+ @Override
+ public void run() {
+ HandshakeStatus status = sslHandler.engine().getHandshakeStatus();
+ LOG.debug("Handshake status {}", status);
+ switch (status) {
+ case FINISHED:
+ case NOT_HANDSHAKING:
+ //Handshake done. Notify listener.
+ OvsdbClient client = getChannelClient(channel, ConnectionType.PASSIVE,
+ Executors.newFixedThreadPool(NUM_THREADS));
+
+ LOG.debug("Notify listener");
+ for (OvsdbConnectionListener listener : connectionListeners) {
+ listener.connected(client);
+ }
+ break;
+
+ case NEED_UNWRAP:
+ case NEED_TASK:
+ //Handshake still ongoing. Retry later.
+ LOG.debug("handshake not done yet {}", status);
+ executorService.schedule(this, retryPeriod, TimeUnit.MILLISECONDS);
+ break;
+
+ case NEED_WRAP:
+ if (sslHandler.engine().getSession().getCipherSuite()
+ .equals("SSL_NULL_WITH_NULL_NULL")) {
+ /* peer not authenticated. No need to notify listener in this case. */
+ LOG.error("Ssl handshake fail. channel {}", channel);
+ } else {
+ /*
+ * peer is authenticated. Give some time to wait for completion.
+ * If status is still NEED_WRAP, client might already disconnect.
+ * This happens when the first time client connects to controller in two-way handshake.
+ * After obtaining controller certificate, client will disconnect and start
+ * new connection with controller certificate it obtained.
+ * In this case no need to do anything for the first connection attempt. Just skip
+ * since client will reconnect later.
+ */
+ LOG.debug("handshake not done yet {}", status);
+ if (retryTimes > 0) {
+ executorService.schedule(this, retryPeriod, TimeUnit.MILLISECONDS);
+ } else {
+ LOG.debug("channel closed {}", channel);
+ }
+ retryTimes--;
+ }
+ break;
+
+ default:
+ LOG.error("unknown hadshake status {}", status);
+ }