TLS stream: disable TLS I/O debug log message by default

This commit makes the TLS stream code to not issue mostly useless debug log message on error during TLS I/O. This message was cluttering logs a lot, as it can be generated on (almost) any non-clean TLS connection termination, even in the cases when the actual query completed successfully. Nor does it provide much value for end-users, yet it can occasionally be seen when using dig and quite often when running BIND over a publicly available network interface.
2026-06-09 07:42:07 -04:00 · 2021-11-24 14:09:31 +02:00 · 2021-11-24 14:09:31 +02:00 · b211fff4cb
commit b211fff4cb
parent 0b0c29dd51
1 changed files with 4 additions and 0 deletions
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@ -367,7 +367,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 					  received_data->length, &len);
 			if (rv <= 0 || len != received_data->length) {
 				result = ISC_R_TLSERROR;
+#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE)
 				saved_errno = errno;
+#endif
 				goto error;
 			}

@ -506,6 +508,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 	}

 error:
+#if defined(NETMGR_TRACE) && defined(NETMGR_TRACE_VERBOSE)
 	isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
 		      ISC_LOG_NOTICE,
 		      "SSL error in BIO: %d %s (errno: %d). Arguments: "
@ -513,6 +516,7 @@ error:
 		      "send_data: %p, finish: %s",
 		      tls_status, isc_result_totext(result), saved_errno,
 		      received_data, send_data, finish ? "true" : "false");
+#endif
 	tls_failed_read_cb(sock, result);
 }