You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Dedeepya (Jira)" <ji...@apache.org> on 2021/04/22 09:25:00 UTC
[jira] [Created] (QPID-8519) Improve broker logs for SSL handshake
failure caused by invalid SNI
Dedeepya created QPID-8519:
------------------------------
Summary: Improve broker logs for SSL handshake failure caused by invalid SNI
Key: QPID-8519
URL: https://issues.apache.org/jira/browse/QPID-8519
Project: Qpid
Issue Type: Improvement
Components: Broker-J
Affects Versions: qpid-java-broker-8.0.4
Reporter: Dedeepya
Fix For: qpid-java-broker-8.0.5
During the SSL handshake, if sni header is set to a invalid string, it result in a SSL handshake failure. However this is logged as a info log on the broker logs. This can be improved to add operational logs for invalid SNI.
Info log :
2021-03-12T08:30:14,401Z INFO [IO-/10.161.230.90:51553] (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection '/10.161.230.90:51553' : Failed to create SNIHostName from string 'Test_Dev'
Debug log trace:
2021-03-11 20:36:55,355 DEBUG [IO-/10.161.230.90:52006] (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection '/10.161.230.90:52006'
org.apache.qpid.server.util.ConnectionScopedRuntimeException: Failed to create SNIHostName from string 'Test_Dev'
at org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1077)
at org.apache.qpid.server.transport.NonBlockingConnectionTLSDelegate.processData(NonBlockingConnectionTLSDelegate.java:105)
at org.apache.qpid.server.transport.NonBlockingConnection.doRead(NonBlockingConnection.java:496)
at org.apache.qpid.server.transport.NonBlockingConnection.doWork(NonBlockingConnection.java:270)
at org.apache.qpid.server.transport.NetworkConnectionScheduler.processConnection(NetworkConnectionScheduler.java:134)
at org.apache.qpid.server.transport.SelectorThread$ConnectionProcessor.processConnection(SelectorThread.java:575)
at org.apache.qpid.server.transport.SelectorThread$SelectionTask.performSelect(SelectorThread.java:366)
at org.apache.qpid.server.transport.SelectorThread$SelectionTask.run(SelectorThread.java:97)
at org.apache.qpid.server.transport.SelectorThread.run(SelectorThread.java:533)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
at java.net.IDN.toASCIIInternal(IDN.java:296)
at java.net.IDN.toASCII(IDN.java:122)
at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)
at org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1073)
... 12 common frames omitted
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org