Merge pull request #611 from bevuta/tone-down-ssl-handshake-error-logging

Tone down SSL handshake error logging

Author: arnaudgeiser

src/aleph/http/client.clj

@@ -100,6 +100,21 @@
           nil))
       (no-url req))))
 
+(defn exception-handler [ctx ex response-stream]
+  (cond
+    ;; could happens when io.netty.handler.codec.http.HttpObjectAggregator
+    ;; is part of the pipeline
+    (instance? TooLongFrameException ex)
+    (s/put! response-stream ex)
+
+    ;; when SSL handshake failed
+    (netty/ssl-handshake-error? ex)
+    (let [^Throwable handshake-error (.getCause ^Throwable ex)]
+      (s/put! response-stream handshake-error))
+
+    (not (instance? IOException ex))
+    (log/warn ex "error in HTTP client")))
+
 (defn raw-client-handler
   [response-stream buffer-capacity]
   (let [stream (atom nil)
@@ -117,8 +132,7 @@
 
       :exception-caught
       ([_ ctx ex]
-        (when-not (instance? IOException ex)
-          (log/warn ex "error in HTTP client")))
+        (exception-handler ctx ex response-stream))
 
       :channel-inactive
       ([_ ctx]
@@ -169,14 +183,7 @@
 
       :exception-caught
       ([_ ctx ex]
-        (cond
-          ; could happens when io.netty.handler.codec.http.HttpObjectAggregator
-          ; is part of the pipeline
-          (instance? TooLongFrameException ex)
-          (s/put! response-stream ex)
-
-          (not (instance? IOException ex))
-          (log/warn ex "error in HTTP client")))
+        (exception-handler ctx ex response-stream))
 
       :channel-inactive
       ([_ ctx]

src/aleph/http/server.clj

@@ -209,7 +209,13 @@
                                        (invalid-value-response req rsp))))))))))))
 
 (defn exception-handler [ctx ex]
-  (when-not (instance? IOException ex)
+  (cond
+    ;; do not need to log an entire stack trace when SSL handshake failed
+    (netty/ssl-handshake-error? ex)
+    (log/warn "SSL handshake failure:"
+              (.getMessage ^Throwable (.getCause ^Throwable ex)))
+
+    (not (instance? IOException ex))
     (log/warn ex "error in HTTP server")))
 
 (defn invalid-request? [^HttpRequest req]

src/aleph/netty.clj

@@ -37,6 +37,7 @@
      SslContext
      SslContextBuilder
      SslHandler]
+    [io.netty.handler.codec DecoderException]
     [io.netty.handler.ssl.util
      SelfSignedCertificate InsecureTrustManagerFactory]
     [io.netty.resolver
@@ -76,7 +77,8 @@
      LoggingHandler
      LogLevel]
     [java.security.cert X509Certificate]
-    [java.security PrivateKey]))
+    [java.security PrivateKey]
+    [javax.net.ssl SSLHandshakeException]))
 
 ;;;
 
@@ -789,6 +791,11 @@
           ^SslHandler (.get SslHandler)
           .engine
           .getSession))
+
+(defn ssl-handshake-error? [^Throwable ex]
+  (and (instance? DecoderException ex)
+       (instance? SSLHandshakeException (.getCause ex))))
+
 ;;;
 
 (defprotocol AlephServer

src/aleph/tcp.clj

@@ -42,8 +42,14 @@
 
       :exception-caught
       ([_ ctx ex]
-        (when-not (instance? IOException ex)
-          (log/warn ex "error in TCP server")))
+       (cond
+         ;; do not need to log an entire stack trace when SSL handshake failed
+         (netty/ssl-handshake-error? ex)
+         (log/warn "SSL handshake failure:"
+                   (.getMessage ^Throwable (.getCause ^Throwable ex)))
+
+         (not (instance? IOException ex))
+         (log/warn ex "error in TCP server")))
 
       :channel-inactive
       ([_ ctx]
@@ -115,7 +121,11 @@
        :exception-caught
        ([_ ctx ex]
          (when-not (d/error! d ex)
-           (log/warn ex "error in TCP client")))
+           (if (netty/ssl-handshake-error? ex)
+             ;; do not need to log an entire stack trace when SSL handshake failed
+             (log/warn "SSL handshake failure:"
+                       (.getMessage ^Throwable (.getCause ^Throwable ex)))
+             (log/warn ex "error in TCP client"))))
 
        :channel-inactive
        ([_ ctx]