diff --git a/apps/dgst.c b/apps/dgst.c
index 57f6a49e..98807cb9 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -229,7 +229,8 @@ int dgst_main(int argc, char **argv)
             out_bin = 0;
     }
 
-    //BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+    if (e)
+        BIO_printf(bio_err, "Using configuration from %s\n", configfile);
     if ((conf = app_load_config(configfile)) == NULL)
         goto end;
     if (configfile != default_config_file && !app_load_modules(conf))
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 9a9b62e4..5d71485a 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -184,7 +184,9 @@ int ecparam_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
-    BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+    if (e)
+        BIO_printf(bio_err, "ecparam using engine configuration from %s\n",
+                   configfile);
 
     if ((conf = app_load_config(configfile)) == NULL)
         goto end;
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 38f46bb3..809cd85e 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -400,6 +400,10 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             return 0;
         }
         dctx->ec_scheme = p1;
+# ifdef SM2_DEBUG
+        fprintf(stderr, "[SM2_DEBUG] EVP_PKEY_CTX_set_ec_scheme(%s)\n",
+            p1 == NID_secg_scheme ? "NID_secg_scheme" : "NID_sm_scheme");
+# endif
         return 1;
 
     case EVP_PKEY_CTRL_SIGNER_ID:
@@ -431,6 +435,9 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                     }
                 }
                 memcpy(dctx->signer_zid, zid, zidlen);
+# ifdef SM2_DEBUG
+                fprintf(stderr, "[SM2_DEBUG] EVP_PKEY_CTX_set_signer_id(\"%s\")\n", id);
+# endif
             }
         }
         return 1;
@@ -459,6 +466,10 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 return 0;
             }
             dctx->signer_zid = zid;
+# ifdef SM2_DEBUG
+            fprintf(stderr, "[SM2_DEBUG] EVP_PKEY_CTX_get_signer_zid() "
+                "init zid with default id\n");
+# endif
         }
         *(const unsigned char **)p2 = dctx->signer_zid;
         return 1;
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 846fe72c..3693d38e 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -155,6 +155,10 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 		const unsigned char *zid;
 		if (1 == EVP_PKEY_CTX_get_signer_zid(ctx->pctx, &zid)) {
 			ctx->update(ctx, zid, 32);
+# ifdef SM2_DEBUG
+			fprintf(stderr, " %s() first update with SM2 ZID\n",
+				__FUNCTION__);
+# endif
 		}
 		EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_UPDATED);
 	}
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index 5581b548..d576ea86 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -58,8 +58,9 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
         if (EC_GROUP_get_curve_name(EC_KEY_get0_group(
             EVP_PKEY_get0_EC_KEY(pkey))) == NID_sm2p256v1) {
-# ifdef CIPHER_DEBUG
-            fprintf(stderr, "%s() set sm scheme\n", __FUNCTION__);
+# ifdef SM2_DEBUG
+            fprintf(stderr, "[SM2_DEBUG] %s->EVP_PKEY_CTX_set_ec_scheme\n",
+                __FUNCTION__);
 # endif
             if (EVP_PKEY_CTX_set_ec_scheme(pkctx, NID_sm_scheme) <= 0) {
                 goto err;
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index cbf44278..8eb44e43 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -55,8 +55,9 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
     if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
         if (EC_GROUP_get_curve_name(EC_KEY_get0_group(
             EVP_PKEY_get0_EC_KEY(pkey))) == NID_sm2p256v1) {
-# ifdef CIPHER_DEBUG
-            fprintf(stderr, "%s() set sm scheme\n", __FUNCTION__);
+# ifdef SM2_DEBUG
+            fprintf(stderr, "[SM2_DEBUG] %s->EVP_PKEY_CTX_set_ec_scheme\n",
+                __FUNCTION__);
 # endif
             if (EVP_PKEY_CTX_set_ec_scheme(pkctx, NID_sm_scheme) <= 0) {
                 goto err;
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 015ec99c..09c43ca8 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -212,6 +212,18 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
         }
     }
 
+#define GMTLS_DEBUG
+#ifdef GMTLS_DEBUG
+    switch (i) {
+    case SSL_PKEY_SM2:
+        fprintf(stderr, "[GMTLS_DEBUG] set sm2 signing private key\n");
+        break;
+    case SSL_PKEY_SM2_ENC:
+        fprintf(stderr, "[GMTLS_DEBUG] set sm2 decryption private key\n");
+        break;
+    }
+#endif
+
     EVP_PKEY_free(c->pkeys[i].privatekey);
     EVP_PKEY_up_ref(pkey);
     c->pkeys[i].privatekey = pkey;
@@ -417,6 +429,17 @@ static int ssl_set_cert(CERT *c, X509 *x)
         }
     }
 
+#ifdef GMTLS_DEBUG
+    switch (i) {
+    case SSL_PKEY_SM2:
+        fprintf(stderr, "[GMTLS_DEBUG] set sm2 signing certificate\n");
+        break;
+    case SSL_PKEY_SM2_ENC:
+        fprintf(stderr, "[GMTLS_DEBUG] set sm2 encryption certificate\n");
+        break;
+    }
+#endif
+
     X509_free(c->pkeys[i].x509);
     X509_up_ref(x);
     c->pkeys[i].x509 = x;