From 3081bda79879deeb6994ab0d7064b8dfec9a5d92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 22 Dec 2021 18:17:26 +0100 Subject: [PATCH] Add a logging category for TLS pre-master secrets TLS pre-master secrets will be dumped to disk using the logging framework provided by libisc. Add a new logging category for this type of debugging data in order to enable exporting it to a dedicated channel. Derive the name of the new category from the name of the relevant environment variable, SSLKEYLOGFILE. --- doc/arm/logging-categories.rst | 3 +++ lib/isc/include/isc/log.h | 5 +++-- lib/isc/log.c | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/arm/logging-categories.rst b/doc/arm/logging-categories.rst index d823eb2f63..781215ccd9 100644 --- a/doc/arm/logging-categories.rst +++ b/doc/arm/logging-categories.rst @@ -97,6 +97,9 @@ ``spill`` Queries that have been terminated, either by dropping or responding with SERVFAIL, as a result of a fetchlimit quota being exceeded. +``sslkeylog`` + TLS pre-master secrets (for debugging purposes). + ``trust-anchor-telemetry`` Trust-anchor-telemetry requests received by ``named``. diff --git a/lib/isc/include/isc/log.h b/lib/isc/include/isc/log.h index d1968e0f91..f0348c7ca8 100644 --- a/lib/isc/include/isc/log.h +++ b/lib/isc/include/isc/log.h @@ -167,8 +167,9 @@ extern isc_logmodule_t isc_modules[]; * Do not log directly to DEFAULT. Use another category. When in doubt, * use GENERAL. */ -#define ISC_LOGCATEGORY_DEFAULT (&isc_categories[0]) -#define ISC_LOGCATEGORY_GENERAL (&isc_categories[1]) +#define ISC_LOGCATEGORY_DEFAULT (&isc_categories[0]) +#define ISC_LOGCATEGORY_GENERAL (&isc_categories[1]) +#define ISC_LOGCATEGORY_SSLKEYLOG (&isc_categories[2]) /*@}*/ #define ISC_LOGMODULE_SOCKET (&isc_modules[0]) diff --git a/lib/isc/log.c b/lib/isc/log.c index 031393d430..8e83a50aac 100644 --- a/lib/isc/log.c +++ b/lib/isc/log.c @@ -181,6 +181,7 @@ isc_logcategory_t isc_categories[] = { { "default", 0 }, /* "default must come first. */ { "general", 0 }, + { "sslkeylog", 0 }, { NULL, 0 } }; /*!