-
Notifications
You must be signed in to change notification settings - Fork 4.1k
feat: enable TLS key logging via SSLKEYLOGFILE env #3173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -22,6 +22,9 @@ | |
| #ifndef USE_MESALINK | ||
|
|
||
| #include <sys/socket.h> // recv | ||
| #include <pthread.h> // pthread_once | ||
| #include <stdio.h> // fopen | ||
| #include <stdlib.h> // getenv | ||
| #include <openssl/ssl.h> | ||
| #include <openssl/err.h> | ||
| #include <openssl/x509.h> | ||
|
|
@@ -185,6 +188,43 @@ static void SSLMessageCallback(int write_p, int version, int content_type, | |
| #endif // TLS1_RT_HEARTBEAT | ||
| } | ||
|
|
||
| #if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x10101000L) | ||
| static pthread_once_t g_ssl_keylog_once = PTHREAD_ONCE_INIT; | ||
| static FILE* g_ssl_keylog_file = NULL; | ||
|
|
||
| static void InitSSLKeyLogFile() { | ||
| const char* path = getenv("SSLKEYLOGFILE"); | ||
| if (path == NULL || path[0] == '\0') { | ||
| return; | ||
| } | ||
| g_ssl_keylog_file = fopen(path, "a"); | ||
| if (g_ssl_keylog_file == NULL) { | ||
| PLOG(WARNING) << "Fail to open SSLKEYLOGFILE=" << path; | ||
koarz marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| } | ||
| } | ||
|
|
||
| static void SSLKeyLogCallback(const SSL* ssl, const char* line) { | ||
| (void)ssl; | ||
| if (line == NULL) { | ||
| return; | ||
| } | ||
| // Write the full key log line with newline in one call to keep output atomic. | ||
| fprintf(g_ssl_keylog_file, "%s\n", line); | ||
| fflush(g_ssl_keylog_file); | ||
koarz marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| } | ||
|
|
||
| static void MaybeSetKeyLogCallback(SSL_CTX* ctx) { | ||
| pthread_once(&g_ssl_keylog_once, InitSSLKeyLogFile); | ||
| if (ctx != NULL && g_ssl_keylog_file != NULL) { | ||
| SSL_CTX_set_keylog_callback(ctx, SSLKeyLogCallback); | ||
| } | ||
| } | ||
|
Comment on lines
196
to
226
|
||
| #else | ||
| static void MaybeSetKeyLogCallback(SSL_CTX* ctx) { | ||
| (void)ctx; | ||
| } | ||
| #endif | ||
|
|
||
| #ifndef OPENSSL_NO_DH | ||
| static DH* SSLGetDHCallback(SSL* ssl, int exp, int keylen) { | ||
| (void)exp; | ||
|
|
@@ -494,6 +534,7 @@ SSL_CTX* CreateClientSSLContext(const ChannelSSLOptions& options) { | |
| LOG(ERROR) << "Fail to new SSL_CTX: " << SSLError(ERR_get_error()); | ||
| return NULL; | ||
| } | ||
| MaybeSetKeyLogCallback(ssl_ctx.get()); | ||
|
|
||
| if (!options.client_cert.certificate.empty() | ||
| && LoadCertificate(ssl_ctx.get(), | ||
|
|
@@ -532,6 +573,7 @@ SSL_CTX* CreateServerSSLContext(const std::string& certificate, | |
| LOG(ERROR) << "Fail to new SSL_CTX: " << SSLError(ERR_get_error()); | ||
| return NULL; | ||
| } | ||
| MaybeSetKeyLogCallback(ssl_ctx.get()); | ||
|
|
||
| if (LoadCertificate(ssl_ctx.get(), certificate, | ||
| private_key, hostnames) != 0) { | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.