ssl: Log SSL "close notify" alerts as debug messages, not warnings.

They are clean shutdown messages after all.

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 14a581cef3711c17edf7e7c718c7deae72bafbc6..dd9be45a5c492743f09000c66c853569ba1836a9 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -22,10 +22,19 @@ static void openssl_info_callback(const SSL *ssl, int where, int ret)
 
        ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index);
        if ((where & SSL_CB_ALERT) != 0) {
-               i_warning("%sSSL alert: where=0x%x, ret=%d: %s %s",
-                         ssl_io->log_prefix, where, ret,
-                         SSL_alert_type_string_long(ret),
-                         SSL_alert_desc_string_long(ret));
+               switch (ret & 0xff) {
+               case SSL_AD_CLOSE_NOTIFY:
+                       i_debug("%sSSL alert: %s",
+                               ssl_io->log_prefix,
+                               SSL_alert_desc_string_long(ret));
+                       break;
+               default:
+                       i_warning("%sSSL alert: where=0x%x, ret=%d: %s %s",
+                                 ssl_io->log_prefix, where, ret,
+                                 SSL_alert_type_string_long(ret),
+                                 SSL_alert_desc_string_long(ret));
+                       break;
+               }
        } else if (ret == 0) {
                i_warning("%sSSL failed: where=0x%x: %s",
                          ssl_io->log_prefix, where, SSL_state_string_long(ssl));

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 0a96f0240afaead9e5ae0a3fdfe22bc9ede49fc7..07ef78d8c57754175b26a5afadb4798e8703a40a 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -850,10 +850,19 @@ static void ssl_info_callback(const SSL *ssl, int where, int ret)
                return;
 
        if ((where & SSL_CB_ALERT) != 0) {
-               i_warning("SSL alert: where=0x%x, ret=%d: %s %s [%s]",
-                         where, ret, SSL_alert_type_string_long(ret),
-                         SSL_alert_desc_string_long(ret),
-                         net_ip2addr(&proxy->ip));
+               switch (ret & 0xff) {
+               case SSL_AD_CLOSE_NOTIFY:
+                       i_debug("SSL alert: %s [%s]",
+                               SSL_alert_desc_string_long(ret),
+                               net_ip2addr(&proxy->ip));
+                       break;
+               default:
+                       i_warning("SSL alert: where=0x%x, ret=%d: %s %s [%s]",
+                                 where, ret, SSL_alert_type_string_long(ret),
+                                 SSL_alert_desc_string_long(ret),
+                                 net_ip2addr(&proxy->ip));
+                       break;
+               }
        } else if (ret == 0) {
                i_warning("SSL failed: where=0x%x: %s [%s]",
                          where, SSL_state_string_long(ssl),