ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Make SSLKEYLOGFILE code reusable

Browse Source 
The commit makes $SSLKEYLOGFILE-related code reusable so that we can
use it in QUIC-related code where the callback needs to be overridden.
This commit is contained in:
Artem Boldariev
2024-11-27 15:46:45 +02:00
parent dfde7bc95f
commit ee19edc257
2 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/isc/include/isc/tls.h
View File

@@ -608,6 +608,14 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
*\li 'ctx' - a valid non-NULL pointer; *\li 'ctx' - a valid non-NULL pointer;
*/ */
void
isc_tls_sslkeylogfile_append(const char *line);
/*%<
* Appends the provided line to the dedicated SSL keys log file
* provided via "SSLKEYLOGFILE" environmental variable (iff the variable is
* set).
*/
#define isc_tlserr2result(category, module, funcname, fallback) \ #define isc_tlserr2result(category, module, funcname, fallback) \
isc__tlserr2result(category, module, funcname, fallback, __FILE__, \ isc__tlserr2result(category, module, funcname, fallback, __FILE__, \
__LINE__) __LINE__)

26
lib/isc/tls.c
View File

@@ -54,6 +54,8 @@
#define COMMON_SSL_OPTIONS \ #define COMMON_SSL_OPTIONS \
(SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) (SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
static bool sslkeylogfile_enabled = false;
void void
isc_tlsctx_free(isc_tlsctx_t **ctxp) { isc_tlsctx_free(isc_tlsctx_t **ctxp) {
SSL_CTX *ctx = NULL; SSL_CTX *ctx = NULL;
@@ -75,14 +77,32 @@ isc_tlsctx_attach(isc_tlsctx_t *src, isc_tlsctx_t **ptarget) {
*ptarget = src; *ptarget = src;
} }
void
isc__sslkeylog_init(void) __attribute__((__constructor__));
void
isc__sslkeylog_init(void) {
if (getenv("SSLKEYLOGFILE") != NULL) {
sslkeylogfile_enabled = true;
}
}
/* /*
* Callback invoked by the SSL library whenever a new TLS pre-master secret * Callback invoked by the SSL library whenever a new TLS pre-master secret
* needs to be logged. * needs to be logged.
*/ */
void
isc_tls_sslkeylogfile_append(const char *line) {
if (sslkeylogfile_enabled) {
isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_CRYPTO,
ISC_LOG_INFO, "%s", line);
}
}
static void static void
sslkeylogfile_append(const SSL *ssl ISC_ATTR_UNUSED, const char *line) { sslkeylogfile_append(const SSL *ssl ISC_ATTR_UNUSED, const char *line) {
isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_CRYPTO, UNUSED(ssl);
ISC_LOG_INFO, "%s", line); isc_tls_sslkeylogfile_append(line);
} }
/* /*
@@ -92,7 +112,7 @@ sslkeylogfile_append(const SSL *ssl ISC_ATTR_UNUSED, const char *line) {
*/ */
static void static void
sslkeylogfile_init(isc_tlsctx_t *ctx) { sslkeylogfile_init(isc_tlsctx_t *ctx) {
if (getenv("SSLKEYLOGFILE") != NULL) { if (sslkeylogfile_enabled) {
SSL_CTX_set_keylog_callback(ctx, sslkeylogfile_append); SSL_CTX_set_keylog_callback(ctx, sslkeylogfile_append);
} }
} }