HPCC-17735 Roxie excessive SSL connection logging

Signed-off-by: Mark Kelly <mark.kelly@lexisnexisrisk.com>

roxie/ccd/ccdprotocol.cpp

@@ -291,7 +291,10 @@ public:
                         if (!secureContext)
                             secureContext.setown(createSecureSocketContextEx(certFile.get(), keyFile.get(), passPhrase.get(), ServerSocket));
                         ssock.setown(secureContext->createSecureSocket(client.getClear()));
-                        int status = ssock->secure_accept();
+                        int loglevel = 0;
+                        if (traceLevel > 1)
+                            loglevel = traceLevel;
+                        int status = ssock->secure_accept(loglevel);
                         if (status < 0)
                         {
                             // secure_accept may also DBGLOG() errors ...

system/security/securesocket/securesocket.cpp

@@ -147,8 +147,8 @@ public:
     CSecureSocket(int sockfd, SSL_CTX* ctx, bool verify = false, bool addres_match = false, CStringSet* m_peers = NULL, int loglevel=SSLogNormal);
     ~CSecureSocket();
 
-    virtual int secure_accept();
-    virtual int secure_connect();
+    virtual int secure_accept(int logLevel);
+    virtual int secure_connect(int logLevel);
 
     virtual void logPollError(unsigned revents, const char *rwstr);
     virtual int wait_read(unsigned timeoutms);
@@ -562,7 +562,7 @@ bool CSecureSocket::verify_cert(X509* cert)
     }
 }
 
-int CSecureSocket::secure_accept()
+int CSecureSocket::secure_accept(int logLevel)
 {
     int err;
     err = SSL_accept(m_ssl);
@@ -588,7 +588,8 @@ int CSecureSocket::secure_accept()
         return err;
     }
 
-    DBGLOG("SSL connection using %s", SSL_get_cipher(m_ssl));
+    if (logLevel)
+        DBGLOG("SSL connection using %s", SSL_get_cipher(m_ssl));
 
     if(m_verify)
     {
@@ -612,7 +613,7 @@ int CSecureSocket::secure_accept()
     return 0;
 }
 
-int CSecureSocket::secure_connect()
+int CSecureSocket::secure_connect(int logLevel)
 {
     int err = SSL_connect (m_ssl);                     
     if(err <= 0)
@@ -634,7 +635,8 @@ int CSecureSocket::secure_connect()
         // data exchange to be successful.
         
         // Get the cipher - opt
-        DBGLOG("SSL connection using %s\n", SSL_get_cipher (m_ssl));
+        if (logLevel)
+            DBGLOG("SSL connection using %s\n", SSL_get_cipher (m_ssl));
 
         // Get server's certificate (note: beware of dynamic allocation) - opt
         X509* server_cert = SSL_get_peer_certificate (m_ssl);
@@ -1060,12 +1062,12 @@ public:
 
     ISecureSocket* createSecureSocket(ISocket* sock, int loglevel)
     {
-        return new CSecureSocket(sock, m_ctx, m_verify, m_address_match, m_peers);
+        return new CSecureSocket(sock, m_ctx, m_verify, m_address_match, m_peers, loglevel);
     }
 
     ISecureSocket* createSecureSocket(int sockfd, int loglevel)
     {
-        return new CSecureSocket(sockfd, m_ctx, m_verify, m_address_match, m_peers);
+        return new CSecureSocket(sockfd, m_ctx, m_verify, m_address_match, m_peers, loglevel);
     }
 };
 

system/security/securesocket/securesocket.hpp

@@ -48,8 +48,8 @@ enum SecureSocketType
 // One instance per connection
 interface ISecureSocket : implements ISocket
 {
-    virtual int secure_accept() = 0;
-    virtual int secure_connect() = 0;
+    virtual int secure_accept(int logLevel=1) = 0;
+    virtual int secure_connect(int logLevel=1) = 0;
 };
 
 // One instance per program running