From 941a7b6f4fc078cde009bbe2637a1da7bfc8d238 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 18 Jan 2018 14:58:57 +0100
Subject: [PATCH] Bring FS info level down to INFO, but store this information
 with the cert

---
 dnscrypt-proxy/certs.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/dnscrypt-proxy/certs.go b/dnscrypt-proxy/certs.go
index 620bac51..dd8bd106 100644
--- a/dnscrypt-proxy/certs.go
+++ b/dnscrypt-proxy/certs.go
@@ -19,6 +19,7 @@ type CertInfo struct {
 	SharedKey          [32]byte
 	MagicQuery         [ClientMagicLen]byte
 	CryptoConstruction CryptoConstruction
+	ForwardSecurity    bool
 }
 
 func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAddress string, providerName string) (CertInfo, int, error) {
@@ -77,7 +78,10 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
 		}
 		ttl := tsEnd - tsBegin
 		if ttl > 86400*7 {
-			dlog.Warnf("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", providerName, ttl/86400)
+			dlog.Infof("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", providerName, ttl/86400)
+			certInfo.ForwardSecurity = false
+		} else {
+			certInfo.ForwardSecurity = true
 		}
 		if now > tsEnd || now < tsBegin {
 			dlog.Debugf("[%v] Certificate not valid at the current date", providerName)