@ -71,6 +71,8 @@ DEBUG_LEVEL_3=3
DEBUG_LEVEL_DEFAULT = $DEBUG_LEVEL_1
DEBUG_LEVEL_DEFAULT = $DEBUG_LEVEL_1
DEBUG_LEVEL_NONE = 0
DEBUG_LEVEL_NONE = 0
HIDDEN_VALUE = "[hidden](please add '--output-insecure' to see this value)"
SYSLOG_ERROR = "user.error"
SYSLOG_ERROR = "user.error"
SYSLOG_INFO = "user.info"
SYSLOG_INFO = "user.info"
SYSLOG_DEBUG = "user.debug"
SYSLOG_DEBUG = "user.debug"
@ -212,6 +214,27 @@ _debug() {
fi
fi
}
}
#output the sensitive messages
_secure_debug( ) {
if [ " ${ LOG_LEVEL :- $DEFAULT_LOG_LEVEL } " -ge " $LOG_LEVEL_1 " ] ; then
if [ " $OUTPUT_INSECURE " = "1" ] ; then
_log " $@ "
else
_log " $1 " " $HIDDEN_VALUE "
fi
fi
if [ " ${ SYS_LOG :- $SYSLOG_LEVEL_NONE } " -ge " $SYSLOG_LEVEL_DEBUG " ] ; then
_syslog " $SYSLOG_DEBUG " " $1 " " $HIDDEN_VALUE "
fi
if [ " ${ DEBUG :- $DEBUG_LEVEL_NONE } " -ge " $DEBUG_LEVEL_1 " ] ; then
if [ " $OUTPUT_INSECURE " = "1" ] ; then
_printargs " $@ " >& 2
else
_printargs " $1 " " $HIDDEN_VALUE " >& 2
fi
fi
}
_debug2( ) {
_debug2( ) {
if [ " ${ LOG_LEVEL :- $DEFAULT_LOG_LEVEL } " -ge " $LOG_LEVEL_2 " ] ; then
if [ " ${ LOG_LEVEL :- $DEFAULT_LOG_LEVEL } " -ge " $LOG_LEVEL_2 " ] ; then
_log " $@ "
_log " $@ "
@ -224,6 +247,26 @@ _debug2() {
fi
fi
}
}
_secure_debug2( ) {
if [ " ${ LOG_LEVEL :- $DEFAULT_LOG_LEVEL } " -ge " $LOG_LEVEL_2 " ] ; then
if [ " $OUTPUT_INSECURE " = "1" ] ; then
_log " $@ "
else
_log " $1 " " $HIDDEN_VALUE "
fi
fi
if [ " ${ SYS_LOG :- $SYSLOG_LEVEL_NONE } " -ge " $SYSLOG_LEVEL_DEBUG_2 " ] ; then
_syslog " $SYSLOG_DEBUG " " $1 " " $HIDDEN_VALUE "
fi
if [ " ${ DEBUG :- $DEBUG_LEVEL_NONE } " -ge " $DEBUG_LEVEL_2 " ] ; then
if [ " $OUTPUT_INSECURE " = "1" ] ; then
_printargs " $@ " >& 2
else
_printargs " $1 " " $HIDDEN_VALUE " >& 2
fi
fi
}
_debug3( ) {
_debug3( ) {
if [ " ${ LOG_LEVEL :- $DEFAULT_LOG_LEVEL } " -ge " $LOG_LEVEL_3 " ] ; then
if [ " ${ LOG_LEVEL :- $DEFAULT_LOG_LEVEL } " -ge " $LOG_LEVEL_3 " ] ; then
_log " $@ "
_log " $@ "
@ -236,6 +279,26 @@ _debug3() {
fi
fi
}
}
_secure_debug3( ) {
if [ " ${ LOG_LEVEL :- $DEFAULT_LOG_LEVEL } " -ge " $LOG_LEVEL_3 " ] ; then
if [ " $OUTPUT_INSECURE " = "1" ] ; then
_log " $@ "
else
_log " $1 " " $HIDDEN_VALUE "
fi
fi
if [ " ${ SYS_LOG :- $SYSLOG_LEVEL_NONE } " -ge " $SYSLOG_LEVEL_DEBUG_3 " ] ; then
_syslog " $SYSLOG_DEBUG " " $1 " " $HIDDEN_VALUE "
fi
if [ " ${ DEBUG :- $DEBUG_LEVEL_NONE } " -ge " $DEBUG_LEVEL_3 " ] ; then
if [ " $OUTPUT_INSECURE " = "1" ] ; then
_printargs " $@ " >& 2
else
_printargs " $1 " " $HIDDEN_VALUE " >& 2
fi
fi
}
_startswith( ) {
_startswith( ) {
_str = " $1 "
_str = " $1 "
_sub = " $2 "
_sub = " $2 "
@ -4583,7 +4646,7 @@ Parameters:
--force, -f Used to force to install or force to renew a cert immediately.
--force, -f Used to force to install or force to renew a cert immediately.
--staging, --test Use staging server, just for test.
--staging, --test Use staging server, just for test.
--debug Output debug info.
--debug Output debug info.
--output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for secure.
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--standalone Use standalone mode.
--stateless Use stateless mode, see: $_STATELESS_WIKI
--stateless Use stateless mode, see: $_STATELESS_WIKI
@ -4877,6 +4940,9 @@ _process() {
shift
shift
fi
fi
; ;
; ;
--output-insecure)
export OUTPUT_INSECURE = 1
; ;
--webroot | -w)
--webroot | -w)
wvalue = " $2 "
wvalue = " $2 "
if [ -z " $_webroot " ] ; then
if [ -z " $_webroot " ] ; then