dovecot-2.2: ssl: Log SSL "close notify" alerts as debug message...

dovecot at dovecot.org dovecot at dovecot.org
Thu Aug 1 15:35:40 EEST 2013 

details:   http://hg.dovecot.org/dovecot-2.2/rev/2714f51e2355
changeset: 16633:2714f51e2355
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Aug 01 15:35:35 2013 +0300
description:
ssl: Log SSL "close notify" alerts as debug messages, not warnings.
They are clean shutdown messages after all.

diffstat:

 src/lib-ssl-iostream/iostream-openssl.c |  17 +++++++++++++----
 src/login-common/ssl-proxy-openssl.c    |  17 +++++++++++++----
 2 files changed, 26 insertions(+), 8 deletions(-)

diffs (54 lines):

diff -r 1705bf7bf484 -r 2714f51e2355 src/lib-ssl-iostream/iostream-openssl.c
--- a/src/lib-ssl-iostream/iostream-openssl.c	Thu Aug 01 15:00:59 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.c	Thu Aug 01 15:35:35 2013 +0300
@@ -22,10 +22,19 @@
 
 	ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index);
 	if ((where & SSL_CB_ALERT) != 0) {
-		i_warning("%sSSL alert: where=0x%x, ret=%d: %s %s",
-			  ssl_io->log_prefix, where, ret,
-			  SSL_alert_type_string_long(ret),
-			  SSL_alert_desc_string_long(ret));
+		switch (ret & 0xff) {
+		case SSL_AD_CLOSE_NOTIFY:
+			i_debug("%sSSL alert: %s",
+				ssl_io->log_prefix,
+				SSL_alert_desc_string_long(ret));
+			break;
+		default:
+			i_warning("%sSSL alert: where=0x%x, ret=%d: %s %s",
+				  ssl_io->log_prefix, where, ret,
+				  SSL_alert_type_string_long(ret),
+				  SSL_alert_desc_string_long(ret));
+			break;
+		}
 	} else if (ret == 0) {
 		i_warning("%sSSL failed: where=0x%x: %s",
 			  ssl_io->log_prefix, where, SSL_state_string_long(ssl));
diff -r 1705bf7bf484 -r 2714f51e2355 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Thu Aug 01 15:00:59 2013 +0300
+++ b/src/login-common/ssl-proxy-openssl.c	Thu Aug 01 15:35:35 2013 +0300
@@ -850,10 +850,19 @@
 		return;
 
 	if ((where & SSL_CB_ALERT) != 0) {
-		i_warning("SSL alert: where=0x%x, ret=%d: %s %s [%s]",
-			  where, ret, SSL_alert_type_string_long(ret),
-			  SSL_alert_desc_string_long(ret),
-			  net_ip2addr(&proxy->ip));
+		switch (ret & 0xff) {
+		case SSL_AD_CLOSE_NOTIFY:
+			i_debug("SSL alert: %s [%s]",
+				SSL_alert_desc_string_long(ret),
+				net_ip2addr(&proxy->ip));
+			break;
+		default:
+			i_warning("SSL alert: where=0x%x, ret=%d: %s %s [%s]",
+				  where, ret, SSL_alert_type_string_long(ret),
+				  SSL_alert_desc_string_long(ret),
+				  net_ip2addr(&proxy->ip));
+			break;
+		}
 	} else if (ret == 0) {
 		i_warning("SSL failed: where=0x%x: %s [%s]",
 			  where, SSL_state_string_long(ssl),

More information about the dovecot-cvs mailing list