#include "internal/ssl_unwrap.h"
#include "quic/quic_local.h"
+#ifndef OPENSSL_NO_SSLKEYLOG
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+
static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r,
unsigned char *s, size_t t, size_t *u)
{
* via ssl.h.
*/
+#ifndef OPENSSL_NO_SSLKEYLOG
+static BIO *get_sslkeylog_bio(const char *keylogfile)
+{
+# ifdef _POSIX_C_SOURCE
+ BIO *b;
+ int fdno = -1;
+ FILE *fp = NULL;
+
+ fdno = open(keylogfile, O_WRONLY | O_CREAT | O_APPEND, 0600);
+ if (fdno < 0)
+ return NULL;
+
+ fp = fdopen(fdno, "a");
+ if (fp == NULL) {
+ close(fdno);
+ return NULL;
+ }
+
+ if ((b = BIO_new_fp(fp, BIO_CLOSE)) == NULL)
+ fclose(fp);
+ return b;
+# else
+ return BIO_new_file(keylogfile, "a");
+# endif
+}
+#endif
+
SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
const SSL_METHOD *meth)
{
* if its already there.
*/
if (keylog_bio == NULL) {
- keylog_bio = BIO_new_file(keylogfile, "a");
+ keylog_bio = get_sslkeylog_bio(keylogfile);
if (keylog_bio == NULL) {
OSSL_TRACE(TLS, "Unable to create keylog bio\n");
goto out;
plan skip_all => "$test_name requires SSLKEYLOGFILE support"
if disabled("sslkeylog");
-plan tests => 1;
+my $tests = 1;
+if ($^O =~ /^(linux)$/) {
+ $tests = 2;
+}
+
+plan tests => $tests;
my $shlib_wrap = srctop_file("util", "wrap.pl");
# Test 1: Compare the output of -keylogfile and SSLKEYLOGFILE, and make sure they match
# Note, the former adds a comment, that the latter does not, so ignore comments with -I in diff
ok(run(cmd(["diff", "-I" ,"^#.*\$", $sslkeylogfile, $trace_file])));
+
+# Test 2, linux-specific: the keylog file should have permission 0600
+if ($^O =~ /^(linux)$/) {
+ my $mode = sprintf("%04o", (stat($sslkeylogfile))[2] & 07777);
+ ok($mode eq "0600");
+}
projects / thirdparty / openssl.git / commitdiff
