Correctly set the debug level for ssl alert logging

Signed-off-by: Arne Schwabe <arne@openvpn.net>
2024-09-19 19:52:15 +02:00 · 2024-06-12 12:32:35 +02:00 · 2024-06-12 12:32:35 +02:00 · b8f7761e66
commit b8f7761e66
parent d57522dc9c
2 changed files with 5 additions and 6 deletions
--- a/openvpn/openssl/ssl/sslctx.hpp
+++ b/openvpn/openssl/ssl/sslctx.hpp
@ -294,7 +294,7 @@ class OpenSSLContext : public SSLFactoryAPI

        void set_debug_level(const int debug_level) override
        {
-            ssl_debug_level = debug_level;
+            set_log_level(debug_level);
        }

        void set_flags(const unsigned int flags_arg) override
@ -520,7 +520,6 @@ class OpenSSLContext : public SSLFactoryAPI
            ret->mode = mode;
            ret->dh = dh;
            ret->frame = frame;
-            ret->ssl_debug_level = ssl_debug_level;
            ret->flags = flags;
            ret->local_cert_enabled = local_cert_enabled;

@ -676,7 +675,6 @@ class OpenSSLContext : public SSLFactoryAPI
        TLSSessionTicketBase *session_ticket_handler = nullptr; // server side only
        SNI::HandlerBase *sni_handler = nullptr;                // server side only
        Frame::Ptr frame;
-        int ssl_debug_level = 0;
        unsigned int flags = 0; // defined in sslconsts.hpp
        std::string sni_name;   // client side only
        NSCert::Type ns_cert_type{NSCert::NONE};
@ -1441,7 +1439,7 @@ class OpenSSLContext : public SSLFactoryAPI
            OPENVPN_THROW(ssl_context_error, "OpenSSLContext: CA not defined");

        // Show handshake debugging info
-        if (config->ssl_debug_level)
+        if (log_.log_level() >= logging::LOG_LEVEL_INFO)
            SSL_CTX_set_info_callback(ctx.get(), info_callback);
    }

@ -2046,7 +2044,7 @@ class OpenSSLContext : public SSLFactoryAPI
                                         : "undefined"))
                          << "): " << SSL_state_string_long(s));
        }
-        else if (where & SSL_CB_ALERT)
+        if (where & SSL_CB_ALERT)
        {
            OVPN_LOG_INFO("SSL alert ("
                          << (where & SSL_CB_READ ? "read" : "write") << "): "
--- a/test/unittests/test_ssl.cpp
+++ b/test/unittests/test_ssl.cpp
@ -79,6 +79,7 @@ TEST(ssl, tls_groups)
    sslcfg->set_local_cert_enabled(false);
    sslcfg->set_flags(SSLConst::NO_VERIFY_PEER);
    sslcfg->set_rng(rng);
+    sslcfg->set_debug_level(1);

    sslcfg->set_tls_groups("secp521r1:secp384r1");

@ -88,9 +89,9 @@ TEST(ssl, tls_groups)

    sslcfg->set_tls_groups("secp521r1:secp384r1:greenhell");

-
    testLog->startCollecting();
    f = sslcfg->new_factory();
+    f->set_log_level(logging::LOG_LEVEL_INFO);
    f->ssl();
 #ifdef USE_OPENSSL
    EXPECT_EQ("OpenSSL -- warning ignoring unknown group 'greenhell' in tls-groups\n", testLog->stopCollecting());