SSLLogger.java (was Re: Code Review Request: TLS 1.3 Implementation)
Xuelei Fan
xuelei.fan at oracle.com
Thu Jun 7 01:35:46 UTC 2018
I see your concerns now. Currently, we don't fine the format if using
System logger. Applications can define the format and output style for
themselves if needed. That's also the purpose why we introduce the
System Logger in the provider.
Xuelei
On 6/6/2018 6:10 PM, Weijun Wang wrote:
> I assume this output is for the internal SSLLogger. I was asking what would be printed if someone only set "-Djavax.net.debug" and a System logger is used.
>
> --Max
>
>> On Jun 7, 2018, at 8:54 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>>
>>
>> On 6/6/2018 5:46 PM, Weijun Wang wrote:
>>>> On Jun 7, 2018, at 8:41 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>
>>>>
>>>>
>>>> On 6/6/2018 4:21 PM, Weijun Wang wrote:
>>>>>> On Jun 7, 2018, at 12:27 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>>>
>>>>>> On 6/6/2018 5:41 AM, Weijun Wang wrote:
>>>>>>> There are lots of calls like
>>>>>>> RSAClientKeyExchangeMessage ckem =
>>>>>>> new RSAClientKeyExchangeMessage(shc, message);
>>>>>>> if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
>>>>>>> SSLLogger.fine(
>>>>>>> "Consuming RSA ClientKeyExchange handshake message", ckem);
>>>>>>> }
>>>>>>> which finally calls to
>>>>>>> String formatted =
>>>>>>> SSLSimpleFormatter.formatParameters(params);
>>>>>>> logger.log(level, msg, formatted);
>>>>>>> Now that msg contains no placeholder likes "{0}", nothing on temporary will be shown.
>>>>>> I did not catch you here. SSLSimpleFormatter is a package private class (SSLLogger#SSLSimpleFormatter), which does not use placeholder in msg.
>>>>> I see.
>>>>> BTW, at the beginning of SSLLogger, there is
>>>>> String p = GetPropertyAction.privilegedGetProperty("javax.net.debug");
>>>>> if (p != null) {
>>>>> if (p.isEmpty()) {
>>>>> property = "";
>>>>> logger = System.getLogger("javax.net.ssl");
>>>>> } else {
>>>>> Will this "p.isEmpty()" ever happen? I cannot find a place when only SSLLogger.isOn is checked but not SSLLogger.isOn("something").
>>>> If p.isEmpty(), SSLLogger.isOn("something") always returns true. It means that 'something" (ssl, handshake, etc) is not used to control the debug level any more. Instead, the System.Logger levels (FINE, WARNING, etc) get used instead.
>>> And in this case, what would
>>>>>>> SSLLogger.fine(
>>>>>>> "Consuming RSA ClientKeyExchange handshake message", ckem);
>>> print out?
>> If Level.DEBUG is enabled, the printout may look like (I use the DH ClientkeyExchange handshake message as I happen to have the debug log in hand):
>>
>> javax.net.ssl|DEBUG|01|main|2018-06-06 17:49:38.624 PDT|DHClientKeyExchange.java:271|Consuming DH ClientKeyExchange handshake message (
>> "DH ClientKeyExchange": {
>> "parameters": {
>> "dh_Yc": {
>> 0000: 4E 8B 14 6B E7 D6 EB BF 8C 69 C6 03 5D D0 EA 10 N..k.....i..]...
>> 0010: F9 B6 37 89 B5 50 67 3B A0 3B 18 2C EE 99 87 D5 ..7..Pg;.;.,....
>> 0020: D8 61 62 D1 5F 97 66 6B 27 03 19 6C 6D DE 91 07 .ab._.fk'..lm...
>> 0030: E1 A8 AC D7 30 55 2C 86 A1 D1 9C 98 BF DF 83 3E ....0U,........>
>> 0040: 34 1F 7C F0 AC 87 BC 5E D4 E9 99 33 2C D0 79 20 4......^...3,.y
>> 0050: B5 66 12 95 84 66 50 24 5D F6 C9 1A D0 18 8C A9 .f...fP$].......
>> 0060: 9A EC E5 59 5C FE 57 31 66 CE BF FD E2 61 4B 5D ...Y\.W1f....aK]
>> 0070: A5 49 94 0B CC 30 BA 0A 16 D9 0A B3 19 EE 58 C7 .I...0........X.
>> 0080: E4 D1 22 9E 1D 9A 43 57 D0 B8 B6 87 02 A0 42 D3 .."...CW......B.
>> 0090: A1 66 EB 04 5F 5F B7 3F 1F B9 1A 23 D1 79 A6 01 .f..__.?...#.y..
>> 00A0: 9F CE 65 EE CD 04 B7 1A 38 2E 2A 7B F3 0E F6 F8 ..e.....8.*.....
>> 00B0: 5F D3 8F E5 5E 83 89 FD 97 17 9D C4 81 99 9A AB _...^...........
>> 00C0: 83 EC E5 C5 68 0A E2 D5 CF D0 70 D9 D5 BE C4 16 ....h.....p.....
>> 00D0: 37 E2 2D 86 2C 53 95 C8 D9 EE 9F E4 32 35 DE FE 7.-.,S......25..
>> 00E0: D8 5D 78 BC 6E 2C 98 90 03 0B F4 CF 36 20 6E F1 .]x.n,......6 n.
>> 00F0: F9 3B 05 C1 3E 17 2A 7B 11 39 6D 59 82 A8 61 9C .;..>.*..9mY..a.
>> },
>> }
>> }
>> )
>>
>> Xuelei
>
More information about the security-dev
mailing list