From 0065e52d849793e7d85cbc179b0c237f26b79ea2 Mon Sep 17 00:00:00 2001 From: jianglai Date: Fri, 17 Aug 2018 10:34:10 -0700 Subject: [PATCH] Log remote IP when EPP SSL handshake fails This makes it easy to debug issues when registrars cannot finish SSL handshake. There's no privacy concerns because we keep a record of the registrars' IP address in our whitelist anyway. The remote address attribute it set by the ProxyProtocolHandler, which runs before anything is done. The GCLP added the protocol header at the beginning of a stream, so we know that by the time handshake is finished (successful or not), this key must be set. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=209169683 --- java/google/registry/proxy/handler/EppServiceHandler.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/google/registry/proxy/handler/EppServiceHandler.java b/java/google/registry/proxy/handler/EppServiceHandler.java index 7c57f5251..ebb82e289 100644 --- a/java/google/registry/proxy/handler/EppServiceHandler.java +++ b/java/google/registry/proxy/handler/EppServiceHandler.java @@ -119,7 +119,8 @@ public class EppServiceHandler extends HttpsRelayServiceHandler { channelRead(ctx, Unpooled.wrappedBuffer(helloBytes)); } else { logger.atWarning().withCause(promise.cause()).log( - "Cannot finish handshake for channel %s", ctx.channel()); + "Cannot finish handshake for channel %s, remote IP %s", + ctx.channel(), ctx.channel().attr(REMOTE_ADDRESS_KEY).get()); ChannelFuture unusedFuture = ctx.close(); } });