Update pattern to new type of error message for invalid client certificate (#14521)

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-09-24 12:15:54 +0200
committer: GitHub <noreply@github.com> 2020-09-24 12:15:54 +0200
commit: 1cd364b2e2d0681a4533ea7307ea3e7c6762fa87 (patch)
tree: 8db973aff5e992ce382b0aa2d56d4ca38c5cdc1a /jdisc_http_service/src
parent: f1707e50e0d7c3d4792db2f39ef2845f665704eb (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java
index 9ced933105d..fc9a6fc03be 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java
@@ -67,8 +67,8 @@ class SslHandshakeFailedListener implements SslHandshakeListener {
                 // Note: this pattern will match certificates with too late notBefore as well
                 "PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"),
         INVALID_CLIENT_CERT(
-                Metrics.SSL_HANDSHAKE_FAILURE_INVALID_CLIENT_CERT,
-                "PKIX path (building|validation) failed: .+");
+                Metrics.SSL_HANDSHAKE_FAILURE_INVALID_CLIENT_CERT, // Includes mismatch of client certificate and private key
+                "(PKIX path (building|validation) failed: .+)|(Invalid CertificateVerify signature)");
 
         private final String metricName;
         private final Predicate<String> messageMatcher;
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-09-24 12:15:54 +0200
committer	GitHub <noreply@github.com>	2020-09-24 12:15:54 +0200
commit	1cd364b2e2d0681a4533ea7307ea3e7c6762fa87 (patch)
tree	8db973aff5e992ce382b0aa2d56d4ca38c5cdc1a /jdisc_http_service/src
parent	f1707e50e0d7c3d4792db2f39ef2845f665704eb (diff)