From: Artem Boldariev <artem@boldariev.com>
Date: Wed, 24 Nov 2021 12:09:31 +0000 (+0200)
Subject: TLS stream: disable TLS I/O debug log message by default
X-Git-Tag: v9.17.21~15^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b211fff4cb0ccb5f34d78ae3f0acc85ddf266439;p=thirdparty%2Fbind9.git

TLS stream: disable TLS I/O debug log message by default

This commit makes the TLS stream code to not issue mostly useless
debug log message on error during TLS I/O. This message was cluttering
logs a lot, as it can be generated on (almost) any non-clean TLS
connection termination, even in the cases when the actual query
completed successfully. Nor does it provide much value for end-users,
yet it can occasionally be seen when using dig and quite often when
running BIND over a publicly available network interface.
---

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index f5290890cde..08725a48024 100644
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -367,7 +367,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 					  received_data->length, &len);
 			if (rv <= 0 || len != received_data->length) {
 				result = ISC_R_TLSERROR;
+#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE)
 				saved_errno = errno;
+#endif
 				goto error;
 			}
 
@@ -506,6 +508,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 	}
 
 error:
+#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE)
 	isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
 		      ISC_LOG_NOTICE,
 		      "SSL error in BIO: %d %s (errno: %d). Arguments: "
@@ -513,6 +516,7 @@ error:
 		      "send_data: %p, finish: %s",
 		      tls_status, isc_result_totext(result), saved_errno,
 		      received_data, send_data, finish ? "true" : "false");
+#endif
 	tls_failed_read_cb(sock, result);
 }