sijie commented on a change in pull request #1678: Issue ##1333: TLS handshake
failure on certificate expiry
URL: https://github.com/apache/bookkeeper/pull/1678#discussion_r220288238
##########
File path:
bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/PerChannelBookieClient.java
##########
@@ -1341,9 +1348,21 @@ public void operationComplete(Future<Channel> future)
throws Exception {
}
} else if (future.isSuccess() && state ==
ConnectionState.START_TLS) {
rc = BKException.Code.OK;
- LOG.info("Successfully connected to bookie using
TLS: " + addr);
+ LOG.info("Successfully connected to bookie using
TLS: {}", addr);
state = ConnectionState.CONNECTED;
+
+ // print peer credentials
+ SslHandler sslHandler = (SslHandler)
channel.pipeline().get(SslHandler.class);
+ LOG.info("Session {} is protected by {} ",
future.get(),
+
sslHandler.engine().getSession().getCipherSuite());
+
+ Certificate[] certificates =
sslHandler.engine().getSession().getPeerCertificates();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Peer Certificate Chain for {}: {}
", future.get(),
Review comment:
@eolivelli that's fine since this is executed in `future.isSuccess()` branch.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
