summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java
index 886071243ba..75df82036a2 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailedListener.java
@@ -56,6 +56,10 @@ class SslHandshakeFailedListener implements SslHandshakeListener {
MISSING_CLIENT_CERT(
Metrics.SSL_HANDSHAKE_FAILURE_MISSING_CLIENT_CERT,
"Empty server certificate chain"),
+ EXPIRED_CLIENT_CERTIFICATE(
+ Metrics.SSL_HANDSHAKE_FAILURE_EXPIRED_CLIENT_CERT,
+ // Note: this pattern will match certificates with too late notBefore as well
+ "PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"),
INVALID_CLIENT_CERT(
Metrics.SSL_HANDSHAKE_FAILURE_INVALID_CLIENT_CERT,
"PKIX path (building|validation) failed: .+");