diff options
| author | Daniel McCarney <daniel@binaryparadox.net> | 2024-09-12 10:43:41 -0400 |
|---|---|---|
| committer | Daniel McCarney <daniel@binaryparadox.net> | 2024-09-26 09:47:03 -0400 |
| commit | c73b2e1333ed002ebda283bc20c203ca70356b71 (patch) | |
| tree | 374548c7d6367249b5fc7166f045825edd976a52 /tests/server.c | |
| parent | e5a7037cf9a43b9228c1353b87a6c78bb15e8d6d (diff) | |
client/server: support for KeyLog trait, SSLKEYLOGFILE
For debugging purposes it's quite helpful to be able to log session
secrets to a file specified by the `SSLKEYLOGFILE`, for example to use
with Wireshark to decrypt session traffic.
This commit adds two methods to rustls-ffi for both client and server
configurations to facilitate this:
1. `rustls_server_config_builder_set_key_log_file()` and
`rustls_client_config_builder_set_key_log_file()` enable using the
Rustls `KeyLogFile` implementation of the `KeyLog` trait. This option
simply honours the `SSLKEYLOGFILE` env var and spits out a NSS
formatted key log file appropriate for use with Wireshark and other
tools that support this format.
2. `rustls_server_config_builder_set_key_log()` and
`rustls_client_config_builder_set_key_log()` enable providing
C callbacks that will be invoked to decide which secrets are logged,
and to do the logging. This allows for fine-grained control over how
secrets are logged and may be more appropriate for applications that
already handle this task for other TLS backends (e.g. curl).
The client and server examples are updated to optionally use these new
features. If the `SSLKEYLOG` env. var is set, both will use the
`_set_key_log_file()` fns to set up the standard file based key logging.
If the `STDERRKEYLOG` env var is set then both will use the
`_set_key_log()` fns to set up custom callbacks that will print the
hex-encoded secret data to stderr as a simple demonstration.
Diffstat (limited to 'tests/server.c')
| -rw-r--r-- | tests/server.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/server.c b/tests/server.c index b353272..3c6846f 100644 --- a/tests/server.c +++ b/tests/server.c @@ -360,6 +360,22 @@ main(int argc, const char **argv) client_cert_verifier); } + if(getenv("SSLKEYLOGFILE")) { + result = rustls_server_config_builder_set_key_log_file(config_builder); + if(result != RUSTLS_RESULT_OK) { + print_error("enabling keylog", result); + goto cleanup; + } + } + else if(getenv("STDERRKEYLOG")) { + result = rustls_server_config_builder_set_key_log( + config_builder, stderr_key_log_cb, NULL); + if(result != RUSTLS_RESULT_OK) { + print_error("enabling keylog", result); + goto cleanup; + } + } + result = rustls_server_config_builder_build(config_builder, &server_config); if(result != RUSTLS_RESULT_OK) { print_error("building server config", result); |