[exim-cvs] OpenSSL: Debug output TLS 1.3 keying

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Exim Git Commits Mailing List at ->
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] OpenSSL: Debug output TLS 1.3 keying
Gitweb: https://git.exim.org/exim.git/commitdiff/8a40db1c6153e108913c6308a95eb71725bddde3
Commit:     8a40db1c6153e108913c6308a95eb71725bddde3
Parent:     56dbf856f209bbd6c6e211e691b8fd898e01dfe8
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Dec 30 22:51:18 2018 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Feb 10 23:56:45 2019 +0000


    OpenSSL: Debug output TLS 1.3 keying


    (cherry picked from commit 3c1f3b85aa4139ba062268ca958bab0dd0d64140)
---
 doc/doc-txt/ChangeLog |  3 ++-
 src/src/tls-openssl.c | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 01c3a12..9e91192 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -8,7 +8,8 @@ options, and new features, see the NewStuff file next to this ChangeLog.
Exim version 4.93
----------------- 

-     (none yet)
+JH/01 OpenSSL: With debug enabled output keying information sufficient, server
+      side, to decode a TLS 1.3 packet capture.



Exim version 4.92
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index f04cbf8..045e30a 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -91,6 +91,12 @@ change this guard and punt the issue for a while longer. */
# endif
#endif

+#ifndef LIBRESSL_VERSION_NUMBER
+# if OPENSSL_VERSION_NUMBER >= 0x010101000L
+# define OPENSSL_HAVE_KEYLOG_CB
+# endif
+#endif
+
#if !defined(EXIM_HAVE_OPENSSL_TLSEXT) && !defined(DISABLE_OCSP)
# warning "OpenSSL library version too old; define DISABLE_OCSP in Makefile"
# define DISABLE_OCSP
@@ -774,6 +780,12 @@ DEBUG(D_tls)
}
}

+static void
+keylog_callback(const SSL *ssl, const char *line)
+{
+DEBUG(D_tls) debug_printf("%.200s\n", line);
+}
+


/*************************************************
@@ -1768,6 +1780,9 @@ if (!RAND_status())
level. */

DEBUG(D_tls) SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
+#ifdef OPENSSL_HAVE_KEYLOG_CB
+DEBUG(D_tls) SSL_CTX_set_keylog_callback(ctx, (void (*)())keylog_callback);
+#endif

/* Automatically re-try reads/writes after renegotiation. */
(void) SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] tidying[exim-cvs] OpenSSL: send no TLS1.3 session tickets->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)