From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 27 Apr 2017 20:18:34 +0000 (-0700)
Subject: kresd: get more out of TLS logging when --verbose
X-Git-Tag: v1.3.0~11^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77c58378c75389b47991a3be990b34ce9a87afe4;p=thirdparty%2Fknot-resolver.git

kresd: get more out of TLS logging when --verbose

GnuTLS doesn't actually log very much at log level 1.

It currently logs things at the following levels:

level 3: asserts
level 4: handshake information
level 5: record-layer information
level 9: session keys, IVs, and internal secrets
level 10: raw network read and buffering information

level 5 seems like the right layer for "verbose", without leaking too
much sensitive stuff.
---

diff --git a/daemon/tls.c b/daemon/tls.c
index 9d14922f9..0b970613c 100644
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -69,7 +69,7 @@ static void kres_gnutls_log(int level, const char *message)
 void tls_setup_logging(bool verbose)
 {
 	gnutls_global_set_log_function(kres_gnutls_log);
-	gnutls_global_set_log_level(verbose ? 1 : 0);
+	gnutls_global_set_log_level(verbose ? 5 : 0);
 }
 
 static ssize_t kres_gnutls_push(gnutls_transport_ptr_t h, const void *buf, size_t len)