Permalink
Browse files

add global parameter "debug.gnutls"

enables GnuTLS indepth debugging
closes rsyslog#219
  • Loading branch information...
jgerhards committed Jan 26, 2015
1 parent 15f884e commit 9125ddf99d0e5b1ea3a15a730fc409dd27df3fd9
Showing with 18 additions and 12 deletions.
  1. +10 −0 runtime/glbl.c
  2. +1 −0 runtime/glbl.h
  3. +7 −12 runtime/nsd_gtls.c
@@ -84,6 +84,7 @@ static int bOptimizeUniProc = 1; /* enable uniprocessor optimizations */
static int bParseHOSTNAMEandTAG = 1; /* parser modification (based on startup params!) */
static int bPreserveFQDN = 0; /* should FQDNs always be preserved? */
static int iMaxLine = 8096; /* maximum length of a syslog message */
static int iGnuTLSLoglevel = 0;
static int iDefPFFamily = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */
static int bDropMalPTRMsgs = 0;/* Drop messages which have malicious PTR records during DNS lookup */
static int option_DisallowWarning = 1; /* complain if message from disallowed sender is received */
@@ -131,6 +132,7 @@ static struct cnfparamdescr cnfparamdescr[] = {
{ "preservefqdn", eCmdHdlrBinary, 0 },
{ "debug.onshutdown", eCmdHdlrBinary, 0 },
{ "debug.logfile", eCmdHdlrString, 0 },
{ "debug.gnutls", eCmdHdlrPositiveInt, 0 },
{ "defaultnetstreamdrivercafile", eCmdHdlrString, 0 },
{ "defaultnetstreamdriverkeyfile", eCmdHdlrString, 0 },
{ "defaultnetstreamdrivercertfile", eCmdHdlrString, 0 },
@@ -183,6 +185,12 @@ GetMaxLine(void)
return(iMaxLine);
}
int
GetGnuTLSLoglevel(void)
{
return(iGnuTLSLoglevel);
}
/* define a macro for the simple properties' set and get functions
* (which are always the same). This is only suitable for pretty
* simple cases which require neither checks nor memory allocation.
@@ -1040,6 +1048,8 @@ glblDoneLoadCnf(void)
} else if(!strcmp(paramblk.descr[i].name, "debug.onshutdown")) {
glblDebugOnShutdown = (int) cnfparamvals[i].val.d.n;
errmsg.LogError(0, RS_RET_OK, "debug: onShutdown set to %d", glblDebugOnShutdown);
} else if(!strcmp(paramblk.descr[i].name, "debug.gnutls")) {
iGnuTLSLoglevel = (int) cnfparamvals[i].val.d.n;
} else if(!strcmp(paramblk.descr[i].name, "parser.controlcharacterescapeprefix")) {
cCCEscapeChar = (uchar) *es_str2cstr(cnfparamvals[i].val.d.estr, NULL);
} else if(!strcmp(paramblk.descr[i].name, "parser.droptrailinglfonreception")) {
@@ -122,5 +122,6 @@ void glblDestructMainqCnfObj();
void glblDoneLoadCnf(void);
const uchar * glblGetWorkDirRaw(void);
tzinfo_t* glblFindTimezoneInfo(char *id);
int GetGnuTLSLoglevel(void);
#endif /* #ifndef GLBL_H_INCLUDED */
@@ -2,7 +2,7 @@
*
* An implementation of the nsd interface for GnuTLS.
*
* Copyright (C) 2007-2014 Rainer Gerhards and Adiscon GmbH.
* Copyright (C) 2007-2015 Rainer Gerhards and Adiscon GmbH.
*
* This file is part of the rsyslog runtime library.
*
@@ -87,8 +87,6 @@ static pthread_mutex_t mutGtlsStrerror; /**< a mutex protecting the potentially
/* ------------------------------ GnuTLS specifics ------------------------------ */
static gnutls_certificate_credentials_t xcred;
#ifdef DEBUG
#if 0 /* uncomment, if needed some time again -- DEV Debug only */
/* This defines a log function to be provided to GnuTLS. It hopefully
* helps us track down hard to find problems.
* rgerhards, 2008-06-20
@@ -97,8 +95,7 @@ static void logFunction(int level, const char *msg)
{
dbgprintf("GnuTLS log msg, level %d: %s\n", level, msg);
}
#endif
#endif /* #ifdef DEBUG */
/* read in the whole content of a file. The caller is responsible for
@@ -605,13 +602,11 @@ gtlsGlblInit(void)
ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
}
# ifdef DEBUG
#if 0 /* do this in special cases only. WARNING: if active, it may reveal sensitive information! */
/* intialize log function - set a level only for hard-to-find bugs */
gnutls_global_set_log_function(logFunction);
gnutls_global_set_log_level(10); /* 0 (no) to 9 (most), 10 everything */
# endif
# endif
if(GetGnuTLSLoglevel() > 0){
gnutls_global_set_log_function(logFunction);
gnutls_global_set_log_level(GetGnuTLSLoglevel());
/* 0 (no) to 9 (most), 10 everything */
}
finalize_it:
RETiRet;

0 comments on commit 9125ddf

Please sign in to comment.