MAJOR: ssl: use the msg callback mecanism for backend connections

Backend SSL connections never used the ssl_sock_msg_callbacks() which
prevent the use of keylog on the server side.

The impact should be minimum, though it add a major callback system for
protocol analysis, which is the same used on frontend connections.

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_msg_callback.html

The patch add a call to SSL_CTX_set_msg_callback() in
ssl_sock_prepare_srv_ssl_ctx() the same way it's done for bind lines in
ssl_sock_prepare_ctx().

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c44c9e7e38b112005f0683bb73f6b9e4ebadffbd..e629ca2d8481364a4881f53b274f7ef60d80ddc4 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5144,6 +5144,9 @@ static int ssl_sock_prepare_srv_ssl_ctx(const struct server *srv, SSL_CTX *ctx)
                cfgerr++;
        }
 
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+       SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
+#endif
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
        if (srv->ssl_ctx.ciphersuites &&
                !SSL_CTX_set_ciphersuites(ctx, srv->ssl_ctx.ciphersuites)) {