[issue34271] Please support logging of SSL master secret by env variable SSLKEYLOGFILE

Wed, 26 Sep 2018 01:36:00 -0700 


Johannes Frank <jmfran...@gmail.com> added the comment:

Hi Christian
I would be willing to give this a try, could you publish or send me that
more elaborate code?
Thanks Johannes

On Wed, 26 Sep 2018 at 09:25, Christian Heimes <rep...@bugs.python.org>
wrote:

>
> Christian Heimes <li...@cheimes.de> added the comment:
>
> Here is a horribly hacky and simple implementation. I have a more
> elaborate implementation that does correct locking and has no global state.
>
> static BIO *bio_keylog = NULL;
>
> static void keylog_callback(const SSL *ssl, const char *line)
> {
>     BIO_printf(bio_keylog, "%s\n", line);
>     (void)BIO_flush(bio_keylog);
> }
>
> int PySSL_set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
> {
>     /* Close any open files */
>     BIO_free_all(bio_keylog);
>     bio_keylog = NULL;
>
>     if (ctx == NULL || keylog_file == NULL) {
>         /* Keylogging is disabled, OK. */
>         return 0;
>     }
>
>     /*
>      * Append rather than write in order to allow concurrent modification.
>      * Furthermore, this preserves existing keylog files which is useful
> when
>      * the tool is run multiple times.
>      */
>     bio_keylog = BIO_new_file(keylog_file, "a");
>     if (bio_keylog == NULL) {
>         BIO *b = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
>         BIO_printf(b, "Error writing keylog file %s\n", keylog_file);
>         BIO_free_all(b);
>         return 1;
>     }
>
>     /* Write a header for seekable, empty files (this excludes pipes). */
>     if (BIO_tell(bio_keylog) == 0) {
>         BIO_puts(bio_keylog,
>                  "# SSL/TLS secrets log file, generated by OpenSSL\n");
>         (void)BIO_flush(bio_keylog);
>     }
>     SSL_CTX_set_keylog_callback(ctx, keylog_callback);
>     return 0;
> }
>
> ----------
> stage:  -> needs patch
> versions: +Python 3.8 -Python 3.7
>
> _______________________________________
> Python tracker <rep...@bugs.python.org>
> <https://bugs.python.org/issue34271>
> _______________________________________
>

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue34271>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to