From 13ae4276e81853a1d66aeaeaa392230037cf3a04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Mon, 18 Jun 2018 17:17:22 +0200
Subject: ssl: Add support for stateful logging

- Introduce stateful logging levels to the ssl application:
  The SSL option 'log_alert' sets log level to notice/warning
  if it is set to true/false. Default log level is notice.

- Add new SSL option 'log_level' that overrides the value of
  'log_alert'. Default value is notice.

- 'log_level' debug triggers verbose logging of TLS protocol
  messages and logging of ignored alerts in DTLS.

Change-Id: I28d3f4029a5d504ec612abe4b9ae0b7d9b115197
---
 lib/ssl/src/ssl.erl | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

(limited to 'lib/ssl/src/ssl.erl')

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 9cf2b8acb0..c7f1f36d5d 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -924,7 +924,7 @@ handle_options(Opts0, Role, Host) ->
             ok
     end,
    
-    SSLOptions = #ssl_options{
+    SSLOptions0 = #ssl_options{
 		    versions   = Versions,
 		    verify     = validate_option(verify, Verify),
 		    verify_fun = VerifyFun,
@@ -971,7 +971,6 @@ handle_options(Opts0, Role, Host) ->
 		    next_protocol_selector =
 			make_next_protocol_selector(
 			  handle_option(client_preferred_next_protocols, Opts, undefined)),
-		    log_alert = handle_option(log_alert, Opts, true),
 		    server_name_indication = handle_option(server_name_indication, Opts, 
                                                            default_option_role(client,
                                                                                server_name_indication_default(Host), Role)),
@@ -997,6 +996,10 @@ handle_options(Opts0, Role, Host) ->
                     handshake = handle_option(handshake, Opts, full),
                     customize_hostname_check = handle_option(customize_hostname_check, Opts, [])
 		   },
+    LogLevel = handle_option(log_alert, Opts, true),
+    SSLOptions = SSLOptions0#ssl_options{
+                   log_level = handle_option(log_level, Opts, LogLevel)
+                  },
 
     CbInfo  = proplists:get_value(cb_info, Opts, default_cb_info(Protocol)),
     SslOptions = [protocol, versions, verify, verify_fun, partial_chain,
@@ -1008,7 +1011,7 @@ handle_options(Opts0, Role, Host) ->
 		  cb_info, renegotiate_at, secure_renegotiate, hibernate_after,
 		  erl_dist, alpn_advertised_protocols, sni_hosts, sni_fun,
 		  alpn_preferred_protocols, next_protocols_advertised,
-		  client_preferred_next_protocols, log_alert,
+		  client_preferred_next_protocols, log_alert, log_level,
 		  server_name_indication, honor_cipher_order, padding_check, crl_check, crl_cache,
 		  fallback, signature_algs, eccs, honor_ecc_order, beast_mitigation,
                   max_handshake_size, handshake, customize_hostname_check],
@@ -1187,7 +1190,20 @@ validate_option(client_preferred_next_protocols, {Precedence, PreferredProtocols
     Value;
 validate_option(client_preferred_next_protocols, undefined) ->
     undefined;
-validate_option(log_alert, Value) when is_boolean(Value) ->
+validate_option(log_alert, true) ->
+    notice;
+validate_option(log_alert, false) ->
+    warning;
+validate_option(log_level, Value) when
+      is_atom(Value) andalso
+      (Value =:= emergency orelse
+       Value =:= alert orelse
+       Value =:= critical orelse
+       Value =:= error orelse
+       Value =:= warning orelse
+       Value =:= notice orelse
+       Value =:= info orelse
+       Value =:= debug) ->
     Value;
 validate_option(next_protocols_advertised, Value) when is_list(Value) ->
     validate_binary_list(next_protocols_advertised, Value),
@@ -1562,8 +1578,10 @@ new_ssl_options([{next_protocols_advertised, Value} | Rest], #ssl_options{} = Op
 new_ssl_options([{client_preferred_next_protocols, Value} | Rest], #ssl_options{} = Opts, RecordCB) -> 
     new_ssl_options(Rest, Opts#ssl_options{next_protocol_selector = 
 					       make_next_protocol_selector(validate_option(client_preferred_next_protocols, Value))}, RecordCB);
-new_ssl_options([{log_alert, Value} | Rest], #ssl_options{} = Opts, RecordCB) -> 
-    new_ssl_options(Rest, Opts#ssl_options{log_alert = validate_option(log_alert, Value)}, RecordCB);
+new_ssl_options([{log_alert, Value} | Rest], #ssl_options{} = Opts, RecordCB) ->
+    new_ssl_options(Rest, Opts#ssl_options{log_level = validate_option(log_alert, Value)}, RecordCB);
+new_ssl_options([{log_level, Value} | Rest], #ssl_options{} = Opts, RecordCB) ->
+    new_ssl_options(Rest, Opts#ssl_options{log_level = validate_option(log_level, Value)}, RecordCB);
 new_ssl_options([{server_name_indication, Value} | Rest], #ssl_options{} = Opts, RecordCB) -> 
     new_ssl_options(Rest, Opts#ssl_options{server_name_indication = validate_option(server_name_indication, Value)}, RecordCB);
 new_ssl_options([{honor_cipher_order, Value} | Rest], #ssl_options{} = Opts, RecordCB) -> 
-- 
cgit v1.2.3