add global parameter "debug.gnutls"

enables GnuTLS indepth debugging
closes rsyslog#219

runtime/glbl.c

@@ -84,6 +84,7 @@ static int bOptimizeUniProc = 1;	/* enable uniprocessor optimizations */
static int bParseHOSTNAMEandTAG = 1;	/* parser modification (based on startup params!) */
static int bPreserveFQDN = 0;		/* should FQDNs always be preserved? */
static int iMaxLine = 8096;		/* maximum length of a syslog message */
static int iGnuTLSLoglevel = 0;		
static int iDefPFFamily = PF_UNSPEC;     /* protocol family (IPv4, IPv6 or both) */
static int bDropMalPTRMsgs = 0;/* Drop messages which have malicious PTR records during DNS lookup */
static int option_DisallowWarning = 1;	/* complain if message from disallowed sender is received */
@@ -131,6 +132,7 @@ static struct cnfparamdescr cnfparamdescr[] = {
	{ "preservefqdn", eCmdHdlrBinary, 0 },
	{ "debug.onshutdown", eCmdHdlrBinary, 0 },
	{ "debug.logfile", eCmdHdlrString, 0 },
	{ "debug.gnutls", eCmdHdlrPositiveInt, 0 },
	{ "defaultnetstreamdrivercafile", eCmdHdlrString, 0 },
	{ "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 },
        { "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 },
@@ -183,6 +185,12 @@ GetMaxLine(void)
	return(iMaxLine);
}

int
GetGnuTLSLoglevel(void)
{
	return(iGnuTLSLoglevel);
}

/* define a macro for the simple properties' set and get functions
 * (which are always the same). This is only suitable for pretty
 * simple cases which require neither checks nor memory allocation.
@@ -1040,6 +1048,8 @@ glblDoneLoadCnf(void)
		} else if(!strcmp(paramblk.descr[i].name, "debug.onshutdown")) {
			glblDebugOnShutdown = (int) cnfparamvals[i].val.d.n;
			errmsg.LogError(0, RS_RET_OK, "debug: onShutdown set to %d", glblDebugOnShutdown);
		} else if(!strcmp(paramblk.descr[i].name, "debug.gnutls")) {
			iGnuTLSLoglevel = (int) cnfparamvals[i].val.d.n;
		} else if(!strcmp(paramblk.descr[i].name, "parser.controlcharacterescapeprefix")) {
			cCCEscapeChar = (uchar) *es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
		} else if(!strcmp(paramblk.descr[i].name, "parser.droptrailinglfonreception")) {

runtime/glbl.h

@@ -122,5 +122,6 @@ void glblDestructMainqCnfObj();
void glblDoneLoadCnf(void);
const uchar * glblGetWorkDirRaw(void);
tzinfo_t* glblFindTimezoneInfo(char *id);
int GetGnuTLSLoglevel(void);

#endif /* #ifndef GLBL_H_INCLUDED */

runtime/nsd_gtls.c

@@ -2,7 +2,7 @@
 *
 * An implementation of the nsd interface for GnuTLS.
 * 
 * Copyright (C) 2007-2014 Rainer Gerhards and Adiscon GmbH.
 * Copyright (C) 2007-2015 Rainer Gerhards and Adiscon GmbH.
 *
 * This file is part of the rsyslog runtime library.
 *
@@ -87,8 +87,6 @@ static pthread_mutex_t mutGtlsStrerror; /**< a mutex protecting the potentially
/* ------------------------------ GnuTLS specifics ------------------------------ */
static gnutls_certificate_credentials_t xcred;

#ifdef DEBUG
#if 0 /* uncomment, if needed some time again -- DEV Debug only */
/* This defines a log function to be provided to GnuTLS. It hopefully
 * helps us track down hard to find problems.
 * rgerhards, 2008-06-20
@@ -97,8 +95,7 @@ static void logFunction(int level, const char *msg)
{
	dbgprintf("GnuTLS log msg, level %d: %s\n", level, msg);
}
#endif
#endif /* #ifdef DEBUG */



/* read in the whole content of a file. The caller is responsible for
@@ -605,13 +602,11 @@ gtlsGlblInit(void)
		ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
	}

#	ifdef DEBUG
#if 	0 /* do this in special cases only. WARNING: if active, it may reveal sensitive information! */
	/* intialize log function - set a level only for hard-to-find bugs */
	gnutls_global_set_log_function(logFunction);
	gnutls_global_set_log_level(10); /* 0 (no) to 9 (most), 10 everything */
#	endif
#	endif
	if(GetGnuTLSLoglevel() > 0){
		gnutls_global_set_log_function(logFunction);
		gnutls_global_set_log_level(GetGnuTLSLoglevel()); 
		/* 0 (no) to 9 (most), 10 everything */
	}

finalize_it:
	RETiRet;