Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
qpid-java-broker-8.0.4
-
None
-
None
Description
During the SSL handshake, if sni header is set to a invalid string, it result in a SSL handshake failure. However this is logged as a info log on the broker logs. This can be improved to add operational logs for invalid SNI.
Info log :
2021-03-12T08:30:14,401Z INFO [IO-/10.161.230.90:51553] (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection '/10.161.230.90:51553' : Failed to create SNIHostName from string 'Test_Dev'
Debug log trace:
2021-03-11 20:36:55,355 DEBUG [IO-/10.161.230.90:52006] (o.a.q.s.t.NonBlockingConnection) - Exception performing I/O for connection '/10.161.230.90:52006'
org.apache.qpid.server.util.ConnectionScopedRuntimeException: Failed to create SNIHostName from string 'Test_Dev'
at org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1077)
at org.apache.qpid.server.transport.NonBlockingConnectionTLSDelegate.processData(NonBlockingConnectionTLSDelegate.java:105)
at org.apache.qpid.server.transport.NonBlockingConnection.doRead(NonBlockingConnection.java:496)
at org.apache.qpid.server.transport.NonBlockingConnection.doWork(NonBlockingConnection.java:270)
at org.apache.qpid.server.transport.NetworkConnectionScheduler.processConnection(NetworkConnectionScheduler.java:134)
at org.apache.qpid.server.transport.SelectorThread$ConnectionProcessor.processConnection(SelectorThread.java:575)
at org.apache.qpid.server.transport.SelectorThread$SelectionTask.performSelect(SelectorThread.java:366)
at org.apache.qpid.server.transport.SelectorThread$SelectionTask.run(SelectorThread.java:97)
at org.apache.qpid.server.transport.SelectorThread.run(SelectorThread.java:533)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.qpid.server.bytebuffer.QpidByteBufferFactory.lambda$null$0(QpidByteBufferFactory.java:464)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
at java.net.IDN.toASCIIInternal(IDN.java:296)
at java.net.IDN.toASCII(IDN.java:122)
at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)
at org.apache.qpid.server.transport.network.security.ssl.SSLUtil.createSNIHostName(SSLUtil.java:1073)
... 12 common frames omitted