Message326430
Here is a horribly hacky and simple implementation. I have a more elaborate implementation that does correct locking and has no global state.
static BIO *bio_keylog = NULL;
static void keylog_callback(const SSL *ssl, const char *line)
{
BIO_printf(bio_keylog, "%s\n", line);
(void)BIO_flush(bio_keylog);
}
int PySSL_set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
{
/* Close any open files */
BIO_free_all(bio_keylog);
bio_keylog = NULL;
if (ctx == NULL || keylog_file == NULL) {
/* Keylogging is disabled, OK. */
return 0;
}
/*
* Append rather than write in order to allow concurrent modification.
* Furthermore, this preserves existing keylog files which is useful when
* the tool is run multiple times.
*/
bio_keylog = BIO_new_file(keylog_file, "a");
if (bio_keylog == NULL) {
BIO *b = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
BIO_printf(b, "Error writing keylog file %s\n", keylog_file);
BIO_free_all(b);
return 1;
}
/* Write a header for seekable, empty files (this excludes pipes). */
if (BIO_tell(bio_keylog) == 0) {
BIO_puts(bio_keylog,
"# SSL/TLS secrets log file, generated by OpenSSL\n");
(void)BIO_flush(bio_keylog);
}
SSL_CTX_set_keylog_callback(ctx, keylog_callback);
return 0;
} |
|
Date |
User |
Action |
Args |
2018-09-26 08:25:56 | christian.heimes | set | recipients:
+ christian.heimes, jonozzz, njs, yan12125, jmfrank63 |
2018-09-26 08:25:56 | christian.heimes | set | messageid: <1537950356.44.0.545547206417.issue34271@psf.upfronthosting.co.za> |
2018-09-26 08:25:56 | christian.heimes | link | issue34271 messages |
2018-09-26 08:25:56 | christian.heimes | create | |
|