From 000ab9f9912042521b9ac5d9f0ebe7761f0b48b2 Mon Sep 17 00:00:00 2001
From: luwenpeng <luwenpeng@geedgenetworks.com>
Date: Sat, 20 Nov 2021 18:24:28 +0300
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9debug=E6=97=A5=E5=BF=97:=20?=
 =?UTF-8?q?=E8=BE=93=E5=87=BA=E6=9C=8D=E5=8A=A1=E7=AB=AF=E8=AF=81=E4=B9=A6?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=BB=93=E6=9E=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 platform/src/ssl_stream.cpp               | 13 +++++++++++++
 platform/src/ssl_trusted_cert_storage.cpp |  9 ---------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index f28bb32..5e1edcc 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -1333,6 +1333,19 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
 				s_upstream->is_server_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
 													s_stream->ssl, s_stream->up_parts.client_hello->sni, &(s_stream->up_parts.verify_param),
 													error_str, sizeof(error_str), &(s_stream->up_parts.verify_result));
+				TFE_LOG_DEBUG(g_default_logger,
+					"addr:%s, sni:%s, is_cert_verify_passed:%d, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d, %s",
+					s_stream->tcp_stream->str_stream_info,
+					s_upstream->client_hello->sni,
+					s_upstream->is_server_cert_verify_passed,
+					((s_upstream->verify_param.real_untrust & 0xff) ? 1 : 0),
+					((s_upstream->verify_param.real_untrust & 0x01) ? 1 : 0),
+					((s_upstream->verify_param.real_untrust & 0x02) ? 1 : 0),
+					((s_upstream->verify_param.real_untrust & 0x04) ? 1 : 0),
+					((s_upstream->verify_param.real_untrust & 0x08) ? 1 : 0),
+					((s_upstream->verify_param.real_untrust & 0x10) ? 1 : 0),
+					(s_upstream->is_server_cert_verify_passed == 0 ? error_str : ""));
+
 				s_upstream->svc_status.is_ct=s_upstream->verify_result.is_ct;
 				s_upstream->svc_status.is_ev=s_upstream->verify_result.is_ev;
 				ssl_service_cache_write(mgr->svc_cache, s_upstream->client_hello, s_stream->tcp_stream, &(s_upstream->svc_status));
diff --git a/platform/src/ssl_trusted_cert_storage.cpp b/platform/src/ssl_trusted_cert_storage.cpp
index 0f1a60f..d0802a6 100644
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -476,15 +476,6 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
 
 	if (is_ssl_debug())
 	{
-		TFE_LOG_DEBUG(g_default_logger,
-			"sni:%s, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d",
-			(hostname ? hostname : "NULL"),
-			((param->real_untrust & 0xff) ? 1 : 0),
-			((param->real_untrust & 0x01) ? 1 : 0),
-			((param->real_untrust & 0x02) ? 1 : 0),
-			((param->real_untrust & 0x04) ? 1 : 0),
-			((param->real_untrust & 0x08) ? 1 : 0),
-			((param->real_untrust & 0x10) ? 1 : 0));
 		ssl_chain_dump(hostname, "server_chain", cert_chain);
 	}