In many cases things may not go as expected and further information, to assist debugging, from GnuTLS is desired. Those are the cases where the gnutls_global_set_log_level and gnutls_global_set_log_function are to be used. Those will print verbose information on the GnuTLS functions internal flow.
void gnutls_global_set_log_level (int level)
void gnutls_global_set_log_function (gnutls_log_func log_func)
Alternatively the environment variable
GNUTLS_DEBUG_LEVEL can be
set to a logging level and GnuTLS will output debugging output to standard
error. Other available environment variables are shown in Table 6.1.
|When set to a numeric value, it sets the default debugging level for GnuTLS applications.|
|When set to a filename, GnuTLS will append to it the session keys in the NSS Key Log format. That format can be read by wireshark and will allow decryption of the session for debugging.|
|That environment variable can be used to
explicitly enable/disable the use of certain CPU capabilities. Note that CPU
detection cannot be overridden, i.e., VIA options cannot be enabled on an Intel
CPU. The currently available options are:
|In setups where GnuTLS is compiled with support for FIPS140-2 (see FIPS140-2 mode) if set to one it will force the FIPS mode enablement.|
When debugging is not required, important issues, such as detected attacks on the protocol still need to be logged. This is provided by the logging function set by gnutls_global_set_audit_log_function. The provided function will receive an message and the corresponding TLS session. The session information might be used to derive IP addresses or other information about the peer involved.
log_func: it is the audit log function
This is the function to set the audit logging function. This
is a function to report important issues, such as possible
attacks in the protocol. This is different from
because it will report also session-specific events. The session
parameter will be null if there is no corresponding TLS session.
gnutls_audit_log_func is of the form,
void (*gnutls_audit_log_func)( gnutls_session_t, const char*);