BIO_meth_free(m);
}
+#ifndef HAVE_KEYLOG_UPSTREAM
#ifdef HAVE_KEYLOG_CALLBACK
static void ossl_keylog_callback(const SSL *ssl, const char *line)
{
master_key, master_key_length);
}
#endif /* !HAVE_KEYLOG_CALLBACK */
+#endif /* HAVE_KEYLOG_UPSTREAM */
static const char *SSL_ERROR_to_str(int err)
{
0;
OPENSSL_init_ssl(flags, NULL);
+#ifndef HAVE_KEYLOG_UPSTREAM
Curl_tls_keylog_open();
+#endif
return 1;
}
/* Global cleanup */
static void ossl_cleanup(void)
{
+#ifndef HAVE_KEYLOG_UPSTREAM
Curl_tls_keylog_close();
+#endif
}
/* Selects an OpenSSL crypto engine or provider.
SSL_CTX_set_verify(octx->ssl_ctx, SSL_VERIFY_NONE, NULL);
/* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
-#ifdef HAVE_KEYLOG_CALLBACK
+#if !defined(HAVE_KEYLOG_UPSTREAM) && defined(HAVE_KEYLOG_CALLBACK)
if(Curl_tls_keylog_enabled()) {
SSL_CTX_set_keylog_callback(octx->ssl_ctx, ossl_keylog_callback);
}
octx->x509_store_setup = TRUE;
}
-#ifndef HAVE_KEYLOG_CALLBACK
+#if !defined(HAVE_KEYLOG_UPSTREAM) && !defined(HAVE_KEYLOG_CALLBACK)
/* If key logging is enabled, wait for the handshake to complete and then
* proceed with logging secrets (for TLS 1.2 or older).
*/
#define HAVE_BORINGSSL_LIKE
#endif
+/* OpenSSL 3.5.0+ has built-in 'SSLKEYLOGFILE' support if built with
+ 'enable-sslkeylog' */
+#if OPENSSL_VERSION_NUMBER >= 0x30500000L && !defined(OPENSSL_NO_SSLKEYLOG)
+#define HAVE_KEYLOG_UPSTREAM
+#endif
+
/*
* Whether SSL_CTX_set_keylog_callback is available.
* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
CURLcode io_result; /* result of last BIO cfilter operation */
/* blocked writes need to retry with same length, remember it */
int blocked_ssl_write_len;
-#ifndef HAVE_KEYLOG_CALLBACK
+#if !defined(HAVE_KEYLOG_UPSTREAM) && !defined(HAVE_KEYLOG_CALLBACK)
/* Set to true once a valid keylog entry has been created to avoid dupes.
This is a bool and not a bitfield because it is passed by address. */
bool keylog_done;
projects / thirdparty / curl.git / commitdiff
