To help troubleshooting the PKIConnection has been modified to register an SSL socket listener which will display SSL alerts that it has received or sent.
https://pagure.io/dogtagpki/issue/2625 Pushed to master under trivial rule. -- Endi S. Dewata
>From 60f0adb9205d5c7d4d9294ca620530ff3df2000e Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Fri, 17 Mar 2017 04:48:07 +0100 Subject: [PATCH] Added SSLSocketListener for PKIConnection. To help troubleshooting the PKIConnection has been modified to register an SSL socket listener which will display SSL alerts that it has received or sent. https://pagure.io/dogtagpki/issue/2625 Change-Id: I8f2e4f55a3d6bc8a7360f666c9b18e4c0d6c6d83 --- .../com/netscape/certsrv/client/PKIConnection.java | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java index c2ffd09e194a67a38bcc889d46f0ed0f3b0e2c96..d5e4c008700439b06909109c829bbac98c9e17b3 100644 --- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java +++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java @@ -78,8 +78,13 @@ import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget; import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NotInitializedException; +import org.mozilla.jss.ssl.SSLAlertDescription; +import org.mozilla.jss.ssl.SSLAlertEvent; +import org.mozilla.jss.ssl.SSLAlertLevel; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; +import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent; import org.mozilla.jss.ssl.SSLSocket; +import org.mozilla.jss.ssl.SSLSocketListener; import com.netscape.certsrv.base.PKIException; @@ -352,6 +357,41 @@ public class PKIConnection { socket.setClientCertNickname(certNickname); } + socket.addSocketListener(new SSLSocketListener() { + + @Override + public void alertReceived(SSLAlertEvent event) { + + int intLevel = event.getLevel(); + SSLAlertLevel level = SSLAlertLevel.valueOf(intLevel); + + int intDescription = event.getDescription(); + SSLAlertDescription description = SSLAlertDescription.valueOf(intDescription); + + if (level == SSLAlertLevel.FATAL || verbose) { + System.err.println(level + ": SSL alert received: " + description); + } + } + + @Override + public void alertSent(SSLAlertEvent event) { + + int intLevel = event.getLevel(); + SSLAlertLevel level = SSLAlertLevel.valueOf(intLevel); + + int intDescription = event.getDescription(); + SSLAlertDescription description = SSLAlertDescription.valueOf(intDescription); + + if (level == SSLAlertLevel.FATAL || verbose) { + System.err.println(level + ": SSL alert sent: " + description); + } + } + + @Override + public void handshakeCompleted(SSLHandshakeCompletedEvent event) { + } + + }); return socket; } -- 2.5.5
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
