVerification = true
Checklist
Please provide the following information:
The text was updated successfully, but these errors were encountered: