Description
Hi,
I am trying to configure OpenSearch Sink with SSL/TLS. When running the connector as a plugin for ConfluentPlatform's Kafka Connect I get error listed below. I wonder whether there is a way to disable hostname verification for this connector, since I do not see a dedicated configuration option like some other connectors have. I have tried disabling hostname verification for the Kafka-Connect and Kafka itself, but this doesn't help.
Thanks in advance!
[2024-09-11 23:42:40,905] ERROR Error encountered in task opensearch_sink_2-9. Executing stage 'TASK_PUT' with class 'org.apache.kafka.connect.sink.SinkTask'. (org.apache.kafka.connect.runtime.errors.LogReporter)
org.apache.camel.CamelExchangeException: An error occurred while executing the action. Exchange[38FAE99A57E133A-0000000000000001]. Caused by: [java.util.concurrent.CompletionException - javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not match the certificate subject provided by the peer (EMAILADDRESS=test@X.com, CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE)]
at org.apache.camel.component.opensearch.OpensearchProducer.lambda$onComplete$3(OpensearchProducer.java:398)
at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:863)
at java.base/java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:841)
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
at java.base/java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2194)
at org.opensearch.client.transport.rest_client.RestClientTransport$1.onFailure(RestClientTransport.java:178)
at org.opensearch.client.RestClient$FailureTrackingResponseListener.onDefinitiveFailure(RestClient.java:708)
at org.opensearch.client.RestClient$1.failed(RestClient.java:451)
at org.apache.http.concurrent.BasicFuture.failed(BasicFuture.java:137)
at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.executionFailed(DefaultClientExchangeHandlerImpl.java:101)
at org.apache.http.impl.nio.client.AbstractClientExchangeHandler.failed(AbstractClientExchangeHandler.java:432)
at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.exception(HttpAsyncRequestExecutor.java:163)
at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:82)
at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:40)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:156)
at org.apache.http.impl.nio.reactor.BaseIOReactor.writable(BaseIOReactor.java:187)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:341)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.util.concurrent.CompletionException: javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not match the certificate subject provided by the peer (EMAILADDRESS=test@X.com, CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE)
at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:332)
at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:347)
at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:636)
... 19 more
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name '10.50.36.62' does not match the certificate subject provided by the peer (EMAILADDRESS=test@X.com, CN=XXXX, OU=YYYY, O=ZZZZ L=AAAA, ST=AAAA C=IE)
at org.apache.http.nio.conn.ssl.SSLIOSessionStrategy.verifySession(SSLIOSessionStrategy.java:217)
at org.apache.http.nio.conn.ssl.SSLIOSessionStrategy$1.verify(SSLIOSessionStrategy.java:197)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:373)
at org.apache.http.nio.reactor.ssl.SSLIOSession.outboundTransport(SSLIOSession.java:594)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:154)
... 7 more