diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java index efb459e30d..f9484f57cb 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java @@ -18,7 +18,7 @@ package org.apache.activemq.artemis.core.remoting.impl.netty; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; - +import javax.net.ssl.SSLHandshakeException; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.security.AccessController; @@ -35,6 +35,7 @@ import java.util.concurrent.TimeUnit; import io.netty.bootstrap.ServerBootstrap; import io.netty.channel.Channel; +import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelOption; @@ -53,7 +54,6 @@ import io.netty.handler.ssl.SslHandler; import io.netty.util.ResourceLeakDetector; import io.netty.util.concurrent.GenericFutureListener; import io.netty.util.concurrent.GlobalEventExecutor; - import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration; import org.apache.activemq.artemis.api.core.ActiveMQException; import org.apache.activemq.artemis.api.core.SimpleString; @@ -74,8 +74,8 @@ import org.apache.activemq.artemis.spi.core.protocol.ProtocolManager; import org.apache.activemq.artemis.spi.core.remoting.BufferHandler; import org.apache.activemq.artemis.spi.core.remoting.Connection; import org.apache.activemq.artemis.spi.core.remoting.ServerConnectionLifeCycleListener; -import org.apache.activemq.artemis.utils.ConfigurationHelper; import org.apache.activemq.artemis.utils.ActiveMQThreadFactory; +import org.apache.activemq.artemis.utils.ConfigurationHelper; import org.apache.activemq.artemis.utils.TypedProperties; /** @@ -289,6 +289,7 @@ public class NettyAcceptor extends AbstractAcceptor { ChannelPipeline pipeline = channel.pipeline(); if (sslEnabled) { pipeline.addLast("ssl", getSslHandler()); + pipeline.addLast("sslHandshakeExceptionHandler", new SslHandshakeExceptionHandler()); } pipeline.addLast(protocolHandler.getProtocolDecoder()); } @@ -717,4 +718,32 @@ public class NettyAcceptor extends AbstractAcceptor { cancelled = true; } } + + /** + * Deal with SSL handshake exceptions which otherwise would not be handled and would result in a lengthy stack-trace + * in the log. + */ + private class SslHandshakeExceptionHandler implements ChannelHandler { + + @Override + public void handlerAdded(ChannelHandlerContext ctx) throws Exception { + + } + + @Override + public void handlerRemoved(ChannelHandlerContext ctx) throws Exception { + + } + + @Override + public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { + if (cause.getMessage() != null && cause.getMessage().startsWith(SSLHandshakeException.class.getName())) { + ActiveMQServerLogger.LOGGER.sslHandshakeFailed(ctx.channel().remoteAddress().toString(), cause.getMessage()); + + if (ActiveMQServerLogger.LOGGER.isDebugEnabled()) { + ActiveMQServerLogger.LOGGER.debug("SSL handshake failed", cause); + } + } + } + } } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java index 70fb0e1bc1..ba08b7b6d7 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java @@ -1214,6 +1214,11 @@ public interface ActiveMQServerLogger extends BasicLogger { format = Message.Format.MESSAGE_FORMAT) void slowReplicationResponse(); + @LogMessage(level = Logger.Level.WARN) + @Message(id = 222208, value = "SSL handshake failed for client from {0}: {1}.", + format = Message.Format.MESSAGE_FORMAT) + void sslHandshakeFailed(String clientAddress, String cause); + @LogMessage(level = Logger.Level.ERROR) @Message(id = 224000, value = "Failure in initialisation", format = Message.Format.MESSAGE_FORMAT) void initializationError(@Cause Throwable e);