TLS has a mechanism called "alerts" where one peer can signal problems to the other. A common case where this happens in when the client doesn't trust the certificate given by the server. At that point we end up with this in our logs: > 2021-09-01 06:28:41 ERROR tlwebaccess[264414]: [::ffff:10.48.0.7] gnutls_handshake: A TLS fatal alert has been received. > 2021-09-01 06:28:41 ERROR tlwebaccess[264414]: [::ffff:10.48.0.7] gnutls_handshake: Unknown certificate If you're not familiar with the exact details of TLS then this log message can be difficult to understand. We should probably log something more detailed, at least for common alert types.
Alert messages are now at debug level, on a single line, and more clear that it is coming from the other side. Tested on Ubuntu 20.04.
In the current fix, we rely on GCC-specific implementation details. Further details were sent via mail.
I have tested Jenkins server build #2267 running on Fedora 33: * It should be clear that this is a client error, not a server one Yes. * Alerts should be only be logged when in debug level Yes. I was not able to test the handling of unknown errors. Still, I gave the code a thorough look and can't find any issues. Closing.
