kishorekasi commented on a change in pull request #1678: Issue ##1333: TLS
handshake failure on certificate expiry
URL: https://github.com/apache/bookkeeper/pull/1678#discussion_r218619089
##########
File path:
bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/PerChannelBookieClient.java
##########
@@ -1341,9 +1348,21 @@ public void operationComplete(Future<Channel> future)
throws Exception {
}
} else if (future.isSuccess() && state ==
ConnectionState.START_TLS) {
rc = BKException.Code.OK;
- LOG.info("Successfully connected to bookie using
TLS: " + addr);
+ LOG.info("Successfully connected to bookie using
TLS: {}", addr);
state = ConnectionState.CONNECTED;
+
+ // print peer credentials
+ SslHandler sslHandler = (SslHandler)
channel.pipeline().get(SslHandler.class);
+ LOG.info("Session {} is protected by {} ",
future.get(),
+
sslHandler.engine().getSession().getCipherSuite());
+
+ Certificate[] certificates =
sslHandler.engine().getSession().getPeerCertificates();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Peer Certificate Chain for {}: {}
", future.get(),
Review comment:
Yes, in this specific case future is complete and successful. You are
correct that if the future is not complete, it can throw an exception (I have
seen this in the past).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
