diff --git a/CHANGES-4.3.md b/CHANGES-4.3.md index 299900da9..d47968096 100644 --- a/CHANGES-4.3.md +++ b/CHANGES-4.3.md @@ -20,9 +20,11 @@ File format: - Fixed crash when shared persistent subscription [#8441] ### Enhancements + - HTTP API(GET /rules/) support for pagination and fuzzy filtering. [#8450] - Add check_conf cli to check config format. [#8486] - Optimize performance of shared subscription +- Make possible to debug-print SSL handshake procedure by setting listener config `log_level=debug` [#8553](https://github.com/emqx/emqx/pull/8553) ## v4.3.16 diff --git a/etc/emqx.conf b/etc/emqx.conf index 098c908d0..05e537e86 100644 --- a/etc/emqx.conf +++ b/etc/emqx.conf @@ -1572,6 +1572,14 @@ listener.ssl.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TL ## Value: cn | dn | crt | pem | md5 ## listener.ssl.external.peer_cert_as_clientid = cn +## Default is 'notice', set 'debug' to inspect TLS handshake messaes. +## This log level is not related to EMQX's log level. +## +## NOTE: never set to 'debug' in production environemnts. +## +## Value: emergency | alert | critical | error | warning | notice | info | debug +## listener.ssl.external.log_level = notice +# ## TCP backlog for the SSL connection. ## ## See listener.tcp.$name.backlog @@ -2083,6 +2091,10 @@ listener.wss.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TL ## Value: cn | dn | crt | pem | md5 ## listener.wss.external.peer_cert_as_clientid = cn +## See: listener.ssl.$name.log_level +## Value: emergency | alert | critical | error | warning | notice | info | debug +## listener.wss.external.log_level = notice + ## TCP backlog for the WebSocket/SSL connection. ## ## See: listener.tcp.$name.backlog diff --git a/priv/emqx.schema b/priv/emqx.schema index a18df0a0a..48d31bfbd 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -1595,6 +1595,10 @@ end}. {datatype, {enum, [cn, dn, crt, pem, md5]}} ]}. +{mapping, "listener.ssl.$name.log_level", "emqx.listeners", [ + {datatype, {enum, [emergency, alert, critical, error, warning, notice, info, debug, none, all]}} +]}. + %%-------------------------------------------------------------------- %% MQTT/WebSocket Listeners @@ -2047,6 +2051,10 @@ end}. hidden ]}. +{mapping, "listener.wss.$name.log_level", "emqx.listeners", [ + {datatype, {enum, [emergency, alert, critical, error, warning, notice, info, debug, none, all]}} +]}. + {translation, "emqx.listeners", fun(Conf) -> Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, @@ -2117,7 +2125,9 @@ end}. {mqtt_piggyback, cuttlefish:conf_get(Prefix ++ ".mqtt_piggyback", Conf, undefined)}, {check_origin_enable, cuttlefish:conf_get(Prefix ++ ".check_origin_enable", Conf, undefined)}, {allow_origin_absence, cuttlefish:conf_get(Prefix ++ ".allow_origin_absence", Conf, undefined)}, - {check_origins, WsOpts(Prefix)} | AccOpts(Prefix)]) + {check_origins, WsOpts(Prefix)} + | AccOpts(Prefix) + ]) end, DeflateOpts = fun(Prefix) -> Filter([{level, cuttlefish:conf_get(Prefix ++ ".deflate_opts.level", Conf, undefined)}, @@ -2210,7 +2220,9 @@ end}. {fail_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".fail_if_no_peer_cert", Conf, undefined)}, {secure_renegotiate, cuttlefish:conf_get(Prefix ++ ".secure_renegotiate", Conf, undefined)}, {reuse_sessions, cuttlefish:conf_get(Prefix ++ ".reuse_sessions", Conf, undefined)}, - {honor_cipher_order, cuttlefish:conf_get(Prefix ++ ".honor_cipher_order", Conf, undefined)}]) + {honor_cipher_order, cuttlefish:conf_get(Prefix ++ ".honor_cipher_order", Conf, undefined)}, + {log_level, cuttlefish:conf_get(Prefix ++ ".log_level", Conf, undefined)} + ]) end, Listen_fix = fun({Ip, Port}) -> case inet:parse_address(Ip) of