From b211fff4cb0ccb5f34d78ae3f0acc85ddf266439 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Wed, 24 Nov 2021 14:09:31 +0200 Subject: [PATCH] TLS stream: disable TLS I/O debug log message by default This commit makes the TLS stream code to not issue mostly useless debug log message on error during TLS I/O. This message was cluttering logs a lot, as it can be generated on (almost) any non-clean TLS connection termination, even in the cases when the actual query completed successfully. Nor does it provide much value for end-users, yet it can occasionally be seen when using dig and quite often when running BIND over a publicly available network interface. --- lib/isc/netmgr/tlsstream.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index f5290890cd..08725a4802 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -367,7 +367,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, received_data->length, &len); if (rv <= 0 || len != received_data->length) { result = ISC_R_TLSERROR; +#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE) saved_errno = errno; +#endif goto error; } @@ -506,6 +508,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, } error: +#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE) isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR, ISC_LOG_NOTICE, "SSL error in BIO: %d %s (errno: %d). Arguments: " @@ -513,6 +516,7 @@ error: "send_data: %p, finish: %s", tls_status, isc_result_totext(result), saved_errno, received_data, send_data, finish ? "true" : "false"); +#endif tls_failed_read_cb(sock, result); }