From ae589018cb5b9f70a555b9bfd67c47688b6eceab Mon Sep 17 00:00:00 2001
From: Gyu-Ho Lee <gyuhox@gmail.com>
Date: Fri, 1 Dec 2017 09:25:39 -0800
Subject: [PATCH] embed: provide more details on TLS handshake failure

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
---
 embed/config.go | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/embed/config.go b/embed/config.go
index 0d23d03ebca..82f9f4e8f8d 100644
--- a/embed/config.go
+++ b/embed/config.go
@@ -237,13 +237,24 @@ func NewConfig() *Config {
 	return cfg
 }
 
+func logTLSHandshakeFailure(conn *tls.Conn, err error) {
+	state := conn.ConnectionState()
+	remoteAddr := conn.RemoteAddr().String()
+	serverName := state.ServerName
+	if len(state.PeerCertificates) > 0 {
+		cert := state.PeerCertificates[0]
+		ips, dns := cert.IPAddresses, cert.DNSNames
+		plog.Infof("rejected connection from %q (error %q, ServerName %q, IPAddresses %q, DNSNames %q)", remoteAddr, err.Error(), serverName, ips, dns)
+	} else {
+		plog.Infof("rejected connection from %q (error %q, ServerName %q)", remoteAddr, err.Error(), serverName)
+	}
+}
+
 // SetupLogging initializes etcd logging.
 // Must be called after flag parsing.
 func (cfg *Config) SetupLogging() {
-	cfg.ClientTLSInfo.HandshakeFailure = func(conn *tls.Conn, err error) {
-		plog.Infof("rejected connection from %q (%v)", conn.RemoteAddr().String(), err)
-	}
-	cfg.PeerTLSInfo.HandshakeFailure = cfg.ClientTLSInfo.HandshakeFailure
+	cfg.ClientTLSInfo.HandshakeFailure = logTLSHandshakeFailure
+	cfg.PeerTLSInfo.HandshakeFailure = logTLSHandshakeFailure
 
 	capnslog.SetGlobalLogLevel(capnslog.INFO)
 	if cfg.Debug {