2 files changed, 39 insertions, 2 deletions

diff --git a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java
index f147c7710..adba676ac 100644
--- a/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java
+++ b/base/server/cms/src/org/dogtagpki/server/PKIServerSocketListener.java
@@ -41,6 +41,42 @@ public class PKIServerSocketListener implements SSLSocketListener {
 
     @Override
     public void alertReceived(SSLAlertEvent event) {
+        try {
+            SSLSocket socket = event.getSocket();
+
+            SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress();
+            InetAddress clientAddress = remoteSocketAddress == null ? null : ((InetSocketAddress)remoteSocketAddress).getAddress();
+            InetAddress serverAddress = socket.getLocalAddress();
+            String clientIP = clientAddress == null ? "" : clientAddress.getHostAddress();
+            String serverIP = serverAddress == null ? "" : serverAddress.getHostAddress();
+
+            SSLSecurityStatus status = socket.getStatus();
+            X509Certificate peerCertificate = status.getPeerCertificate();
+            Principal subjectDN = peerCertificate == null ? null : peerCertificate.getSubjectDN();
+            String subjectID = subjectDN == null ? "" : subjectDN.toString();
+
+            int description = event.getDescription();
+            String reason = SSLAlertDescription.valueOf(description).toString();
+
+            logger.debug("SSL alert received:");
+            logger.debug(" - client: " + clientAddress);
+            logger.debug(" - server: " + serverAddress);
+            logger.debug(" - reason: " + reason);
+
+            IAuditor auditor = CMS.getAuditor();
+
+            String auditMessage = CMS.getLogMessage(
+                    "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED",
+                    clientIP,
+                    serverIP,
+                    subjectID,
+                    reason);
+
+            auditor.log(auditMessage);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
     }
 
     @Override
@@ -75,7 +111,8 @@ public class PKIServerSocketListener implements SSLSocketListener {
                         "LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED",
                         clientIP,
                         serverIP,
-                        subjectID);
+                        subjectID,
+                        reason);
 
                 auditor.log(auditMessage);
 
diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties
index dde53ba73..7572db456 100644
--- a/base/server/cmsbundle/src/LogMessages.properties
+++ b/base/server/cmsbundle/src/LogMessages.properties
@@ -2737,7 +2737,7 @@ LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS=\
 #    separated by + (if more than one name;;value pair) of config params changed
 #
 LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED=\
-<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session terminated
+<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success][Info={3}] access session terminated
 
 
 ###########################