[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions

Mon, 20 Nov 2023 14:07:06 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17788165#comment-17788165
 ] 

James Hu commented on CASSANDRA-18839:
--------------------------------------

[~bschoeni] Ah, I can see what you mean. With that said, does it make more 
sense to move this error check to ExceptionHandlers.exceptionCaught() in trunk 
since we still need the reference to ChannelHandlerContext ctx?
{code:java}
@Override
public void exceptionCaught(final ChannelHandlerContext ctx, Throwable cause)
{
    ...
    if (Throwables.anyCauseMatches(cause, t -> t instanceof SSLException))
    {
        logger.warn("SSLException in client networking with peer {}", 
ctx.channel().remoteAddress(), cause);
        return;
    }
    ...
    logClientNetworkingExceptions(cause);
} {code}

> Catch SSLHandshakeExceptions exceptions
> ---------------------------------------
>
>                 Key: CASSANDRA-18839
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18839
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Messaging/Client
>            Reporter: Brad Schoening
>            Priority: Low
>
> When SSL connection errors occur, they tend to flood the log with stack 
> traces and lack the identity of the remote client IP.  Instead, 
> PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, 
> more informative WARN level message instead of the verbose and mostly 
> unhelpful stack trace.
> I.e., 
> {code:java}
> [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1  
> PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer 
> 10.0.0.10:9042 error:100000d7:SSL 
> routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code}
> instead of the current ones which flood the logs:
> {code:java}
> 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 
> ip_address=10.0.0.1  PreV5Handlers.java:261 - Unknown exception in client 
> networking
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: 
> error:100000d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
>     at 
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
>     at 
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
>     at 
> io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795)
>     at 
> io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480)
>     at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
>     at 
> io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
>     at 
> io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
>     at 
> io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
>     at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: javax.net.ssl.SSLHandshakeException: error:100000d7:SSL 
> routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389)
>     at 
> io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206)
>     at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387)
>     at 
> io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294)
>     at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
>     ... 15 common frames omitted {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to