TLS 握手错误的错误日志写入器过滤方法详解

珍惜时间，勤奋学习！今天给大家带来《TLS 握手错误的错误日志写入器过滤方法详解》，正文内容主要涉及到等等，如果你正在学习Golang，或者是对Golang有疑问，欢迎大家关注我！后面我会持续更新相关内容的，希望都能帮到正在学习的大家！

如何过滤掉错误日志中的此类错误信息？这些消息充斥着错误日志，并且很难监控应用程序。

这些消息主要发生在尝试在没有任何 http 请求的情况下建立 tls 连接时

2022/10/23 01:05:26 server.go:3230: http: TLS handshake error from xx.xx.xx.xx: read tcp xx.xx.xx.xx:x->xx.xx.xx.xx: read: connection reset by peer
2022/10/23 01:05:26 server.go:3230: http: TLS handshake error from xx.xx.xx.xx: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])
2022/10/23 02:58:54 server.go:3230: http: TLS handshake error from xx.xx.xx.xx: EOF

正确答案

http.server 具有字段 errorlog。您可以将其底层编写器替换为自定义编写器，该自定义编写器会过滤掉包含“tls 握手错误”的字符串

下面是一个具有两台服务器的简单示例。一台服务器监听8443端口并使用完整日志。另一台服务器使用过滤日志并监听8444端口。

客户端连接到服务器。具有完整日志的服务器打印 http: tls handshake error from 127.0.0.1:xxxxx: remote error: tls: badcertificate。带有过滤日志的服务器没有任何提示。

该示例演示了最简单的过滤记录器，它可以过滤掉具有固定子字符串的行。

package main

import (
    "bytes"
    "context"
    "fmt"
    "io"
    "log"
    "net/http"
    "os"
    "sync"
    "time"
)

// filters out lines that contain substring
type filteringwriter struct {
    writer    io.writer
    substring []byte
}

func (fw filteringwriter) write(b []byte) (n int, err error) {
    if bytes.index(b, fw.substring) > -1 {
        // filter out the line that matches the pattern
        return len(b), nil
    }
    return fw.writer.write(b)
}

func newfilteringwriter(writer io.writer, pattern string) filteringwriter {
    return filteringwriter{
        writer:    writer,
        substring: []byte(pattern),
    }
}

// server handler function
func helloworld(w http.responsewriter, req *http.request) {
    w.header().set("content-type", "text/plain")
    w.write([]byte("hello, world!\n"))
}

// trivial server executor
func runserver(server *http.server, wg *sync.waitgroup) {
    server.listenandservetls("server.crt", "server.key")
    wg.done()
}

// shutdown server
func shutdownserver(server *http.server) {
    ctx, cancel := context.withdeadline(context.background(), time.now().add(2*time.second))
    server.shutdown(ctx)
    cancel()
}

func main() {
    fulllogger := log.new(
        os.stderr,
        "full: ",
        log.lstdflags,
    )
    // log that filters "tls handshake error"
    errorlogger := log.new(
        newfilteringwriter(
            os.stderr,
            "http: tls handshake error",
        ),
        "filtered: ",
        log.lstdflags,
    )

    servermux := http.newservemux()
    servermux.handlefunc("/hello", helloworld)

    server1 := &http.server{
        addr:     "localhost:8443",
        handler:  servermux,
        errorlog: fulllogger,
    }
    server2 := &http.server{
        addr:     "localhost:8444",
        handler:  servermux,
        errorlog: errorlogger,
    }

    wg := sync.waitgroup{}
    wg.add(2)
    go runserver(server1, &wg)
    go runserver(server2, &wg)

    // test loggers
    // client connects to the servers
    // the server with the full log prints
    // `http: tls handshake error from 127.0.0.1:53182: remote error: tls: bad certificate`
    // the server with the filtering log pints nothing
    client := http.client{}

    time.sleep(100 * time.millisecond)
    log.println("client connects to the server with full log")
    reponse, err := client.get(fmt.sprintf("https://%s/hello", server1.addr))
    if err != nil {
        log.printf("client failed: %v", err)
    } else {
        log.printf("server returned: %v", reponse)
    }

    time.sleep(100 * time.millisecond)
    log.println("client connects to the server with filtered log")
    reponse, err = client.get(fmt.sprintf("https://%s/hello", server2.addr))
    if err != nil {
        log.printf("client failed: %v", err)
    } else {
        log.printf("server returned: %v", reponse)
    }

    shutdownserver(server1)
    shutdownserver(server2)
    wg.wait()
}

输出：

2022/10/27 19:20:52 Client connects to the server with full log
2022/10/27 19:20:52 Client failed: Get "https://localhost:8443/hello": x509: certificate is not valid for any names, but wanted to match localhost
full: 2022/10/27 19:20:52 http: TLS handshake error from 127.0.0.1:53182: remote error: tls: bad certificate
2022/10/27 19:20:52 Client connects to the server with filtered log
2022/10/27 19:20:52 Client failed: Get "https://localhost:8444/hello": x509: certificate is not valid for any names, but wanted to match localhost

如您所见，有来自服务器 1 的日志行，但没有来自服务器 2 的日志行。

文中关于的知识介绍，希望对你的学习有所帮助！若是受益匪浅，那就动动鼠标收藏这篇《TLS 握手错误的错误日志写入器过滤方法详解》文章吧，也可关注golang学习网公众号了解相关技术文章。