From: Martin Willi <martin@revosec.ch>
Date: Thu, 27 Jan 2011 08:14:53 +0000 (+0100)
Subject: Do not log potentially hundreds of cert requests for unknown CAs at level 1
X-Git-Tag: 4.5.1~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c89a00f05d7417deb09a9693e24687b77c7a2ce;p=thirdparty%2Fstrongswan.git

Do not log potentially hundreds of cert requests for unknown CAs at level 1
---

diff --git a/src/libcharon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c
index 944637c117..a59b8dcce3 100644
--- a/src/libcharon/sa/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/tasks/ike_cert_pre.c
@@ -76,6 +76,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message)
 			{
 				certreq_payload_t *certreq = (certreq_payload_t*)payload;
 				enumerator_t *enumerator;
+				u_int unknown = 0;
 				chunk_t keyid;
 
 				this->ike_sa->set_condition(this->ike_sa, COND_CERTREQ_SEEN, TRUE);
@@ -103,12 +104,18 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message)
 					}
 					else
 					{
-						DBG1(DBG_IKE, "received cert request for unknown ca "
+						DBG2(DBG_IKE, "received cert request for unknown ca "
 									  "with keyid %Y", id);
+						unknown++;
 					}
 					id->destroy(id);
 				}
 				enumerator->destroy(enumerator);
+				if (unknown)
+				{
+					DBG1(DBG_IKE, "received %u cert requests for an unknown ca",
+						 unknown);
+				}
 				break;
 			}
 			case NOTIFY: