Encrypt communication using self-signed certificate

[tulios]

This PR fixes issue #168

It adds the ssl.ca option:

Kafka.Producer({
  connectionString: 'kafka://<something>'
  ssl: {
    ca: '/path/to/my-cert.crt' // or fs.readFileSync('my-cert.crt')
  }
});

It also accepts process.env.KAFKA_CLIENT_CA

[tulios]

There is one test failing in one of the builds which is not related to this PR

1) Compression sync should send/receive with Snappy compression (<32kb):
      AssertionError: expected 'p02' to deeply equal 'p00'
      + expected - actual
      -p02
      +p00

I don't have the permissions to re-run it so I can confirm that it was a random thing.

[oleksiyk]

I'm not sure what before and after blocks in the test do.
Also, why you are loading client.crt as the CA in the test?

[tulios]

The hooks are ensuring that KAFKA_CLIENT_CERT and KAFKA_CLIENT_CERT_KEY are not set since they are defined in the .travis.yml. Maybe they are not needed since you have builds without the configurations but it was to ensure that the tests always run with the correct setup. I can remove if you want.

About the client.crt I wasn't planning to test the tls module so I just needed something that would pass the /^-----BEGIN CERTIFICATE-----/ check. I can create a proper certificate if you want, kafka won't use it in the tests as this requires more configuration.

[oleksiyk]

The hooks are ensuring that KAFKA_CLIENT_CERT and KAFKA_CLIENT_CERT_KEY are not set

But you are not clearing them (the environment variables), you just save them in additional variables.

I can create a proper certificate if you want, kafka won't use it in the tests as this requires more configuration.

We should have the proper test here, Kafka server should send a certificate signed by self-signed CA (I guess it does this already) and the no-kafka test should have rejectUnauthorized set to true in order to validate server's certificate.

I can look into this and make a test a bit later.

[tulios]

But you are not clearing them

@oleksiyk right! I missed the cleanup while creating the PR, I wrote the tests without it and checked the travis.yml later. Sorry about that, I can fix it now.

I can look into this and make a test a bit later.

Great! I can take a look and see if I can setup this.

[tulios]

I tested this using docker before and it worked. Today I deployed to our staging environment and it is working fine.

[tulios]

@oleksiyk how can I help you to get this merged?

[oleksiyk]

Can you please update README.md to mention new SSL ca option and I'll merge it then.

[cdambo]

@tulios what's blocking us from merging this?

[tulios]

Hi, it's missing an update in the README. I completely forgot about this, I will do it today and see if we can get this merged. Thanks for the reminder 😃

[tulios]

@oleksiyk Can you review the PR again, I've updated the readme. Thanks