From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Tue, 3 Oct 2023 13:05:56 +0000 (+0200)
Subject: DEV: sslkeylogger: handle file opening error
X-Git-Tag: v2.9-dev7~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e1e6fbb3fd6367a25b6db670a8376f008928731d;p=thirdparty%2Fhaproxy.git

DEV: sslkeylogger: handle file opening error

Prevent a Lua error if output file cannot be opened when logging SSL
keys. Report a warning instead with the error description.
---

diff --git a/dev/sslkeylogger/sslkeylogger.lua b/dev/sslkeylogger/sslkeylogger.lua
index 432fe65289..e67bf77da8 100644
--- a/dev/sslkeylogger/sslkeylogger.lua
+++ b/dev/sslkeylogger/sslkeylogger.lua
@@ -28,14 +28,18 @@ local function sslkeylog(txn, filename)
 
 	-- ensure that a key is written only once by using a session variable
 	if not txn:get_var('sess.sslkeylogdone') then
-		file = io.open(filename, 'a')
-		for fieldname, fetch in pairs(fields) do
-			if fetch() then
-				file:write(string.format('%s %s %s\n', fieldname, client_random, fetch()))
+		local file, err = io.open(filename, 'a')
+		if file then
+			for fieldname, fetch in pairs(fields) do
+				if fetch() then
+					file:write(string.format('%s %s %s\n', fieldname, client_random, fetch()))
+				end
 			end
+			file:close()
+		else
+			core.Warning("Cannot open SSL log file: " .. err .. ".")
 		end
 
-		file:close()
 		txn:set_var('sess.sslkeylogdone', true)
 	end
 end