[ https://issues.apache.org/jira/browse/QPID-8519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17362613#comment-17362613 ]
Alex Rudyy commented on QPID-8519: ---------------------------------- Descoped from 8.0.5 > Improve broker logs for SSL handshake failure caused by invalid SNI > ------------------------------------------------------------------- > > Key: QPID-8519 > URL: https://issues.apache.org/jira/browse/QPID-8519 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Affects Versions: qpid-java-broker-8.0.4 > Reporter: Dedeepya > Priority: Major > > During the SSL handshake, if sni header is set to a invalid string, it result > in a SSL handshake failure. However this is logged as a info log on the > broker logs. This can be improved to add operational logs for invalid SNI. > Info log : > 2021-03-12T08:30:14,401Z INFO [IO-/10.161.230.90:51553] > (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection > '/10.161.230.90:51553' : Failed to create SNIHostName from string 'Test_Dev' > Debug log trace: > 2021-03-11 20:36:55,355 DEBUG [IO-/10.161.230.90:52006] > (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection > '/10.161.230.90:52006' > org.apache.qpid.server.util.ConnectionScopedRuntimeException: Failed to > create SNIHostName from string 'Test_Dev' > at > org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1077) > at > org.apache.qpid.server.transport.NonBlockingConnectionTLSDelegate.processData(NonBlockingConnectionTLSDelegate.java:105) > at > org.apache.qpid.server.transport.NonBlockingConnection.doRead(NonBlockingConnection.java:496) > at > org.apache.qpid.server.transport.NonBlockingConnection.doWork(NonBlockingConnection.java:270) > at > org.apache.qpid.server.transport.NetworkConnectionScheduler.processConnection(NetworkConnectionScheduler.java:134) > at > org.apache.qpid.server.transport.SelectorThread$ConnectionProcessor.processConnection(SelectorThread.java:575) > at > org.apache.qpid.server.transport.SelectorThread$SelectionTask.performSelect(SelectorThread.java:366) > at > org.apache.qpid.server.transport.SelectorThread$SelectionTask.run(SelectorThread.java:97) > at > org.apache.qpid.server.transport.SelectorThread.run(SelectorThread.java:533) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at > org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII > characters > at java.net.IDN.toASCIIInternal(IDN.java:296) > at java.net.IDN.toASCII(IDN.java:122) > at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99) > at > org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1073) > ... 12 common frames omitted -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org