Author christian.heimes
Recipients christian.heimes, jmfrank63, jonozzz, njs, yan12125
Date 2018-09-26.08:25:56
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1537950356.44.0.545547206417.issue34271@psf.upfronthosting.co.za>
In-reply-to
Content
Here is a horribly hacky and simple implementation. I have a more elaborate implementation that does correct locking and has no global state.

static BIO *bio_keylog = NULL;

static void keylog_callback(const SSL *ssl, const char *line)
{
    BIO_printf(bio_keylog, "%s\n", line);
    (void)BIO_flush(bio_keylog);
}

int PySSL_set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
{
    /* Close any open files */
    BIO_free_all(bio_keylog);
    bio_keylog = NULL;

    if (ctx == NULL || keylog_file == NULL) {
        /* Keylogging is disabled, OK. */
        return 0;
    }

    /*
     * Append rather than write in order to allow concurrent modification.
     * Furthermore, this preserves existing keylog files which is useful when
     * the tool is run multiple times.
     */
    bio_keylog = BIO_new_file(keylog_file, "a");
    if (bio_keylog == NULL) {
        BIO *b = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
        BIO_printf(b, "Error writing keylog file %s\n", keylog_file);
        BIO_free_all(b);
        return 1;
    }

    /* Write a header for seekable, empty files (this excludes pipes). */
    if (BIO_tell(bio_keylog) == 0) {
        BIO_puts(bio_keylog,
                 "# SSL/TLS secrets log file, generated by OpenSSL\n");
        (void)BIO_flush(bio_keylog);
    }
    SSL_CTX_set_keylog_callback(ctx, keylog_callback);
    return 0;
}
History
Date User Action Args
2018-09-26 08:25:56christian.heimessetrecipients: + christian.heimes, jonozzz, njs, yan12125, jmfrank63
2018-09-26 08:25:56christian.heimessetmessageid: <1537950356.44.0.545547206417.issue34271@psf.upfronthosting.co.za>
2018-09-26 08:25:56christian.heimeslinkissue34271 messages
2018-09-26 08:25:56christian.heimescreate