Description
Description
This issue might be with the way librdkafka does the error propagation, and the issue might need to be logged there. I am logging it here, because I encountered it while using this library.
It seems when there is an error in the SSL handshake connecting to the broker, the client code doesn't get an error, and looks like it's silently swallowed. You can see it in the logs by setting debug in config:
'debug' : 'security,broker'The logs show something like this:
sasl_ssl://xyz.gcp.confluent.cloud:9092/bootstrap: failed: err: Local: SSL error: (errno: Undefined error: 0)
(Here is another issue which appears to have the same problem: #697)
How to reproduce
Set the SSL CA manually, to one which does not match the CA of the broker. I used this one to test, since it doesn't match Confluent Cloud's one, it gets us a repro:
'ssl.ca.location': '/dir/invalid-ca.pem',The error won't be reported in client code - the client just sits there waiting, but it will be visible in librdkafka debug logs.
Checklist
- confluent-kafka-python: 1.2.0
- librdkafka version: 1.2.0
- Apache Kafka broker version: Confluent Cloud
- Client configuration:
{
'bootstrap.servers': 'xyz.gcp.confluent.cloud:9092',
'sasl.mechanisms': 'PLAIN',
'security.protocol': 'SASL_SSL',
'sasl.username': '${USERNAME}',
'sasl.password': '${PASSWORD}'
}- Operating system: OSX 10.14.6