*/
#include <inttypes.h>
+#include <stdlib.h>
#include <string.h>
#if HAVE_LIBNGHTTP2
#include <nghttp2/nghttp2.h>
SSL_CTX_free(ctx);
}
+/*
+ * Callback invoked by the SSL library whenever a new TLS pre-master secret
+ * needs to be logged.
+ */
+static void
+sslkeylogfile_append(const SSL *ssl, const char *line) {
+ UNUSED(ssl);
+
+ isc_log_write(isc_lctx, ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_NETMGR,
+ ISC_LOG_INFO, "%s", line);
+}
+
+/*
+ * Enable TLS pre-master secret logging if the SSLKEYLOGFILE environment
+ * variable is set. This needs to be done on a per-context basis as that is
+ * how SSL_CTX_set_keylog_callback() works.
+ */
+static void
+sslkeylogfile_init(isc_tlsctx_t *ctx) {
+ if (getenv("SSLKEYLOGFILE") != NULL) {
+ SSL_CTX_set_keylog_callback(ctx, sslkeylogfile_append);
+ }
+}
+
isc_result_t
isc_tlsctx_createclient(isc_tlsctx_t **ctxp) {
unsigned long err;
SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
#endif
+ sslkeylogfile_init(ctx);
+
*ctxp = ctx;
return (ISC_R_SUCCESS);
}
}
+ sslkeylogfile_init(ctx);
+
*ctxp = ctx;
return (ISC_R_SUCCESS);
projects / thirdparty / bind9.git / commitdiff
