@item @code{GNUTLS_DEBUG_LEVEL}
@tab When set to a numeric value, it sets the default debugging level for GnuTLS applications.
-@item @code{GNUTLS_KEYLOGFILE}
-@tab When set to a filename, GnuTLS will store to it the client session keys in the NSS Key Log
+@item @code{GNUTLS_KEYLOGFILE}, @code{SSLKEYLOGFILE}
+@tab When set to a filename, GnuTLS will append to it the session keys in the NSS Key Log
format. That format can be read by wireshark and will allow decryption of the session for debugging.
@item @code{GNUTLS_CPUID_OVERRIDE}
extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
void *_gnutls_file_mutex;
void *_gnutls_pkcs11_mutex;
+const char *_gnutls_keylogfile = NULL;
ASN1_TYPE _gnutls_pkix1_asn = ASN1_TYPE_EMPTY;
ASN1_TYPE _gnutls_gnutls_asn = ASN1_TYPE_EMPTY;
_gnutls_switch_lib_state(LIB_STATE_INIT);
+ _gnutls_keylogfile = getenv("GNUTLS_KEYLOGFILE");
+ if (_gnutls_keylogfile == NULL)
+ _gnutls_keylogfile = getenv("SSLKEYLOGFILE");
+
e = getenv("GNUTLS_DEBUG_LEVEL");
if (e != NULL) {
level = atoi(e);
#define _gnutls_get_gnutls_asn() ((ASN1_TYPE) _gnutls_gnutls_asn)
#define _gnutls_get_pkix() ((ASN1_TYPE) _gnutls_pkix1_asn)
+extern const char *_gnutls_keylogfile;
+
extern gnutls_log_func _gnutls_log_func;
extern gnutls_audit_log_func _gnutls_audit_log_func;
extern int _gnutls_log_level;
static void write_nss_key_log(gnutls_session_t session, const gnutls_datum_t *premaster)
{
- const char *filename;
char buf[512];
+ char buf2[512];
FILE *fp;
- if (session->security_parameters.entity == GNUTLS_SERVER)
+ if (_gnutls_keylogfile == NULL)
return;
- filename = getenv("GNUTLS_KEYLOGFILE");
-
- if (filename == NULL)
- return;
-
- fp = fopen(filename, "w");
+ fp = fopen(_gnutls_keylogfile, "a");
if (fp == NULL)
return;
- if (session->security_parameters.kx_algorithm == GNUTLS_KX_RSA) {
- fprintf(fp, "RSA %s ",
- _gnutls_bin2hex(premaster->data,
- premaster->size,
- buf, sizeof(buf),
- NULL));
- fprintf(fp, "%s\n",
- _gnutls_bin2hex(session->security_parameters.
- master_secret, GNUTLS_MASTER_SIZE,
- buf, sizeof(buf), NULL));
- }
-
- fprintf(fp, "CLIENT_RANDOM %s ",
+ fprintf(fp, "CLIENT_RANDOM %s %s\n",
_gnutls_bin2hex(session->security_parameters.
client_random, 32, buf,
- sizeof(buf), NULL));
- fprintf(fp, "%s\n",
+ sizeof(buf), NULL),
_gnutls_bin2hex(session->security_parameters.
master_secret, GNUTLS_MASTER_SIZE,
- buf, sizeof(buf), NULL));
+ buf2, sizeof(buf2), NULL));
fclose(fp);
}
projects / thirdparty / gnutls.git / commitdiff
