<div dir="ltr"><div>Hi!</div><div><br></div><div>It is not a logger problem, the first log is done by the client that knows why it is failing the connection and it will give you as much info as advisable as to why. While</div><div>the server only will receive the TLS alert chosen and does not have the knowledge of why. </div><div><br></div><div>Regards Ingela </div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Den tors 14 okt. 2021 kl 13:58 skrev Loïc Hoguin <<a href="mailto:lhoguin@vmware.com">lhoguin@vmware.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="en-FR" style="overflow-wrap: break-word;">
<div class="gmail-m_-2808144346660077845WordSection1">
<p class="MsoNormal"><span lang="FR">Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="FR"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">I am trying to understand why there is a difference between the logs from a simple erl node compared to a node that has logger configuration with a handler that customizes the output and logs to a file.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">The message logged comes from a handshake error due to a bad certificate when another node is trying to connect through the TLS distribution.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">On the simple erl node we get the following error:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:3pt;margin-left:0cm">
<span style="font-size:9pt;font-family:Monaco;color:rgb(29,28,29)">=NOTICE REPORT==== 14-Oct-2021::11:23:43.108059 ===<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:3pt;margin-left:0cm">
<span style="font-size:9pt;font-family:Monaco;color:rgb(29,28,29)">TLS client: In state certify at ssl_handshake.erl:1901 generated CLIENT ALERT: Fatal - Handshake Failure<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:0cm;margin-bottom:3pt;margin-left:0cm">
<span style="font-size:9pt;font-family:Monaco;color:rgb(29,28,29)">- {bad_cert,hostname_check_failed}<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-US">On the node with logger configuration we get this :<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<pre style="margin-right:0cm;margin-bottom:3pt;margin-left:0cm"><span style="font-size:9pt;font-family:Monaco;color:rgb(29,28,29)">2021-10-14 11:23:43.108216+02:00 [noti] <0.575.0> TLS server: In state certify received CLIENT ALERT: Fatal - Handshake Failure<u></u><u></u></span></pre>
<pre style="margin-right:0cm;margin-bottom:3pt;margin-left:0cm"><span style="font-size:9pt;font-family:Monaco;color:rgb(29,28,29)">2021-10-14 11:23:43.108216+02:00 [noti] <0.575.0><u></u><u></u></span></pre>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">We are missing the bad_cert line and that’s bad because that line is fairly important for debugging the issue.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">I have tracked down the error up until the call to ssl_logger:format/1. It receives the following argument:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845s1">#{alert =></span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space"> </span><span class="gmail-m_-2808144346660077845s1">{alert,2,40,</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space"> </span><span class="gmail-m_-2808144346660077845s1">#{file => "ssl_alert.erl",line => 136,</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space"> </span><span class="gmail-m_-2808144346660077845s1">mfa => {ssl_alert,decode,3}},</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space"> </span><span class="gmail-m_-2808144346660077845s1">client,undefined},</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space"> </span><span class="gmail-m_-2808144346660077845s1">alerter => peer,protocol => "TLS",role => server,</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space"> </span><span class="gmail-m_-2808144346660077845s1">statename => certify}</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-US">As far as I can tell, based on this data, the output is expected.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">For what it’s worth, the Meta information doesn’t have the extra info either:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845s1">#{depth => 20,file => "ssl_alert.erl",</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space">
</span><span class="gmail-m_-2808144346660077845s1">gl => <0.46.0>,line => 136,</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space">
</span><span class="gmail-m_-2808144346660077845s1">mfa => {ssl_alert,decode,3},</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space">
</span><span class="gmail-m_-2808144346660077845s1">pid => <0.690.0>,</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space">
</span><span class="gmail-m_-2808144346660077845s1">report_cb => fun ssl_logger:format/1,</span><u></u><u></u></p>
<p class="gmail-m_-2808144346660077845p1"><span class="gmail-m_-2808144346660077845apple-converted-space">
</span><span class="gmail-m_-2808144346660077845s1">time => 1634210440978557}</span><u></u><u></u></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">My question therefore is: how can we get the {bad_cert,hostname_check_failed} line logged as well with our custom logger handler? Why is it in the notice report above but not in the logger event?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks,<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal"><span>-- <u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US">Loïc Hoguin</span><u></u><u></u></p>
</div>
</div>
</blockquote></div></div>