Change leftover GnuTLS "slot handling" messages to debug level

[ngircd.git] / src / ngircd / conn-ssl.c

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 7fb81839faf62e3e73258c9b25da25b522e7d4e4..abcf53c2f7dc811b8a6b5200505109e883fa75ed 100644 (file)
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -518,6 +518,7 @@ ConnSSL_LoadServerKey_gnutls(void)
                return false;
 
        gnutls_certificate_set_dh_params(x509_cred, dh_params);
+       gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_VERIFY_CRLS);
 
        cert_file = Conf_SSLOptions.CertFile ?
                        Conf_SSLOptions.CertFile : Conf_SSLOptions.KeyFile;
@@ -568,7 +569,7 @@ ConnSSL_LoadServerKey_gnutls(void)
                        return false;
                }
        }
-       Log(LOG_INFO, "Storing new X509 certificate credentials in slot %zd.", x509_cred_idx);
+       LogDebug("Storing new X509 certificate credentials in slot %zd.", x509_cred_idx);
        slot->x509_cred = x509_cred;
        slot->refcnt = 0;
 
@@ -1000,16 +1001,15 @@ ConnSSL_LogCertInfo( CONNECTION * c, bool connect)
            gnutls_mac_get_name(gnutls_mac_get(sess)));
        cred = gnutls_auth_get_type(c->ssl_state.gnutls_session);
        if (cred == GNUTLS_CRD_CERTIFICATE) {
-               cert_seen = true;
-
                gnutls_x509_crt_t cert;
                unsigned cert_list_size;
                const gnutls_datum_t *cert_list =
                    gnutls_certificate_get_peers(sess, &cert_list_size);
-               if (!cert_list || cert_list_size == 0) {
-                       Log(LOG_ERR, "No certificates found");
+
+               if (!cert_list || cert_list_size == 0)
                        goto done_cn_validation;
-               }
+
+               cert_seen = true;
                int err = gnutls_x509_crt_init(&cert);
                if (err < 0) {
                        Log(LOG_ERR,