TLS: downgrade fail of cert-based authentication from log message to debug messsage

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index bc95690b192e27c8f83ae4ef9fd85860b869b0e2..dbf634de3f731f1a9a0f22b09a78a582d4ff7a59 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -38,6 +38,11 @@ JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
       to DSN fail messages (bounces): remote IP, remote greeting, remote response
       to HELO, local diagnostic string.
 
       to DSN fail messages (bounces): remote IP, remote greeting, remote response
       to HELO, local diagnostic string.
 

+JH/05 Downgrade message for a TLS-certificate-based authentication fail from
+      log line to debug.  Even when configured with a tls authenticator many
+      client connections are expected to not authenticate in this way, so
+      an authenticate fail is not an error.
+

 
 Exim version 4.86
 -----------------
 
 Exim version 4.86
 -----------------

diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 998245137f2a65d84de9854dc08b14fcd84fa044..abbcad62c57b54c9462fe53b39621abaac43967b 100644 (file)
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -3322,12 +3322,10 @@ while (done <= 0)
        {
        smtp_cmd_data = NULL;
 
        {
        smtp_cmd_data = NULL;
 

-       if ((c = smtp_in_auth(au, &s, &ss)) != OK)
-         log_write(0, LOG_MAIN|LOG_REJECT, "%s authenticator failed for %s: %s",
-           au->name, host_and_ident(FALSE), ss);
-       else
+       if (smtp_in_auth(au, &s, &ss) == OK)

          DEBUG(D_auth) debug_printf("tls auth succeeded\n");
          DEBUG(D_auth) debug_printf("tls auth succeeded\n");

-
+       else
+         DEBUG(D_auth) debug_printf("tls auth not succeeded\n");

        break;
        }
     }
        break;
        }
     }