Do not log potentially hundreds of cert requests for unknown CAs at level 1
authorMartin Willi <martin@revosec.ch>
Thu, 27 Jan 2011 08:14:53 +0000 (09:14 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 28 Jan 2011 07:29:23 +0000 (08:29 +0100)
src/libcharon/sa/tasks/ike_cert_pre.c

index 944637c..a59b8dc 100644 (file)
@@ -76,6 +76,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message)
                        {
                                certreq_payload_t *certreq = (certreq_payload_t*)payload;
                                enumerator_t *enumerator;
+                               u_int unknown = 0;
                                chunk_t keyid;
 
                                this->ike_sa->set_condition(this->ike_sa, COND_CERTREQ_SEEN, TRUE);
@@ -103,12 +104,18 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message)
                                        }
                                        else
                                        {
-                                               DBG1(DBG_IKE, "received cert request for unknown ca "
+                                               DBG2(DBG_IKE, "received cert request for unknown ca "
                                                                          "with keyid %Y", id);
+                                               unknown++;
                                        }
                                        id->destroy(id);
                                }
                                enumerator->destroy(enumerator);
+                               if (unknown)
+                               {
+                                       DBG1(DBG_IKE, "received %u cert requests for an unknown ca",
+                                                unknown);
+                               }
                                break;
                        }
                        case NOTIFY: