diff --git a/runtime/glbl.c b/runtime/glbl.c index 7ca2ce0d8..f0750a270 100644 --- a/runtime/glbl.c +++ b/runtime/glbl.c @@ -84,6 +84,7 @@ static int bOptimizeUniProc = 1; /* enable uniprocessor optimizations */ static int bParseHOSTNAMEandTAG = 1; /* parser modification (based on startup params!) */ static int bPreserveFQDN = 0; /* should FQDNs always be preserved? */ static int iMaxLine = 8096; /* maximum length of a syslog message */ +static int iGnuTLSLoglevel = 0; static int iDefPFFamily = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */ static int bDropMalPTRMsgs = 0;/* Drop messages which have malicious PTR records during DNS lookup */ static int option_DisallowWarning = 1; /* complain if message from disallowed sender is received */ @@ -131,6 +132,7 @@ static struct cnfparamdescr cnfparamdescr[] = { { "preservefqdn", eCmdHdlrBinary, 0 }, { "debug.onshutdown", eCmdHdlrBinary, 0 }, { "debug.logfile", eCmdHdlrString, 0 }, + { "debug.gnutls", eCmdHdlrPositiveInt, 0 }, { "defaultnetstreamdrivercafile", eCmdHdlrString, 0 }, { "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 }, { "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 }, @@ -183,6 +185,12 @@ GetMaxLine(void) return(iMaxLine); } +int +GetGnuTLSLoglevel(void) +{ + return(iGnuTLSLoglevel); +} + /* define a macro for the simple properties' set and get functions * (which are always the same). This is only suitable for pretty * simple cases which require neither checks nor memory allocation. @@ -1040,6 +1048,8 @@ glblDoneLoadCnf(void) } else if(!strcmp(paramblk.descr[i].name, "debug.onshutdown")) { glblDebugOnShutdown = (int) cnfparamvals[i].val.d.n; errmsg.LogError(0, RS_RET_OK, "debug: onShutdown set to %d", glblDebugOnShutdown); + } else if(!strcmp(paramblk.descr[i].name, "debug.gnutls")) { + iGnuTLSLoglevel = (int) cnfparamvals[i].val.d.n; } else if(!strcmp(paramblk.descr[i].name, "parser.controlcharacterescapeprefix")) { cCCEscapeChar = (uchar) *es_str2cstr(cnfparamvals[i].val.d.estr, NULL); } else if(!strcmp(paramblk.descr[i].name, "parser.droptrailinglfonreception")) { diff --git a/runtime/glbl.h b/runtime/glbl.h index a594d5f53..5399b462a 100644 --- a/runtime/glbl.h +++ b/runtime/glbl.h @@ -122,5 +122,6 @@ void glblDestructMainqCnfObj(); void glblDoneLoadCnf(void); const uchar * glblGetWorkDirRaw(void); tzinfo_t* glblFindTimezoneInfo(char *id); +int GetGnuTLSLoglevel(void); #endif /* #ifndef GLBL_H_INCLUDED */ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index b056a0000..a763e4bd2 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -2,7 +2,7 @@ * * An implementation of the nsd interface for GnuTLS. * - * Copyright (C) 2007-2014 Rainer Gerhards and Adiscon GmbH. + * Copyright (C) 2007-2015 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. * @@ -87,8 +87,6 @@ static pthread_mutex_t mutGtlsStrerror; /**< a mutex protecting the potentially /* ------------------------------ GnuTLS specifics ------------------------------ */ static gnutls_certificate_credentials_t xcred; -#ifdef DEBUG -#if 0 /* uncomment, if needed some time again -- DEV Debug only */ /* This defines a log function to be provided to GnuTLS. It hopefully * helps us track down hard to find problems. * rgerhards, 2008-06-20 @@ -97,8 +95,7 @@ static void logFunction(int level, const char *msg) { dbgprintf("GnuTLS log msg, level %d: %s\n", level, msg); } -#endif -#endif /* #ifdef DEBUG */ + /* read in the whole content of a file. The caller is responsible for @@ -605,13 +602,11 @@ gtlsGlblInit(void) ABORT_FINALIZE(RS_RET_GNUTLS_ERR); } -# ifdef DEBUG -#if 0 /* do this in special cases only. WARNING: if active, it may reveal sensitive information! */ - /* intialize log function - set a level only for hard-to-find bugs */ - gnutls_global_set_log_function(logFunction); - gnutls_global_set_log_level(10); /* 0 (no) to 9 (most), 10 everything */ -# endif -# endif + if(GetGnuTLSLoglevel() > 0){ + gnutls_global_set_log_function(logFunction); + gnutls_global_set_log_level(GetGnuTLSLoglevel()); + /* 0 (no) to 9 (most), 10 everything */ + } finalize_it: RETiRet;