TLS stream: disable TLS I/O debug log message by default

This commit makes the TLS stream code to not issue mostly useless
debug log message on error during TLS I/O. This message was cluttering
logs a lot, as it can be generated on (almost) any non-clean TLS
connection termination, even in the cases when the actual query
completed successfully. Nor does it provide much value for end-users,
yet it can occasionally be seen when using dig and quite often when
running BIND over a publicly available network interface.

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index f5290890cdeb1b24d4c829494330b0d4b52daddf..08725a48024390d4acef327b1486a99a682667c1 100644 (file)
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -367,7 +367,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
                                          received_data->length, &len);
                        if (rv <= 0 || len != received_data->length) {
                                result = ISC_R_TLSERROR;
+#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE)
                                saved_errno = errno;
+#endif
                                goto error;
                        }
 
@@ -506,6 +508,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
        }
 
 error:
+#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE)
        isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
                      ISC_LOG_NOTICE,
                      "SSL error in BIO: %d %s (errno: %d). Arguments: "
@@ -513,6 +516,7 @@ error:
                      "send_data: %p, finish: %s",
                      tls_status, isc_result_totext(result), saved_errno,
                      received_data, send_data, finish ? "true" : "false");
+#endif
        tls_failed_read_cb(sock, result);
 }