You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2016/06/27 14:19:27 UTC
[2/2] activemq-artemis git commit: ARTEMIS-577 clarify SSL handshake
failure log
ARTEMIS-577 clarify SSL handshake failure log
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/0d24e636
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/0d24e636
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/0d24e636
Branch: refs/heads/master
Commit: 0d24e63647a0b2a1f578ec4ddb1367ceeca4a1b1
Parents: 7d69d91
Author: jbertram <jb...@apache.org>
Authored: Thu Jun 23 14:51:15 2016 -0500
Committer: Clebert Suconic <cl...@apache.org>
Committed: Mon Jun 27 10:15:30 2016 -0400
----------------------------------------------------------------------
.../core/remoting/impl/netty/NettyAcceptor.java | 35 ++++++++++++++++++--
.../core/server/ActiveMQServerLogger.java | 5 +++
2 files changed, 37 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/0d24e636/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
index efb459e..f9484f5 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
@@ -18,7 +18,7 @@ package org.apache.activemq.artemis.core.remoting.impl.netty;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
-
+import javax.net.ssl.SSLHandshakeException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.AccessController;
@@ -35,6 +35,7 @@ import java.util.concurrent.TimeUnit;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.channel.Channel;
+import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
@@ -53,7 +54,6 @@ import io.netty.handler.ssl.SslHandler;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.concurrent.GenericFutureListener;
import io.netty.util.concurrent.GlobalEventExecutor;
-
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.SimpleString;
@@ -74,8 +74,8 @@ import org.apache.activemq.artemis.spi.core.protocol.ProtocolManager;
import org.apache.activemq.artemis.spi.core.remoting.BufferHandler;
import org.apache.activemq.artemis.spi.core.remoting.Connection;
import org.apache.activemq.artemis.spi.core.remoting.ServerConnectionLifeCycleListener;
-import org.apache.activemq.artemis.utils.ConfigurationHelper;
import org.apache.activemq.artemis.utils.ActiveMQThreadFactory;
+import org.apache.activemq.artemis.utils.ConfigurationHelper;
import org.apache.activemq.artemis.utils.TypedProperties;
/**
@@ -289,6 +289,7 @@ public class NettyAcceptor extends AbstractAcceptor {
ChannelPipeline pipeline = channel.pipeline();
if (sslEnabled) {
pipeline.addLast("ssl", getSslHandler());
+ pipeline.addLast("sslHandshakeExceptionHandler", new SslHandshakeExceptionHandler());
}
pipeline.addLast(protocolHandler.getProtocolDecoder());
}
@@ -717,4 +718,32 @@ public class NettyAcceptor extends AbstractAcceptor {
cancelled = true;
}
}
+
+ /**
+ * Deal with SSL handshake exceptions which otherwise would not be handled and would result in a lengthy stack-trace
+ * in the log.
+ */
+ private class SslHandshakeExceptionHandler implements ChannelHandler {
+
+ @Override
+ public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
+
+ }
+
+ @Override
+ public void handlerRemoved(ChannelHandlerContext ctx) throws Exception {
+
+ }
+
+ @Override
+ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
+ if (cause.getMessage() != null && cause.getMessage().startsWith(SSLHandshakeException.class.getName())) {
+ ActiveMQServerLogger.LOGGER.sslHandshakeFailed(ctx.channel().remoteAddress().toString(), cause.getMessage());
+
+ if (ActiveMQServerLogger.LOGGER.isDebugEnabled()) {
+ ActiveMQServerLogger.LOGGER.debug("SSL handshake failed", cause);
+ }
+ }
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/0d24e636/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
index 70fb0e1..ba08b7b 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
@@ -1214,6 +1214,11 @@ public interface ActiveMQServerLogger extends BasicLogger {
format = Message.Format.MESSAGE_FORMAT)
void slowReplicationResponse();
+ @LogMessage(level = Logger.Level.WARN)
+ @Message(id = 222208, value = "SSL handshake failed for client from {0}: {1}.",
+ format = Message.Format.MESSAGE_FORMAT)
+ void sslHandshakeFailed(String clientAddress, String cause);
+
@LogMessage(level = Logger.Level.ERROR)
@Message(id = 224000, value = "Failure in initialisation", format = Message.Format.MESSAGE_FORMAT)
void initializationError(@Cause Throwable e);