From 06d108855d4d5f308fb8f6434d0db23915f62475 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Mon, 6 Nov 2017 21:39:00 -0500
Subject: [mod_openssl] quiet trace from TCP probes (#2784)

x-ref:
  "huge amount of "SSL: -1 5 0 Success" messages"
  https://redmine.lighttpd.net/issues/2784
---
 src/mod_openssl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index 88520edb..af69068f 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -1451,6 +1451,14 @@ connection_read_cq_ssl (server *srv, connection *con,
 
             switch(oerrno) {
             default:
+                /* (oerrno should be something like ECONNABORTED not 0
+                 *  if client disconnected before anything was sent
+                 *  (e.g. TCP connection probe), but it does not appear
+                 *  that openssl provides such notification, not even
+                 *  something like SSL_R_SSL_HANDSHAKE_FAILURE) */
+                if (0==oerrno && 0==cq->bytes_in && !hctx->conf.ssl_log_noise)
+                    break;
+
                 log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:",
                         len, r, oerrno,
                         strerror(oerrno));
-- 
cgit v1.2.1