diff options
| author | Péter Dimitrov <[email protected]> | 2018-06-18 17:17:22 +0200 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2018-07-02 12:38:36 +0200 |
| commit | 13ae4276e81853a1d66aeaeaa392230037cf3a04 (patch) | |
| tree | 5f624ae92eb44475a006a917a4eb1dc991dde965 /lib/ssl/src/dtls_connection.erl | |
| parent | 41a71f54b2da01bc532d0c2d16c691e6622817ca (diff) | |
| download | otp-13ae4276e81853a1d66aeaeaa392230037cf3a04.tar.gz otp-13ae4276e81853a1d66aeaeaa392230037cf3a04.tar.bz2 otp-13ae4276e81853a1d66aeaeaa392230037cf3a04.zip | |
ssl: Add support for stateful logging
- Introduce stateful logging levels to the ssl application:
The SSL option 'log_alert' sets log level to notice/warning
if it is set to true/false. Default log level is notice.
- Add new SSL option 'log_level' that overrides the value of
'log_alert'. Default value is notice.
- 'log_level' debug triggers verbose logging of TLS protocol
messages and logging of ignored alerts in DTLS.
Change-Id: I28d3f4029a5d504ec612abe4b9ae0b7d9b115197
Diffstat (limited to 'lib/ssl/src/dtls_connection.erl')
| -rw-r--r-- | lib/ssl/src/dtls_connection.erl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index 610ab9a51c..9596fe25c8 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -927,7 +927,7 @@ handle_own_alert(Alert, Version, StateName, #state{data_tag = udp, ssl_options = Options} = State0) -> case ignore_alert(Alert, State0) of {true, State} -> - log_ignore_alert(Options#ssl_options.log_alert, StateName, Alert, Role), + log_ignore_alert(Options#ssl_options.log_level, StateName, Alert, Role), {next_state, StateName, State}; {false, State} -> ssl_connection:handle_own_alert(Alert, Version, StateName, State) @@ -1124,9 +1124,9 @@ is_ignore_alert(#alert{description = ?ILLEGAL_PARAMETER}) -> is_ignore_alert(_) -> false. -log_ignore_alert(true, StateName, Alert, Role) -> +log_ignore_alert(debug, StateName, Alert, Role) -> Txt = ssl_alert:alert_txt(Alert), ?LOG_ERROR("DTLS over UDP ~p: In state ~p ignored to send ALERT ~s as DoS-attack mitigation \n", [Role, StateName, Txt]); -log_ignore_alert(false, _, _,_) -> +log_ignore_alert(_, _, _, _) -> ok. |