mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-19 19:52:15 +02:00
Correctly set the debug level for ssl alert logging
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This commit is contained in:
parent
d57522dc9c
commit
b8f7761e66
@ -294,7 +294,7 @@ class OpenSSLContext : public SSLFactoryAPI
|
||||
|
||||
void set_debug_level(const int debug_level) override
|
||||
{
|
||||
ssl_debug_level = debug_level;
|
||||
set_log_level(debug_level);
|
||||
}
|
||||
|
||||
void set_flags(const unsigned int flags_arg) override
|
||||
@ -520,7 +520,6 @@ class OpenSSLContext : public SSLFactoryAPI
|
||||
ret->mode = mode;
|
||||
ret->dh = dh;
|
||||
ret->frame = frame;
|
||||
ret->ssl_debug_level = ssl_debug_level;
|
||||
ret->flags = flags;
|
||||
ret->local_cert_enabled = local_cert_enabled;
|
||||
|
||||
@ -676,7 +675,6 @@ class OpenSSLContext : public SSLFactoryAPI
|
||||
TLSSessionTicketBase *session_ticket_handler = nullptr; // server side only
|
||||
SNI::HandlerBase *sni_handler = nullptr; // server side only
|
||||
Frame::Ptr frame;
|
||||
int ssl_debug_level = 0;
|
||||
unsigned int flags = 0; // defined in sslconsts.hpp
|
||||
std::string sni_name; // client side only
|
||||
NSCert::Type ns_cert_type{NSCert::NONE};
|
||||
@ -1441,7 +1439,7 @@ class OpenSSLContext : public SSLFactoryAPI
|
||||
OPENVPN_THROW(ssl_context_error, "OpenSSLContext: CA not defined");
|
||||
|
||||
// Show handshake debugging info
|
||||
if (config->ssl_debug_level)
|
||||
if (log_.log_level() >= logging::LOG_LEVEL_INFO)
|
||||
SSL_CTX_set_info_callback(ctx.get(), info_callback);
|
||||
}
|
||||
|
||||
@ -2046,7 +2044,7 @@ class OpenSSLContext : public SSLFactoryAPI
|
||||
: "undefined"))
|
||||
<< "): " << SSL_state_string_long(s));
|
||||
}
|
||||
else if (where & SSL_CB_ALERT)
|
||||
if (where & SSL_CB_ALERT)
|
||||
{
|
||||
OVPN_LOG_INFO("SSL alert ("
|
||||
<< (where & SSL_CB_READ ? "read" : "write") << "): "
|
||||
|
@ -79,6 +79,7 @@ TEST(ssl, tls_groups)
|
||||
sslcfg->set_local_cert_enabled(false);
|
||||
sslcfg->set_flags(SSLConst::NO_VERIFY_PEER);
|
||||
sslcfg->set_rng(rng);
|
||||
sslcfg->set_debug_level(1);
|
||||
|
||||
sslcfg->set_tls_groups("secp521r1:secp384r1");
|
||||
|
||||
@ -88,9 +89,9 @@ TEST(ssl, tls_groups)
|
||||
|
||||
sslcfg->set_tls_groups("secp521r1:secp384r1:greenhell");
|
||||
|
||||
|
||||
testLog->startCollecting();
|
||||
f = sslcfg->new_factory();
|
||||
f->set_log_level(logging::LOG_LEVEL_INFO);
|
||||
f->ssl();
|
||||
#ifdef USE_OPENSSL
|
||||
EXPECT_EQ("OpenSSL -- warning ignoring unknown group 'greenhell' in tls-groups\n", testLog->stopCollecting());
|
||||
|
Loading…
Reference in New Issue
Block a user