Disable debug messages that can introduce a timing side channel. Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug messages in case somebody does want to see the reason checks fail. (cherry picked from commit d66f070d492ef75405baad9f0d018b1bd06862c8) Conflicts: include/polarssl/config.h library/ssl_tls.c

commit: 48b7cb8ea2fb5a25a010a6c15bc55c27f7cd4975 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Mon Mar 11 15:59:03 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Mon Mar 11 15:59:03 2013 +0100
tree: a10aeae702f5f8f3612a118bb676258b21305120
parent: 6a229c1f8c1e79a9a57ce9c519e146037b1b4c73 [diff]
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 110e3b4..e597edf 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -217,6 +217,22 @@
 #define POLARSSL_SELF_TEST
 
 /**
+ * \def POLARSSL_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+#define POLARSSL_SSL_DEBUG_ALL
+ */
+
+/**
  * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
  *
  * If set, the X509 parser will not break-off when parsing an X509 certificate
commit	48b7cb8ea2fb5a25a010a6c15bc55c27f7cd4975	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Mon Mar 11 15:59:03 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Mon Mar 11 15:59:03 2013 +0100
tree	a10aeae702f5f8f3612a118bb676258b21305120
parent	6a229c1f8c1e79a9a57ce9c519e146037b1b4c73 [diff]