86828

How to enable javax.net.debug on demand

Question:

Our application uses Apache HttpClient 4.5.3 and we are observing a very weird behavior with communication between our client and the server using SNI capability

The server is configured to return a Go Daddy signed certificate if the SSL request comes in the with the server name expected from our client(ie: the host name of the server) and it will return a self signed certificate for all other domain names

Behavior observed

<ul><li>The client receives the correct server certificate on all server except on our production machine</li> <li>The client code is running in an application deployed on tomcat 8, we have noticed that initial requests to the endpoint go through successfully. After some time of running we receive an SSL exception on the client.</li> <li>The error is because the server is not sending the correct certificate(it sends the default self signed certificate)</li> <li>If we restart the tomcat server on which the client is deployed, the calls again start to go through successfully.</li> </ul>

We have used javax.net.debug for debugging purposes in the past but we cannot use it in this case as we need to restart the tomcat server for its effect to take place and when we restart the tomcat server, the calls to the endpoint server start to succeed. Also the javax.net.debug logs a lot of information which will flood our logs and hence we wanted it enabled only for a specific request. We are hoping to log only the Client Hello(which contains the server_name passed to the endpoint)

I have read through <a href="https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#OwnX509ETM" rel="nofollow">https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#OwnX509ETM</a> But not sure of what we can use to print only the SSL server name indicator pushed down to the server.

Answer1:

I had the same concern as yours, then firstly I was thinking about dynamically adding environment variable, but it's always taking old value. Then I found out that javax.net.debug enviroment variable is read once only with static block in SSLSocketFactory.java. The full source code is available <a href="http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/javax/net/ssl/SSLSocketFactory.java/" rel="nofollow">here</a>.

static { String s = java.security.AccessController.doPrivileged( new GetPropertyAction("javax.net.debug", "")).toLowerCase(Locale.ENGLISH); DEBUG = s.contains("all") || s.contains("ssl"); }

Recommend

  • Generating random numbers directly inside a .htaccess file
  • The symbol you provided is not a function
  • why my app based on boost::asio didn't accept new connection
  • Multiple Left Join LINQ-to-entities
  • read values from form post in jquery or javascript
  • Unable to connect to OnVif enabled camera using C#
  • SqlCommand back up Database
  • File extension of zlib zipped html page?
  • Setting WPF Window Background to Resource Dictionary Brush User Setting
  • apply a javascript function to draggable copy
  • Consuming a WCF service in a Java Client using wsHttpBinding
  • Exception gevent.hub.LoopExit: LoopExit('This operation would block forever',)
  • blade.php method outputting it's result to the form
  • xcode don't localize specific strings
  • Invalid object name 'dbo.Item'
  • Jenkins: FATAL: Could not initialize class hudson.util.ProcessTree$UnixReflection
  • TextToSpeech.setEngineByPackageName() triggers NullPointerException
  • How to run “Deployd” on port 80 instead of port 5000 in webserver.
  • Apache 2.4 and php-fpm does not trigger apache http basic auth for php pages
  • Does CUDA 5 support STL or THRUST inside the device code?
  • javascript inside java/jsp code
  • ActionScript 2 vs ActionScript 3 performance
  • How to make Safari send if-modified-since header?
  • Web-crawler for facebook in python
  • How can I estimate amount of memory left with calling System.gc()?
  • Apache 2.4 - remove | delete | uninstall
  • Compare two NSDates in iPhone
  • Transpose CSV data with awk (pivot transformation)
  • Use group_by to filter specific cases while keeping NAs
  • Android Studio and gradle
  • log4net write single file for each call to log.info
  • Benchmarking RAM performance - UWP and C#
  • Acquiring multiple attributes from .xml file in c#
  • How to CLICK on IE download dialog box i.e.(Open, Save, Save As…)
  • Can Visual Studio XAML designer handle font family names with spaces as a resource?
  • IndexOutOfRangeException on multidimensional array despite using GetLength check
  • How can I remove ASP.NET Designer.cs files?
  • Are Kotlin's Float, Int etc optimised to built-in types in the JVM? [duplicate]
  • How can i traverse a binary tree from right to left in java?
  • java string with new operator and a literal