`ssl_options` require configuration even when `use_ssl` is `false` in Erlang/OTP-26

Question

`ssl_options` require configuration even when `use_ssl` is `false` in Erlang/OTP-26

leemeichin opened this issue a year ago · 0 comments

Due to the changes to the ssl module to provide safer defaults, kafka_ex will fail to connect to a broker even when use_ssl is false.

{:error, {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}}

The issue is that the default SSL config is now set to verify_peer with cacerts (or cacertfile) defaulting to undefined, which results in an error (because the value for cacerts must be provided).

A workaround is to configure ssl_options anyway, even when SSL is ostensibly disabled:

config :kafka_ex,
  use_ssl: false,
  ssl_options: [
    verify: :verify_none
  ]