[9] request for review: 8055207: keystore and truststore debug output could be much better

[Seán Coffey]

Looks good Vinnie. Thanks for handling this. One more comment from me.. 
I recently worked with a group who were reading the verbose security 
messages when trying to debug an SSL connection issue. They weren't sure 
if  two-way SSL authentication was set up between the server and client. 
Could we make the debug output a bit more obvious on that end also ? I 
parsed the full debug logs from the connection issue above and neither 
"client authentication" or "clientauthentication" appears in them (even 
though it was in use)

see line 1446 : 
http://cr.openjdk.java.net/~vinnie/8055207/webrev.00/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java.html

> s.println("*** CertificateRequest");
To me this looks like the start of the client authentication request 
phase. Could we make the message more informative. Perhaps something 
like "*** CertificateRequest. Begin client authentication"

Is that the only time such a message can be printed ?

regards,
Sean.

On 21/08/2014 18:29, Vincent Ryan wrote:
> Please review this trivial enhancement to JSSE to warn when TLS client authentication cannot be completed
> because of difficulty locating a suitable client certificate. (Keystore file paths are already displayed by JSSE, when known)
>
> This is useful to help troubleshoot configuration issues related to keystores and truststores.
> Thanks.
>
>
> Webrev: http://cr.openjdk.java.net/~vinnie/8055207/webrev.00/
> Bug: https://bugs.openjdk.java.net/browse/JDK-8055207