From f71485b5fdb66f048eed32b74e87a61d203b0b0f Mon Sep 17 00:00:00 2001
From: Francis Dupont <fdupont@isc.org>
Date: Tue, 23 Mar 2021 16:44:41 +0100
Subject: [PATCH] [#1661] Added log for server handshake failure

---
 src/lib/config/cmd_http_listener.cc |  4 +++-
 src/lib/http/connection.cc          |  9 +++++----
 src/lib/http/http_messages.cc       |  6 ++++--
 src/lib/http/http_messages.h        |  3 ++-
 src/lib/http/http_messages.mes      | 14 ++++++++------
 5 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/src/lib/config/cmd_http_listener.cc b/src/lib/config/cmd_http_listener.cc
index cd469a8046..f3ff7bd2a8 100644
--- a/src/lib/config/cmd_http_listener.cc
+++ b/src/lib/config/cmd_http_listener.cc
@@ -60,7 +60,9 @@ CmdHttpListener::start() {
 
         // Create the HTTP listener. It will open up a TCP socket and be
         // prepared to accept incoming connections.
-        http_listener_.reset(new HttpListener(*io_service_, address_, port_, rcf,
+        TlsContextPtr tls_context;
+        http_listener_.reset(new HttpListener(*io_service_, address_, port_,
+                                              tls_context, rcf,
                                               HttpListener::RequestTimeout(TIMEOUT_AGENT_RECEIVE_COMMAND),
                                               HttpListener::IdleTimeout(TIMEOUT_AGENT_IDLE_CONNECTION_TIMEOUT)));
 
