On Sun, Jun 12, 2016 at 7:34 PM, Gert Doering <g...@greenie.muc.de> wrote: > On Sun, Jun 12, 2016 at 06:10:30PM +0200, Steffan Karger wrote: >> On Sun, Jun 12, 2016 at 5:14 PM, Magnus Kroken <mkro...@gmail.com> wrote: >> > Is it safe to remove the call to debug_set_threshold? Is it only used >> > for more verbose logging, or can this cause a TLS error to not be >> > noticed (or lead to other security implications)? >> >> Yes, the debug_set_threshold() call is only used for more verbose >> error logging. Very useful for debugging problems, but not critical >> for OpenVPN's operation or security. > > Can we detect and #ifdef this at build time? > > Yes, adding another #ifdef is what we try to avoid - but this is a fairly > localized thing, and the dependency is clear, not a "user selectable > combination of build options".
Sure. We can put this in e.g. #ifndef ENABLE_SMALL. This information is not just useful for debugging during development, but also for debugging user problems. So I'd rather keep it in there by default, most users don't care at all about 40 kB :) -Steffan
