Skip to content

Commit

Permalink
Add support for SSLKEYLOGFILE with OpenSSL
Browse files Browse the repository at this point in the history 
GnuTLS has support already built-in.

Signed-off-by: Steffen Jaeckel <[email protected]>
  • Loading branch information
@sjaeckel
sjaeckel committed Apr 10, 2024
1 parent 9fef4b7 commit d82df12
Showing 1 changed file with 35 additions and 0 deletions.
35 changes: 35 additions & 0 deletions src/tls_openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ struct _tls {
X509 *client_cert;
void *channel_binding_data;
size_t channel_binding_size;
FILE *keylogfile;
int lasterror;
};

Expand Down Expand Up @@ -556,6 +557,36 @@ static int _tls_password_callback(char *buf, int size, int rwflag, void *u)
return tls_caching_password_callback(buf, size, u);
}

#if OPENSSL_VERSION_NUMBER >= 0x10101000L
static void _keylog_cb(const SSL *ssl, const char *line)
{
xmpp_conn_t *conn = SSL_get_app_data(ssl);
fwrite(line, strlen(line), 1, conn->tls->keylogfile);
fputc('\n', conn->tls->keylogfile);
fflush(conn->tls->keylogfile);
}
#endif

static void _try_open_keylogfile(tls_t *tls)
{
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
const char *first_line = "# SSL Key logfile generated by libstrophe\n";
const char *SSLKEYLOGFILE = getenv("SSLKEYLOGFILE");
if (!SSLKEYLOGFILE || *SSLKEYLOGFILE == '\0')
return;
tls->keylogfile = fopen(SSLKEYLOGFILE, "abe");
if (!tls->keylogfile) {
strophe_warn(tls->ctx, "tls", "Could not open SSL keylog file %s",
SSLKEYLOGFILE);
return;
}
fwrite(first_line, strlen(first_line), 1, tls->keylogfile);
SSL_CTX_set_keylog_callback(tls->ssl_ctx, _keylog_cb);
#else
UNUSED(tls);
#endif
}

tls_t *tls_new(xmpp_conn_t *conn)
{
tls_t *tls = strophe_alloc(conn->ctx, sizeof(*tls));
Expand Down Expand Up @@ -699,6 +730,8 @@ tls_t *tls_new(xmpp_conn_t *conn)
ret = SSL_set_fd(tls->ssl, conn->sock);
if (ret <= 0)
goto err_free_ssl;

_try_open_keylogfile(tls);
}

return tls;
Expand All @@ -717,6 +750,8 @@ tls_t *tls_new(xmpp_conn_t *conn)

void tls_free(tls_t *tls)
{
if (tls->keylogfile)
fclose(tls->keylogfile);
strophe_free(tls->ctx, tls->channel_binding_data);
SSL_free(tls->ssl);
X509_free(tls->client_cert);
Expand Down

0 comments on commit d82df12

Please sign in to comment.