Reducing logging duplication
Philip Prindeville
philipp_subx at redfish-solutions.com
Thu Nov 9 23:16:42 EST 2017
> On Nov 9, 2017, at 6:42 PM, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
>
> Hi.
>
> I’m seeing a lot of these, one per message new client connection, in fact:
>
> Nov 9 17:06:49 mail cyrus/imaps[6047]: inittls: Loading hard-coded DH parameters
> Nov 9 17:06:49 mail cyrus/imaps[6047]: TLS server engine: No client CA certs specified. Client side certs may not work
>
> I’ve not perused this part of the source in a couple of years and don’t have it handy.
>
> If the certs are detected at initialization, can we move the message there? And if it’s rechecked per connection, can we have a static (initially false) that tracks whether this message has been emitted, and if not emits the message and then sets the flag to true?
>
> Thanks,
>
> -Philip
>
Got back to my desk and restarted a stalled upgrade to High Sierra (buyer beware…)
Looked at:
https://github.com/cyrusimap/cyrus-imapd/blob/master/imap/tls.c#L286
Could the LOG_NOTICE be dropped down to LOG_INFO?
Commenting out:
tls_client_ca_dir: /etc/ssl/certs
seems to fix the 2nd message.
-Philip
More information about the Cyrus-devel
mailing list