Log TLS hanshake duration

This commit adds logging to the duration of the TLS handshakes, both client and server. Change-Id: I5f630a62362e2131882542c78d3f321aed7fc2d2 Signed-off-by: yacovm <[email protected]>
hyperledger · Oct 22, 2020 · b5a12de · b5a12de
1 parent 56d7b84
commit b5a12de
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/core/comm/creds.go b/core/comm/creds.go
@@ -13,12 +13,16 @@ import (
 	"errors"
 	"net"
 	"sync"
+	"time"
 
 	"github.com/hyperledger/fabric/common/flogging"
 	"google.golang.org/grpc/credentials"
 )
 
 var (
+	// Logger for TLS client connections
+	tlsClientLogger = flogging.MustGetLogger("comm.tls")
+
 	ClientHandshakeNotImplError = errors.New("core/comm: Client handshakes" +
 		"are not implemented with serverCreds")
 	OverrrideHostnameNotSupportedError = errors.New(
@@ -38,6 +42,10 @@ func NewServerTransportCredentials(
 	serverConfig *TLSConfig,
 	logger *flogging.FabricLogger) credentials.TransportCredentials {
 
+	if logger == nil {
+		logger = tlsClientLogger
+	}
+
 	// NOTE: unlike the default grpc/credentials implementation, we do not
 	// clone the tls.Config which allows us to update it dynamically
 	serverConfig.config.NextProtos = alpnProtoStr
@@ -100,15 +108,14 @@ func (sc *serverCreds) ClientHandshake(context.Context,
 // ServerHandshake does the authentication handshake for servers.
 func (sc *serverCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
 	serverConfig := sc.serverConfig.Config()
-
 	conn := tls.Server(rawConn, &serverConfig)
+	l := sc.logger.With("remote address", conn.RemoteAddr().String())
+	start := time.Now()
 	if err := conn.Handshake(); err != nil {
-		if sc.logger != nil {
-			sc.logger.With("remote address",
-				conn.RemoteAddr().String()).Errorf("TLS handshake failed with error %s", err)
-		}
+		l.Errorf("Server TLS handshake failed in %s with error %s", time.Since(start), err)
 		return nil, nil, err
 	}
+	l.Debugf("Server TLS handshake completed in %s", time.Since(start))
 	return conn, credentials.TLSInfo{State: conn.ConnectionState()}, nil
 }
 
@@ -148,7 +155,16 @@ func (dtc *DynamicClientCredentials) latestConfig() *tls.Config {
 }
 
 func (dtc *DynamicClientCredentials) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
-	return credentials.NewTLS(dtc.latestConfig()).ClientHandshake(ctx, authority, rawConn)
+	l := tlsClientLogger.With("remote address", rawConn.RemoteAddr().String())
+	creds := credentials.NewTLS(dtc.latestConfig())
+	start := time.Now()
+	conn, auth, err := creds.ClientHandshake(ctx, authority, rawConn)
+	if err != nil {
+		l.Errorf("Client TLS handshake failed after %s with error: %s", time.Since(start), err)
+	} else {
+		l.Debugf("Client TLS handshake completed in %s", time.Since(start))
+	}
+	return conn, auth, err
 }
 
 func (dtc *DynamicClientCredentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {

diff --git a/core/comm/creds_test.go b/core/comm/creds_test.go
@@ -93,7 +93,7 @@ func TestCreds(t *testing.T) {
 	})
 	wg.Wait()
 	assert.Contains(t, err.Error(), "protocol version not supported")
-	assert.Contains(t, recorder.Messages()[0], "TLS handshake failed with error")
+	assert.Contains(t, recorder.Messages()[1], "TLS handshake failed")
 }
 
 func TestNewTLSConfig(t *testing.T) {