[jira] [Commented] (CASSANDRA-18839) Catch SSLHandshakeExceptions exceptions

Sun, 19 Nov 2023 08:50:06 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17787626#comment-17787626
 ] 

James Hu commented on CASSANDRA-18839:
--------------------------------------

[~bschoeni] Do you mean that an SSLHandshakeException handler should already be 
in PreV5Handlers.java? I didn't seem to see anything explicitly in that file. I 
was thinking it might make sense to add a case to 
logClientNetworkingExceptions() at 
[https://github.com/apache/cassandra/blob/ed5a22428355765df5da94151413fc59538afef5/src/java/org/apache/cassandra/transport/ExceptionHandlers.java#L113-L141]
 to catch/log the SSLHandshakeException. I'm still new to Cassandra dev and 
open source in general, so please let me know if I'm way off the mark here. 


{code:java}
 {code}
 

> Catch SSLHandshakeExceptions exceptions
> ---------------------------------------
>
>                 Key: CASSANDRA-18839
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18839
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Messaging/Client
>            Reporter: Brad Schoening
>            Priority: Low
>
> When SSL connection errors occur, they tend to flood the log with stack 
> traces and lack the identity of the remote client IP.  Instead, 
> PreV5Handlers.decode() could catch SSLHandshakeException and provide a brief, 
> more informative WARN level message instead of the verbose and mostly 
> unhelpful stack trace.
> I.e., 
> {code:java}
> [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 ip_address=10.0.0.1  
> PreV5Handlers.java:261 - SSLHandshakeException in client networking with peer 
> 10.0.0.10:9042 error:100000d7:SSL 
> routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE {code}
> instead of the current ones which flood the logs:
> {code:java}
> 2023-09-12 00:00:25,368 [WARN ] [epollEventLoopGroup-5-5] cluster_id=3 
> ip_address=10.0.0.1  PreV5Handlers.java:261 - Unknown exception in client 
> networking
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: 
> error:100000d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
>     at 
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
>     at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
>     at 
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
>     at 
> io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795)
>     at 
> io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480)
>     at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
>     at 
> io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
>     at 
> io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
>     at 
> io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
>     at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: javax.net.ssl.SSLHandshakeException: error:100000d7:SSL 
> routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1031)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1321)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1270)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1346)
>     at 
> io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1389)
>     at 
> io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:206)
>     at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387)
>     at 
> io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1294)
>     at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1331)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
>     at 
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
>     ... 15 common frames omitted {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to