Invalid Security Protocol SASL_SSL

[dbcfd]

I'm attempting to set security.protocol to SASL_SSL. I receive the following error

Client config error: Invalid value "SASL_SSL" for configuration property "security.protocol" security.protocol SASL_SSL

I'm using sasl and ssl feature, and the configure output seems correct. SASL_PLAINTEXT will work fine.

Build output stripped to relevant lines

cargo:rustc-link-lib=sasl2
checking for libsasl2 (by compile)... �[32mok�[0;10m (cached)
Configuration summary:
  prefix                   /usr/local
  MKL_DISTRO               osx
  SOLIB_EXT                .dylib
  ARCH                     x86_64
  CPU                      generic
  ENABLE_SSL               y
  LIBS                     -lm -lsasl2 -lz -ldl -lpthread
  BUILT_WITH               GCC GXX OSXLD LIBDL PLUGINS ZLIB SASL_CYRUS HDRHISTOGRAM SNAPPY SOCKEM CRC32C_HW

I'm going to guess that it is failing to find libssl, even with specifying OPENSSL_ROOT_DIR. Attempting cmake_build causes rdkafka-sys to fail to build, with both openssl 1.0 and 1.1.

[dbcfd]

It may make sense to specify pkg-config as a requirement for with and without dynamic linking. Additionally, should check for openssl and sasl2 when using those features in the build.rs file.

Without cmake build, was finally able to make it further by specifying

export OPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1
export LDFLAGS="-L$OPENSSL_ROOT_DIR/lib -L/usr/local/opt/gsas/lib"
export CPPFLAGS="-I$OPENSSL_ROOT_DIR/include"
export OPENSSL_INCLUDE_DIR=$OPENSSL_ROOT_DIR/include

[dbcfd]

The environment setup like above finally got everything building/linking properly, with sasl_ssl available.

rdkafka-sys should compare feature flags to available libraries, since librdkafka doesn't fail with them not present.

[benesch]

I'm afraid this is mostly working as intended. As you say, the upstream librdkafka build system doesn't error if it can't find the libraries that you've enabled. There's an issue open for that, but it hasn't seen much activity: edenhill/mklove#21. I'm hesitant to try to work around it on our end, because changes can break as many environments as they fix.

In general I've found the CMake build system more reliable, and that's where I've been investing time lately. I'd be curious to know why the CMake build failed for you when you enable SSL/SASL.

[benesch]

This is fixed in v0.22.

[benesch]

Er, sorry, that's not what I meant to say. I've opened a PR upstream to try to get this fixed. Unfortunately I don't think there's anything to be done on our side, but I that PR merges it will eventually make its way down here. confluentinc/librdkafka#2640