Message 326430 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, jmfrank63, jonozzz, njs, yan12125
Date	2018-09-26.08:25:56
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1537950356.44.0.545547206417.issue34271@psf.upfronthosting.co.za>
In-reply-to

Content
Here is a horribly hacky and simple implementation. I have a more elaborate implementation that does correct locking and has no global state. static BIO bio_keylog = NULL; static void keylog_callback(const SSL ssl, const char line) { BIO_printf(bio_keylog, "%s\n", line); (void)BIO_flush(bio_keylog); } int PySSL_set_keylog_file(SSL_CTX ctx, const char keylog_file) { / Close any open files / BIO_free_all(bio_keylog); bio_keylog = NULL; if (ctx == NULL \|\| keylog_file == NULL) { / Keylogging is disabled, OK. / return 0; } / * Append rather than write in order to allow concurrent modification. * Furthermore, this preserves existing keylog files which is useful when * the tool is run multiple times. / bio_keylog = BIO_new_file(keylog_file, "a"); if (bio_keylog == NULL) { BIO b = BIO_new_fp(stderr, BIO_NOCLOSE \| BIO_FP_TEXT); BIO_printf(b, "Error writing keylog file %s\n", keylog_file); BIO_free_all(b); return 1; } /* Write a header for seekable, empty files (this excludes pipes). */ if (BIO_tell(bio_keylog) == 0) { BIO_puts(bio_keylog, "# SSL/TLS secrets log file, generated by OpenSSL\n"); (void)BIO_flush(bio_keylog); } SSL_CTX_set_keylog_callback(ctx, keylog_callback); return 0; }

Here is a horribly hacky and simple implementation. I have a more elaborate implementation that does correct locking and has no global state.

static BIO *bio_keylog = NULL;

static void keylog_callback(const SSL *ssl, const char *line)
{
    BIO_printf(bio_keylog, "%s\n", line);
    (void)BIO_flush(bio_keylog);
}

int PySSL_set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
{
    /* Close any open files */
    BIO_free_all(bio_keylog);
    bio_keylog = NULL;

    if (ctx == NULL || keylog_file == NULL) {
        /* Keylogging is disabled, OK. */
        return 0;
    }

    /*
     * Append rather than write in order to allow concurrent modification.
     * Furthermore, this preserves existing keylog files which is useful when
     * the tool is run multiple times.
     */
    bio_keylog = BIO_new_file(keylog_file, "a");
    if (bio_keylog == NULL) {
        BIO *b = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
        BIO_printf(b, "Error writing keylog file %s\n", keylog_file);
        BIO_free_all(b);
        return 1;
    }

    /* Write a header for seekable, empty files (this excludes pipes). */
    if (BIO_tell(bio_keylog) == 0) {
        BIO_puts(bio_keylog,
                 "# SSL/TLS secrets log file, generated by OpenSSL\n");
        (void)BIO_flush(bio_keylog);
    }
    SSL_CTX_set_keylog_callback(ctx, keylog_callback);
    return 0;
}

History
Date	User	Action	Args
2018-09-26 08:25:56	christian.heimes	set	recipients: + christian.heimes, jonozzz, njs, yan12125, jmfrank63
2018-09-26 08:25:56	christian.heimes	set	messageid: <1537950356.44.0.545547206417.issue34271@psf.upfronthosting.co.za>
2018-09-26 08:25:56	christian.heimes	link	issue34271 messages
2018-09-26 08:25:56	christian.heimes	create