diff --git a/src/lib/http/connection.cc b/src/lib/http/connection.cc
index a1851136bb..7343670470 100644
--- a/src/lib/http/connection.cc
+++ b/src/lib/http/connection.cc
@@ -316,7 +316,7 @@ HttpConnection::acceptorCallback(const boost::system::error_code& ec) {
                 .arg(static_cast<unsigned>(request_timeout_/1000));
         } else {
             LOG_DEBUG(http_logger, isc::log::DBGLVL_TRACE_DETAIL,
-                      HTTP_CLIENT_HANDSHAKE_START)
+                      HTTP_CONNECTION_HANDSHAKE_START)
                 .arg(getRemoteEndpointAddressAsText())
                 .arg(static_cast<unsigned>(request_timeout_/1000));
         }
@@ -329,10 +329,11 @@ HttpConnection::acceptorCallback(const boost::system::error_code& ec) {
 void
 HttpConnection::handshakeCallback(const boost::system::error_code& ec) {
     if (ec) {
+        LOG_INFO(http_logger, HTTP_CONNECTION_HANDSHAKE_FAILED)
+            .arg(getRemoteEndpointAddressAsText())
+            .arg(ec.message());
         stopThisConnection();
-    }
-
-    if (!ec) {
+    } else {
         LOG_DEBUG(http_logger, isc::log::DBGLVL_TRACE_DETAIL,
                   HTTPS_REQUEST_RECEIVE_START)
             .arg(getRemoteEndpointAddressAsText());
diff --git a/src/lib/http/http_messages.cc b/src/lib/http/http_messages.cc
index b3bb7dbd0a..510b40b8f8 100644
--- a/src/lib/http/http_messages.cc
+++ b/src/lib/http/http_messages.cc
@@ -12,7 +12,6 @@ extern const isc::log::MessageID HTTP_BAD_CLIENT_REQUEST_RECEIVED = "HTTP_BAD_CL
 extern const isc::log::MessageID HTTP_BAD_CLIENT_REQUEST_RECEIVED_DETAILS = "HTTP_BAD_CLIENT_REQUEST_RECEIVED_DETAILS";
 extern const isc::log::MessageID HTTP_BAD_SERVER_RESPONSE_RECEIVED = "HTTP_BAD_SERVER_RESPONSE_RECEIVED";
 extern const isc::log::MessageID HTTP_BAD_SERVER_RESPONSE_RECEIVED_DETAILS = "HTTP_BAD_SERVER_RESPONSE_RECEIVED_DETAILS";
-extern const isc::log::MessageID HTTP_CLIENT_HANDSHAKE_START = "HTTP_CLIENT_HANDSHAKE_START";
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_AUTHORIZED = "HTTP_CLIENT_REQUEST_AUTHORIZED";
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER = "HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER";
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_NOT_AUTHORIZED = "HTTP_CLIENT_REQUEST_NOT_AUTHORIZED";
@@ -23,6 +22,8 @@ extern const isc::log::MessageID HTTP_CLIENT_REQUEST_SEND = "HTTP_CLIENT_REQUEST
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_SEND_DETAILS = "HTTP_CLIENT_REQUEST_SEND_DETAILS";
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_TIMEOUT_OCCURRED = "HTTP_CLIENT_REQUEST_TIMEOUT_OCCURRED";
 extern const isc::log::MessageID HTTP_CONNECTION_CLOSE_CALLBACK_FAILED = "HTTP_CONNECTION_CLOSE_CALLBACK_FAILED";
+extern const isc::log::MessageID HTTP_CONNECTION_HANDSHAKE_FAILED = "HTTP_CONNECTION_HANDSHAKE_FAILED";
+extern const isc::log::MessageID HTTP_CONNECTION_HANDSHAKE_START = "HTTP_CONNECTION_HANDSHAKE_START";
 extern const isc::log::MessageID HTTP_CONNECTION_SHUTDOWN = "HTTP_CONNECTION_SHUTDOWN";
 extern const isc::log::MessageID HTTP_CONNECTION_SHUTDOWN_FAILED = "HTTP_CONNECTION_SHUTDOWN_FAILED";
 extern const isc::log::MessageID HTTP_CONNECTION_STOP = "HTTP_CONNECTION_STOP";
@@ -47,7 +48,6 @@ const char* values[] = {
     "HTTP_BAD_CLIENT_REQUEST_RECEIVED_DETAILS", "detailed information about bad request received from %1:\n%2",
     "HTTP_BAD_SERVER_RESPONSE_RECEIVED", "bad response received when communicating with %1: %2",
     "HTTP_BAD_SERVER_RESPONSE_RECEIVED_DETAILS", "detailed information about bad response received from %1:\n%2",
-    "HTTP_CLIENT_HANDSHAKE_START", "start TLS handshake with %1 with timeout %2",
     "HTTP_CLIENT_REQUEST_AUTHORIZED", "received HTTP request authorized for '%1'",
     "HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER", "received HTTP request with malformed authentication header: %1",
     "HTTP_CLIENT_REQUEST_NOT_AUTHORIZED", "received HTTP request with not matching authentication header",
@@ -58,6 +58,8 @@ const char* values[] = {
     "HTTP_CLIENT_REQUEST_SEND_DETAILS", "detailed information about request sent to %1:\n%2",
     "HTTP_CLIENT_REQUEST_TIMEOUT_OCCURRED", "HTTP request timeout occurred when communicating with %1",
     "HTTP_CONNECTION_CLOSE_CALLBACK_FAILED", "Connection close callback threw an exception",
+    "HTTP_CONNECTION_HANDSHAKE_FAILED", "TLS handshake with %1 failed with %2",
+    "HTTP_CONNECTION_HANDSHAKE_START", "start TLS handshake with %1 with timeout %2",
     "HTTP_CONNECTION_SHUTDOWN", "shutting down HTTP connection from %1",
     "HTTP_CONNECTION_SHUTDOWN_FAILED", "shutting down HTTP connection failed",
     "HTTP_CONNECTION_STOP", "stopping HTTP connection from %1",
diff --git a/src/lib/http/http_messages.h b/src/lib/http/http_messages.h
index e8e524d19e..9a4cc43107 100644
--- a/src/lib/http/http_messages.h
+++ b/src/lib/http/http_messages.h
@@ -13,7 +13,6 @@ extern const isc::log::MessageID HTTP_BAD_CLIENT_REQUEST_RECEIVED;
 extern const isc::log::MessageID HTTP_BAD_CLIENT_REQUEST_RECEIVED_DETAILS;
 extern const isc::log::MessageID HTTP_BAD_SERVER_RESPONSE_RECEIVED;
 extern const isc::log::MessageID HTTP_BAD_SERVER_RESPONSE_RECEIVED_DETAILS;
-extern const isc::log::MessageID HTTP_CLIENT_HANDSHAKE_START;
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_AUTHORIZED;
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER;
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_NOT_AUTHORIZED;
@@ -24,6 +23,8 @@ extern const isc::log::MessageID HTTP_CLIENT_REQUEST_SEND;
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_SEND_DETAILS;
 extern const isc::log::MessageID HTTP_CLIENT_REQUEST_TIMEOUT_OCCURRED;
 extern const isc::log::MessageID HTTP_CONNECTION_CLOSE_CALLBACK_FAILED;
+extern const isc::log::MessageID HTTP_CONNECTION_HANDSHAKE_FAILED;
+extern const isc::log::MessageID HTTP_CONNECTION_HANDSHAKE_START;
 extern const isc::log::MessageID HTTP_CONNECTION_SHUTDOWN;
 extern const isc::log::MessageID HTTP_CONNECTION_SHUTDOWN_FAILED;
 extern const isc::log::MessageID HTTP_CONNECTION_STOP;
diff --git a/src/lib/http/http_messages.mes b/src/lib/http/http_messages.mes
index 2524336097..2870f5b45d 100644
--- a/src/lib/http/http_messages.mes
+++ b/src/lib/http/http_messages.mes
@@ -33,12 +33,6 @@ from the server. The first argument specifies an URL of the server. The
 second argument provides a response in the textual format. The request is
 truncated by the logger if it is too large to be printed.
 
-% HTTP_CLIENT_HANDSHAKE_START start TLS handshake with %1 with timeout %2
-This debug message is issued when the server starts the TLS handshake
-with the remote endpoint. The first argument specifies the address
-of the remote endpoint. The second argument specifies request timeout in
-seconds.
-
 % HTTP_CLIENT_REQUEST_AUTHORIZED received HTTP request authorized for '%1'
 This information message is issued when the server receives with a matching
 authentication header. The argument provides the user id.
@@ -91,6 +85,14 @@ This is an error message emitted when the close connection callback
 registered on the connection failed unexpectedly.  This is a programmatic
 error that should be submitted as a bug.
 
+% HTTP_CONNECTION_HANDSHAKE_START start TLS handshake with %1 with timeout %2
+This debug message is issued when the server starts the TLS handshake
+with the remote endpoint. The first argument specifies the address
+of the remote endpoint. The second argument specifies request timeout in
+seconds.
+
+% HTTP_CONNECTION_HANDSHAKE_FAILED TLS handshake with %1 failed with %2
+
 % HTTP_CONNECTION_SHUTDOWN shutting down HTTP connection from %1
 This debug message is issued when one of the HTTP connections is shut down.
 The connection can be stopped as a result of an error or after the