From: Marek Vavruša <mvavrusa@cloudflare.com>
Date: Fri, 23 Mar 2018 21:32:08 +0000 (-0700)
Subject: daemon/tls: downgraded TLS logging to verbose
X-Git-Tag: v2.2.0~6^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c15397636f88b5fc9fa9a98f3a7826d53e7809ff;p=thirdparty%2Fknot-resolver.git

daemon/tls: downgraded TLS logging to verbose

Logging handshake and connection failures should be verbose, as
it's not really a server failure if client errors, or uses a wrong
SPKI pin to the certificate. It is however not ideal to flood logs.
---

diff --git a/daemon/tls.c b/daemon/tls.c
index 79bc21de7..1122221f1 100644
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -288,7 +288,7 @@ int tls_process(struct worker_ctx *worker, uv_stream_t *handle, const uint8_t *b
 		} else if (err == GNUTLS_E_AGAIN) {
 			return 0;
 		} else if (gnutls_error_is_fatal(err)) {
-			kr_log_error("[%s] gnutls_handshake failed: %s (%d)\n",
+			kr_log_verbose("[%s] gnutls_handshake failed: %s (%d)\n",
 				     logstring,
 			             gnutls_strerror_name(err), err);
 			if (tls_p->handshake_cb) {
@@ -306,7 +306,7 @@ int tls_process(struct worker_ctx *worker, uv_stream_t *handle, const uint8_t *b
 		} else if (count == GNUTLS_E_INTERRUPTED) {
 			continue; /* Try reading again */
 		} else if (count < 0) {
-			kr_log_error("[%s] gnutls_record_recv failed: %s (%zd)\n",
+			kr_log_verbose("[%s] gnutls_record_recv failed: %s (%zd)\n",
 				     logstring, gnutls_strerror_name(count), count);
 			return kr_error(EIO);
 		}
@@ -883,7 +883,7 @@ int tls_client_connect_start(struct tls_client_ctx_t *client_ctx,
 	if (ret == GNUTLS_E_SUCCESS) {
 		return kr_ok();
 	} else if (gnutls_error_is_fatal(ret) != 0) {
-		kr_log_error("[tls_client] handshake failed (%s)\n", gnutls_strerror(ret));
+		kr_log_verbose("[tls_client] handshake failed (%s)\n", gnutls_strerror(ret));
 		return kr_error(ECONNABORTED);
 	}
 	return kr_error(EAGAIN);