[
https://issues.apache.org/jira/browse/QPID-8519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17362613#comment-17362613
]
Alex Rudyy commented on QPID-8519:
----------------------------------
Descoped from 8.0.5
> Improve broker logs for SSL handshake failure caused by invalid SNI
> -------------------------------------------------------------------
>
> Key: QPID-8519
> URL: https://issues.apache.org/jira/browse/QPID-8519
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-broker-8.0.4
> Reporter: Dedeepya
> Priority: Major
>
> During the SSL handshake, if sni header is set to a invalid string, it result
> in a SSL handshake failure. However this is logged as a info log on the
> broker logs. This can be improved to add operational logs for invalid SNI.
> Info log :
> 2021-03-12T08:30:14,401Z INFO [IO-/10.161.230.90:51553]
> (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection
> '/10.161.230.90:51553' : Failed to create SNIHostName from string 'Test_Dev'
> Debug log trace:
> 2021-03-11 20:36:55,355 DEBUG [IO-/10.161.230.90:52006]
> (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection
> '/10.161.230.90:52006'
> org.apache.qpid.server.util.ConnectionScopedRuntimeException: Failed to
> create SNIHostName from string 'Test_Dev'
> at
> org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1077)
> at
> org.apache.qpid.server.transport.NonBlockingConnectionTLSDelegate.processData(NonBlockingConnectionTLSDelegate.java:105)
> at
> org.apache.qpid.server.transport.NonBlockingConnection.doRead(NonBlockingConnection.java:496)
> at
> org.apache.qpid.server.transport.NonBlockingConnection.doWork(NonBlockingConnection.java:270)
> at
> org.apache.qpid.server.transport.NetworkConnectionScheduler.processConnection(NetworkConnectionScheduler.java:134)
> at
> org.apache.qpid.server.transport.SelectorThread$ConnectionProcessor.processConnection(SelectorThread.java:575)
> at
> org.apache.qpid.server.transport.SelectorThread$SelectionTask.performSelect(SelectorThread.java:366)
> at
> org.apache.qpid.server.transport.SelectorThread$SelectionTask.run(SelectorThread.java:97)
> at
> org.apache.qpid.server.transport.SelectorThread.run(SelectorThread.java:533)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII
> characters
> at java.net.IDN.toASCIIInternal(IDN.java:296)
> at java.net.IDN.toASCII(IDN.java:122)
> at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)
> at
> org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1073)
> ... 12 common frames omitted
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
