SSLLogger.java (was Re: Code Review Request: TLS 1.3 Implementation)

Weijun Wang weijun.wang at oracle.com
Thu Jun 7 00:46:22 UTC 2018



> On Jun 7, 2018, at 8:41 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> 
> 
> On 6/6/2018 4:21 PM, Weijun Wang wrote:
>>> On Jun 7, 2018, at 12:27 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>> 
>>> On 6/6/2018 5:41 AM, Weijun Wang wrote:
>>>> There are lots of calls like
>>>>    RSAClientKeyExchangeMessage ckem =
>>>>            new RSAClientKeyExchangeMessage(shc, message);
>>>>    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
>>>>        SSLLogger.fine(
>>>>            "Consuming RSA ClientKeyExchange handshake message", ckem);
>>>>    }
>>>> which finally calls to
>>>>    String formatted =
>>>>         SSLSimpleFormatter.formatParameters(params);
>>>>    logger.log(level, msg, formatted);
>>>> Now that msg contains no placeholder likes "{0}", nothing on temporary will be shown.
>>> I did not catch you here. SSLSimpleFormatter is a package private class (SSLLogger#SSLSimpleFormatter), which does not use placeholder in msg.
>> I see.
>> BTW, at the beginning of SSLLogger, there is
>> String p = GetPropertyAction.privilegedGetProperty("javax.net.debug");
>> if (p != null) {
>>     if (p.isEmpty()) {
>>         property = "";
>>         logger = System.getLogger("javax.net.ssl");
>>     } else {
>> Will this "p.isEmpty()" ever happen? I cannot find a place when only SSLLogger.isOn is checked but not SSLLogger.isOn("something").
> If p.isEmpty(), SSLLogger.isOn("something") always returns true.  It means that 'something" (ssl, handshake, etc) is not used to control the debug level any more.  Instead, the System.Logger levels (FINE, WARNING, etc) get used instead.

And in this case, what would 

>>>>        SSLLogger.fine(
>>>>            "Consuming RSA ClientKeyExchange handshake message", ckem);

print out?

--Max

> 
> Xuelei



More information about the security-dev mailing list