TLS: downgrade fail of cert-based authentication from log message to debug messsage

2 files changed, 8 insertions, 5 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index bc95690b1..dbf634de3 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -38,6 +38,11 @@ JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
       to DSN fail messages (bounces): remote IP, remote greeting, remote response
       to HELO, local diagnostic string.
 
+JH/05 Downgrade message for a TLS-certificate-based authentication fail from
+      log line to debug.  Even when configured with a tls authenticator many
+      client connections are expected to not authenticate in this way, so
+      an authenticate fail is not an error.
+
 
 Exim version 4.86
 -----------------
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 998245137..abbcad62c 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -3322,12 +3322,10 @@ while (done <= 0)
 	{
 	smtp_cmd_data = NULL;
 
-	if ((c = smtp_in_auth(au, &s, &ss)) != OK)
-	  log_write(0, LOG_MAIN|LOG_REJECT, "%s authenticator failed for %s: %s",
-	    au->name, host_and_ident(FALSE), ss);
-	else
+	if (smtp_in_auth(au, &s, &ss) == OK)
 	  DEBUG(D_auth) debug_printf("tls auth succeeded\n");
-
+	else
+	  DEBUG(D_auth) debug_printf("tls auth not succeeded\n");
 	break;
 	}
     }