<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Monaco;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.gmail-m-2808144346660077845p1, li.gmail-m-2808144346660077845p1, div.gmail-m-2808144346660077845p1
{mso-style-name:gmail-m_-2808144346660077845p1;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.gmail-m-2808144346660077845s1
{mso-style-name:gmail-m_-2808144346660077845s1;}
span.gmail-m-2808144346660077845apple-converted-space
{mso-style-name:gmail-m_-2808144346660077845apple-converted-space;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="en-FR" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">D’oh! As they say. Makes sense now. Thanks!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Loïc Hoguin</span><span style="mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Ingela Andin <ingela.andin@gmail.com><br>
<b>Date: </b>Thursday 14 October 2021 at 15:08<br>
<b>To: </b>Loïc Hoguin <lhoguin@vmware.com><br>
<b>Cc: </b>Erlang Questions <erlang-questions@erlang.org><br>
<b>Subject: </b>Re: inet_tls/logger/report_cb combo losing information<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Hi!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">It is not a logger problem, the first log is done by the client that knows why it is failing the connection and it will give you as much info as advisable as to why. While<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">the server only will receive the TLS alert chosen and does not have the knowledge of why. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Regards Ingela <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Den tors 14 okt. 2021 kl 13:58 skrev Loïc Hoguin <<a href="mailto:lhoguin@vmware.com">lhoguin@vmware.com</a>>:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR">Hello,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I am trying to understand why there is a difference between the logs from a simple erl node compared to a node that has logger configuration with a handler that
customizes the output and logs to a file.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">The message logged comes from a handshake error due to a bad certificate when another node is trying to connect through the TLS distribution.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">On the simple erl node we get the following error:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:3.0pt"><span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">=NOTICE REPORT==== 14-Oct-2021::11:23:43.108059 ===</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:3.0pt"><span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">TLS client: In state certify at ssl_handshake.erl:1901 generated CLIENT ALERT: Fatal - Handshake Failure</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:3.0pt"><span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">- {bad_cert,hostname_check_failed}</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">On the node with logger configuration we get this :</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<pre style="margin-bottom:3.0pt"><span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">2021-10-14 11:23:43.108216+02:00 [noti] <0.575.0> TLS server: In state certify received CLIENT ALERT: Fatal - Handshake Failure</span><o:p></o:p></pre>
<pre style="margin-bottom:3.0pt"><span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">2021-10-14 11:23:43.108216+02:00 [noti] <0.575.0></span><o:p></o:p></pre>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">We are missing the bad_cert line and that’s bad because that line is fairly important for debugging the issue.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I have tracked down the error up until the call to ssl_logger:format/1. It receives the following argument:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845s1">#{alert =></span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">{alert,2,40,</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">#{file => "ssl_alert.erl",line => 136,</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">mfa => {ssl_alert,decode,3}},</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">client,undefined},</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">alerter => peer,protocol => "TLS",role => server,</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">statename => certify}</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">As far as I can tell, based on this data, the output is expected.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">For what it’s worth, the Meta information doesn’t have the extra info either:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845s1">#{depth => 20,file => "ssl_alert.erl",</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">gl => <0.46.0>,line => 136,</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">mfa => {ssl_alert,decode,3},</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">pid => <0.690.0>,</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">report_cb => fun ssl_logger:format/1,</span><o:p></o:p></p>
<p class="gmail-m-2808144346660077845p1"><span class="gmail-m-2808144346660077845apple-converted-space">
</span><span class="gmail-m-2808144346660077845s1">time => 1634210440978557}</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">My question therefore is: how can we get the {bad_cert,hostname_check_failed} line logged as well with our custom logger handler? Why is it in the notice report
above but not in the logger event?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">-- <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Loïc Hoguin</span><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</body>
</html>