I'm currently having a server where mTLS is enabled. With this, a client trying to make a HTTP request to it.
On server side, I am seeing this error:
DEBUG [myservice,,] 65 --- [or-http-epoll-1] reactor.netty.tcp.SslProvider : [id: 0xc99178db, L:/1x:19010 - R:/y:34860] SSL enabled using engine JdkAlpnSslEngine
DEBUG [myservice,,] 65 --- [or-http-epoll-1] reactor.netty.transport.TransportConfig : [id: 0xc99178db, L:/1x:19010 - R:/y:34860] Initialized pipeline DefaultChannelPipeline{(reactor.left.sslHandler = io.netty.handler.ssl.SslHandler), (reactor.left.sslReader = reactor.netty.tcp.SslProvider$SslReadHandler), (reactor.left.h2OrHttp11Codec = reactor.netty.http.server.HttpServerConfig$H2OrHttp11Codec), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
WARN [myservice,,] 65 --- [or-http-epoll-1] .s.ApplicationProtocolNegotiationHandler : [id: 0xc99178db, L:/x:19010 - R:/y:34860] Failed to select the application-level protocol:
javax.net.ssl.SSLHandshakeException: Empty client certificate chain
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[na:na]
DEBUG [myservice,,] 65 --- [or-http-epoll-1] reactor.netty.transport.ServerTransport : [id: 0xc99178db, L:/x:19010 - R:/y:34860] onUncaughtException(SimpleConnection{channel=[id: 0xc99178db, L:/x:19010 - R:/y:34860]})
javax.net.ssl.SSLHandshakeException: Empty client certificate chain
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[na:na]
And on client side, I am seeing
WARN [myclient,,] 65 --- [or-http-epoll-4] r.netty.http.client.HttpClientConnect : [id: 0x16cdd8b7, L:/a:44572 ! R:bb/bbb:19010] The connection observed an error
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) ~[netty-codec-4.1.58.Final.jar!/:4.1.58.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.58.Final.jar!/:4.1.58.Final]
My question is, great, I know the client is calling the server, and the server is responding bad_certificate.
However, I would like to know which endpoint the client is trying to invoke on the server to properly debug.
I have debug log turned on already, and seeing this periodically. Some other clients can make requests to the app fine, it is really just this route having the issue. But how to know which is the route please?
question from:
https://stackoverflow.com/questions/65922447/how-to-get-the-handler-route-having-an-issue 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
