Looks good Vinnie. Thanks for handling this. One more comment from me..
I recently worked with a group who were reading the verbose security
messages when trying to debug an SSL connection issue. They weren't sure
if two-way SSL authentication was set up between the server and client.
Could we make the debug output a bit more obvious on that end also ? I
parsed the full debug logs from the connection issue above and neither
"client authentication" or "clientauthentication" appears in them (even
though it was in use)
see line 1446 :
http://cr.openjdk.java.net/~vinnie/8055207/webrev.00/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java.html
s.println("*** CertificateRequest");
To me this looks like the start of the client authentication request
phase. Could we make the message more informative. Perhaps something
like "*** CertificateRequest. Begin client authentication"
Is that the only time such a message can be printed ?
regards,
Sean.
On 21/08/2014 18:29, Vincent Ryan wrote:
Please review this trivial enhancement to JSSE to warn when TLS client
authentication cannot be completed
because of difficulty locating a suitable client certificate. (Keystore file
paths are already displayed by JSSE, when known)
This is useful to help troubleshoot configuration issues related to keystores
and truststores.
Thanks.
Webrev: http://cr.openjdk.java.net/~vinnie/8055207/webrev.00/
Bug: https://bugs.openjdk.java.net/browse/JDK-8055207
