From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 6 Feb 2020 09:06:39 +0000 (+0100)
Subject: dnsdist: Fix key logging for DNS over TLS
X-Git-Tag: auth-4.3.0-beta2~37^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a530e9d549bb88ee43ee2770b17c74c68c8db91;p=thirdparty%2Fpdns.git

dnsdist: Fix key logging for DNS over TLS
---

diff --git a/pdns/dnsdistdist/tcpiohandler.cc b/pdns/dnsdistdist/tcpiohandler.cc
index 59017d8f81..71ca39f516 100644
--- a/pdns/dnsdistdist/tcpiohandler.cc
+++ b/pdns/dnsdistdist/tcpiohandler.cc
@@ -42,6 +42,7 @@ public:
   OpenSSLTLSTicketKeysRing d_ticketKeys;
   std::map<int, std::string> d_ocspResponses;
   std::unique_ptr<SSL_CTX, void(*)(SSL_CTX*)> d_tlsCtx{nullptr, SSL_CTX_free};
+  std::unique_ptr<FILE, int(*)(FILE*)> d_keyLogFile{nullptr, fclose};
 };
 
 class OpenSSLTLSConnection: public TLSConnection
@@ -303,6 +304,10 @@ public:
 
     libssl_set_error_counters_callback(d_feContext->d_tlsCtx, &fe.d_tlsCounters);
 
+    if (!fe.d_tlsConfig.d_keyLogFile.empty()) {
+      d_feContext->d_keyLogFile = libssl_set_key_log_file(d_feContext->d_tlsCtx, fe.d_tlsConfig.d_keyLogFile);
+    }
+
     try {
       if (fe.d_tlsConfig.d_ticketKeyFile.empty()) {
         handleTicketsKeyRotation(time(nullptr));