Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without

CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.

CHANGES

@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel (8 November 2006)
+- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
+  CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
+  SSL handshake. This is now stopped.
+
 Daniel (7 November 2006)
 - Olaf fixed a leftover problem with the CONNECT fix of his that would leave a
   wrong error message in the error message buffer.

RELEASE-NOTES

@@ -16,6 +16,8 @@ This release includes the following changes:
 This release includes the following bugfixes:
 
  o proxy close during CONNECT authentication is now dealt with nicely
+ o the CURLOPT_DEBUGFUNCTION was sometimes called even when CURLOPT_VERBOSE
+   was not enabled
 
 Other curl-related news:
 
@@ -28,6 +30,6 @@ New curl mirrors:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- James Housley, Olaf Stueben, Yang Tse, Gisle Vanem
+ James Housley, Olaf Stueben, Yang Tse, Gisle Vanem, Bradford Bruce
 
         Thanks! (and sorry if I forgot to mention someone)

lib/ssluse.c

@@ -1207,7 +1207,7 @@ Curl_ossl_connect_step1(struct connectdata *conn,
   }
 
 #ifdef SSL_CTRL_SET_MSG_CALLBACK
-  if (data->set.fdebug) {
+  if (data->set.fdebug && data->set.verbose) {
     /* the SSL trace callback is only used for verbose logging so we only
        inform about failures of setting it */
     if (!SSL_CTX_callback_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK,