ssl_verify_hostname var is ignored unless also specifying a ca_cert var

[lairen]

• Version of Ruby: 2.6.0
• Version of Kafka: 1.1.1
• Version of ruby-kafka: 1.0.0

Steps to reproduce

kafka = Kafka.new(
seed_brokers: seed_brokers,
ssl_client_cert: File.read(cert_path),
ssl_client_cert_key: File.read(cert_key_path),
ssl_verify_hostname: false
)

kafka.topics 

Expected outcome

I expected the verify_hostname attr of the ssl_context to be set to false and passed to the OpenSSL gem with that value so that hostname is not verified and I can successfully connect to the broker.

Actual outcome

The verify_hostname attribute is ignored unless I explicitly pass in a ca_cert* parameter. Since it is defaulted to true in the OpenSSL gem, I'm getting these SSL errors:

ERROR: OpenSSL::SSL::SSLError - SSL_connect returned=1 errno=0 state=error: 
certificate verify failed (unspecified certificate verification error)

I'm able to get around this by either downgraded to Ruby v2.3.3 (where that version of OpenSSL does not default verify_hostname) or by setting ssl_ca_certs_from_system: true in v2.6.0, which I don't need in my case since my client_cert is a combined cert. I can open up a PR to move the verify_hostname assignment out of this conditional but wanted to check if that was intentional and expected.

ruby-kafka/lib/kafka/ssl_context.rb

Lines 45 to 60 in 0d64a9b

	if ca_cert || ca_cert_file_path || ca_certs_from_system
	store = OpenSSL::X509::Store.new
	Array(ca_cert).each do |cert|
	store.add_cert(OpenSSL::X509::Certificate.new(cert))
	end
	if ca_cert_file_path
	store.add_file(ca_cert_file_path)
	end
	if ca_certs_from_system
	store.set_default_paths
	end
	ssl_context.cert_store = store
	ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
	# Verify certificate hostname if supported (ruby >= 2.4.0)
	ssl_context.verify_hostname = verify_hostname if ssl_context.respond_to?(:verify_hostname=)
	end

[dasch]

It’s not intentional - please do open a PR!