Hello all,
Facing an odd issue with logging the SSL handshake details:
I have this in my logging.properties:
handlers = 1catalina.org.apache.juli.AsyncFileHandler
.handlers = 1catalina.org.apache.juli.AsyncFileHandler
1catalina.org.apache.juli.AsyncFileHandler.level = FINE
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.home}/logs
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
org.apache.tomcat.util.net.NioEndpoint.handshake.level = FINE
org.apache.tomcat.util.net.NioEndpoint.certificate.level = FINE
With above configuration, I don't see the SSL handshake failures details in
logs.
However, when I add the console handler like:
handlers = 1catalina.org.apache.juli.AsyncFileHandler,\
java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.AsyncFileHandler,
java.util.logging.ConsoleHandler
1catalina.org.apache.juli.AsyncFileHandler.level = FINE
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.home}/logs
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
java.util.logging.ConsoleHandler.level = FINE
org.apache.tomcat.util.net.NioEndpoint.handshake.level = FINE
org.apache.tomcat.util.net.NioEndpoint.certificate.level = FINE
I see the SSL handshake failure logs e.g.
FINE: Handshake failed for client connection from IP address [127.0.0.1] and
port [37136]
javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:364)
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:203)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:155)
at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:597)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:552)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:418)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:397)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at
org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483)
at
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:215)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1766)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:750)
What am I missing in the logger configuration? Do we have to have the console
handler configured?
Thanks,
Amit
