kresd: get more out of TLS logging when --verbose

GnuTLS doesn't actually log very much at log level 1.

It currently logs things at the following levels:

level 3: asserts
level 4: handshake information
level 5: record-layer information
level 9: session keys, IVs, and internal secrets
level 10: raw network read and buffering information

level 5 seems like the right layer for "verbose", without leaking too
much sensitive stuff.

diff --git a/daemon/tls.c b/daemon/tls.c
index 9d14922f9a963bcf507329a4fe15456e2b9d4b5e..0b970613cf0ecb27266750d1830004229e076674 100644 (file)
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -69,7 +69,7 @@ static void kres_gnutls_log(int level, const char *message)
 void tls_setup_logging(bool verbose)
 {
        gnutls_global_set_log_function(kres_gnutls_log);
-       gnutls_global_set_log_level(verbose ? 1 : 0);
+       gnutls_global_set_log_level(verbose ? 5 : 0);
 }
 
 static ssize_t kres_gnutls_push(gnutls_transport_ptr_t h, const void *buf, size_t len)