|
105 | 105 | int nb_engines = 0; |
106 | 106 |
|
107 | 107 | static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */ |
| 108 | +static FILE *sslkeylogfile = NULL; |
108 | 109 |
|
109 | 110 | struct global_ssl global_ssl = { |
110 | 111 | #ifdef LISTEN_DEFAULT_CIPHERS |
@@ -4116,6 +4117,12 @@ void SSL_CTX_keylog(const SSL *ssl, const char *line) |
4116 | 4117 | char *lastarg = NULL; |
4117 | 4118 | char *dst = NULL; |
4118 | 4119 |
|
| 4120 | + if (sslkeylogfile) { |
| 4121 | + fwrite(line, strlen(line), 1, sslkeylogfile); |
| 4122 | + fwrite("\n", 1, 1, sslkeylogfile); |
| 4123 | + fflush(sslkeylogfile); |
| 4124 | + } |
| 4125 | + |
4119 | 4126 | #ifdef USE_QUIC_OPENSSL_COMPAT |
4120 | 4127 | quic_tls_compat_keylog_callback(ssl, line); |
4121 | 4128 | #endif |
@@ -7907,6 +7914,9 @@ static void __ssl_sock_init(void) |
7907 | 7914 | STACK_OF(SSL_COMP)* cm; |
7908 | 7915 | int n; |
7909 | 7916 | #endif |
| 7917 | +#ifdef HAVE_SSL_KEYLOG |
| 7918 | + char *sslkeylogfile_env; |
| 7919 | +#endif |
7910 | 7920 |
|
7911 | 7921 | if (global_ssl.listen_default_ciphers) |
7912 | 7922 | global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers); |
@@ -7950,6 +7960,9 @@ static void __ssl_sock_init(void) |
7950 | 7960 | ssl_qc_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
7951 | 7961 | #endif /* USE_QUIC */ |
7952 | 7962 | #ifdef HAVE_SSL_KEYLOG |
| 7963 | + sslkeylogfile_env = getenv("SSLKEYLOGFILE"); |
| 7964 | + if (sslkeylogfile_env) |
| 7965 | + sslkeylogfile = fopen(sslkeylogfile_env, "a"); |
7953 | 7966 | ssl_keylog_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_keylog_free_func); |
7954 | 7967 | #endif |
7955 | 7968 | ssl_client_crt_ref_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_clt_crt_free_func); |
|
0 commit comments