add global parameter "debug.gnutls"

enables GnuTLS indepth debugging
closes rsyslog#219

runtime/glbl.c

@@ -84,6 +84,7 @@ static int bOptimizeUniProc = 1;	/* enable uniprocessor optimizations */
 static int bParseHOSTNAMEandTAG = 1;	/* parser modification (based on startup params!) */
 static int bPreserveFQDN = 0;		/* should FQDNs always be preserved? */
 static int iMaxLine = 8096;		/* maximum length of a syslog message */
+static int iGnuTLSLoglevel = 0;		
 static int iDefPFFamily = PF_UNSPEC;     /* protocol family (IPv4, IPv6 or both) */
 static int bDropMalPTRMsgs = 0;/* Drop messages which have malicious PTR records during DNS lookup */
 static int option_DisallowWarning = 1;	/* complain if message from disallowed sender is received */
@@ -131,6 +132,7 @@ static struct cnfparamdescr cnfparamdescr[] = {
 	{ "preservefqdn", eCmdHdlrBinary, 0 },
 	{ "debug.onshutdown", eCmdHdlrBinary, 0 },
 	{ "debug.logfile", eCmdHdlrString, 0 },
+	{ "debug.gnutls", eCmdHdlrPositiveInt, 0 },
 	{ "defaultnetstreamdrivercafile", eCmdHdlrString, 0 },
 	{ "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 },
         { "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 },
@@ -183,6 +185,12 @@ GetMaxLine(void)
 	return(iMaxLine);
 }
 
+int
+GetGnuTLSLoglevel(void)
+{
+	return(iGnuTLSLoglevel);
+}
+
 /* define a macro for the simple properties' set and get functions
  * (which are always the same). This is only suitable for pretty
  * simple cases which require neither checks nor memory allocation.
@@ -1040,6 +1048,8 @@ glblDoneLoadCnf(void)
 		} else if(!strcmp(paramblk.descr[i].name, "debug.onshutdown")) {
 			glblDebugOnShutdown = (int) cnfparamvals[i].val.d.n;
 			errmsg.LogError(0, RS_RET_OK, "debug: onShutdown set to %d", glblDebugOnShutdown);
+		} else if(!strcmp(paramblk.descr[i].name, "debug.gnutls")) {
+			iGnuTLSLoglevel = (int) cnfparamvals[i].val.d.n;
 		} else if(!strcmp(paramblk.descr[i].name, "parser.controlcharacterescapeprefix")) {
 			cCCEscapeChar = (uchar) *es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
 		} else if(!strcmp(paramblk.descr[i].name, "parser.droptrailinglfonreception")) {

runtime/glbl.h

@@ -122,5 +122,6 @@ void glblDestructMainqCnfObj();
 void glblDoneLoadCnf(void);
 const uchar * glblGetWorkDirRaw(void);
 tzinfo_t* glblFindTimezoneInfo(char *id);
+int GetGnuTLSLoglevel(void);
 
 #endif /* #ifndef GLBL_H_INCLUDED */

runtime/nsd_gtls.c

@@ -2,7 +2,7 @@
  *
  * An implementation of the nsd interface for GnuTLS.
  * 
- * Copyright (C) 2007-2014 Rainer Gerhards and Adiscon GmbH.
+ * Copyright (C) 2007-2015 Rainer Gerhards and Adiscon GmbH.
  *
  * This file is part of the rsyslog runtime library.
  *
@@ -87,8 +87,6 @@ static pthread_mutex_t mutGtlsStrerror; /**< a mutex protecting the potentially
 /* ------------------------------ GnuTLS specifics ------------------------------ */
 static gnutls_certificate_credentials_t xcred;
 
-#ifdef DEBUG
-#if 0 /* uncomment, if needed some time again -- DEV Debug only */
 /* This defines a log function to be provided to GnuTLS. It hopefully
  * helps us track down hard to find problems.
  * rgerhards, 2008-06-20
@@ -97,8 +95,7 @@ static void logFunction(int level, const char *msg)
 {
 	dbgprintf("GnuTLS log msg, level %d: %s\n", level, msg);
 }
-#endif
-#endif /* #ifdef DEBUG */
+
 
 
 /* read in the whole content of a file. The caller is responsible for
@@ -605,13 +602,11 @@ gtlsGlblInit(void)
 		ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
 	}
 
-#	ifdef DEBUG
-#if 	0 /* do this in special cases only. WARNING: if active, it may reveal sensitive information! */
-	/* intialize log function - set a level only for hard-to-find bugs */
-	gnutls_global_set_log_function(logFunction);
-	gnutls_global_set_log_level(10); /* 0 (no) to 9 (most), 10 everything */
-#	endif
-#	endif
+	if(GetGnuTLSLoglevel() > 0){
+		gnutls_global_set_log_function(logFunction);
+		gnutls_global_set_log_level(GetGnuTLSLoglevel()); 
+		/* 0 (no) to 9 (most), 10 everything */
+	}
 
 finalize_it:
 	RETiRet;