--- a/ChangeLog	Fri Jun 26 04:46:15 2009 +0000
+++ b/ChangeLog	Fri Jun 26 05:11:01 2009 +0000
@@ -18,6 +18,10 @@
 	  from you on MSN.
 	* DNS servers are re-read when DNS queries fail in case the system has
 	  moved to a new network and the old servers are not accessible.
+	* GnuTLS logging (disabled by default) can be controlled through the
+	  PURPLE_GNUTLS_DEBUG environment variable, which is an integer between
+	  0 and 9 (higher is more verbose). Higher values may reveal sensitive
+	  information.
 
 	Gadu-Gadu:
 	* Accounts can specify a server to which to connect.

--- a/libpurple/plugins/ssl/ssl-gnutls.c	Fri Jun 26 04:46:15 2009 +0000
+++ b/libpurple/plugins/ssl/ssl-gnutls.c	Fri Jun 26 05:11:01 2009 +0000
@@ -43,8 +43,17 @@
 static gnutls_certificate_client_credentials xcred;
 
 static void
+ssl_gnutls_log(int level, const char *str)
+{
+	/* GnuTLS log messages include the '\n' */
+	purple_debug_misc("gnutls", "lvl %d: %s", level, str);
+}
+
+static void
 ssl_gnutls_init_gnutls(void)
 {
+	const char *debug_level;
+
 	/* Configure GnuTLS to use glib memory management */
 	/* I expect that this isn't really necessary, but it may prevent
 	   some bugs */
@@ -59,6 +68,20 @@
 		(gnutls_free_function)    g_free     /* free */
 		);
 
+	debug_level = g_getenv("PURPLE_GNUTLS_DEBUG");
+	if (debug_level) {
+		int level = atoi(debug_level);
+		if (level < 0) {
+			purple_debug_warning("gnutls", "Assuming log level 0 instead of %d\n",
+			                     level);
+			level = 0;
+		}
+
+		/* "The level is an integer between 0 and 9. Higher values mean more verbosity." */
+		gnutls_global_set_log_level(level);
+		gnutls_global_set_log_function(ssl_gnutls_log);
+	}
+
 	gnutls_global_init();
 
 	gnutls_certificate_allocate_credentials(&xcred);