[issue34271] Please support logging of SSL master secret by env variable SSLKEYLOGFILE
Christian Heimes
report at bugs.python.org
Wed Sep 26 04:25:56 EDT 2018
Christian Heimes <lists at cheimes.de> added the comment:
Here is a horribly hacky and simple implementation. I have a more elaborate implementation that does correct locking and has no global state.
static BIO *bio_keylog = NULL;
static void keylog_callback(const SSL *ssl, const char *line)
{
BIO_printf(bio_keylog, "%s\n", line);
(void)BIO_flush(bio_keylog);
}
int PySSL_set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
{
/* Close any open files */
BIO_free_all(bio_keylog);
bio_keylog = NULL;
if (ctx == NULL || keylog_file == NULL) {
/* Keylogging is disabled, OK. */
return 0;
}
/*
* Append rather than write in order to allow concurrent modification.
* Furthermore, this preserves existing keylog files which is useful when
* the tool is run multiple times.
*/
bio_keylog = BIO_new_file(keylog_file, "a");
if (bio_keylog == NULL) {
BIO *b = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
BIO_printf(b, "Error writing keylog file %s\n", keylog_file);
BIO_free_all(b);
return 1;
}
/* Write a header for seekable, empty files (this excludes pipes). */
if (BIO_tell(bio_keylog) == 0) {
BIO_puts(bio_keylog,
"# SSL/TLS secrets log file, generated by OpenSSL\n");
(void)BIO_flush(bio_keylog);
}
SSL_CTX_set_keylog_callback(ctx, keylog_callback);
return 0;
}
----------
stage: -> needs patch
versions: +Python 3.8 -Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34271>
_______________________________________
More information about the Python-bugs-list
mailing list