diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-02-01 19:14:27 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2017-02-07 19:20:56 +0100 |
| commit | 4bf73e9f86804cfe98b03accfc2dd7cb98e018d6 (patch) | |
| tree | ca92a15e8a6b06e1a709e42131fa71c127bbc2fb /apps/s_client.c | |
| parent | a19a6c8179faa3da0dedaaf2effae385cf7dd65d (diff) | |
apps: Add support for writing a keylog file
The server and client demos (s_client and s_server) are extended with a
-keylogfile option. This is similar as setting the SSLKEYLOGFILE
environment variable for NSS and creates a keylog file which is suitable
for Wireshark.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2343)
Diffstat (limited to 'apps/s_client.c')
| -rw-r--r-- | apps/s_client.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index d9dbe702f9..ad237c3252 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -549,6 +549,7 @@ typedef enum OPTION_choice { OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST, OPT_ASYNC, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, + OPT_KEYLOG_FILE, OPT_V_ENUM, OPT_X_ENUM, OPT_S_ENUM, @@ -731,6 +732,7 @@ const OPTIONS s_client_options[] = { {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"}, {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"}, #endif + {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, {NULL, OPT_EOF, 0x00, NULL} }; @@ -890,6 +892,7 @@ int s_client_main(int argc, char **argv) int c_status_req = 0; #endif BIO *bio_c_msg = NULL; + const char *keylog_file = NULL; FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -1358,6 +1361,9 @@ int s_client_main(int argc, char **argv) case OPT_READ_BUF: read_buf_len = atoi(opt_arg()); break; + case OPT_KEYLOG_FILE: + keylog_file = opt_arg(); + break; } } if (count4or6 >= 2) { @@ -1706,6 +1712,9 @@ int s_client_main(int argc, char **argv) SSL_CTX_sess_set_new_cb(ctx, new_session_cb); } + if (set_keylog_file(ctx, keylog_file)) + goto end; + con = SSL_new(ctx); if (sess_in) { SSL_SESSION *sess; @@ -2574,6 +2583,7 @@ int s_client_main(int argc, char **argv) OPENSSL_free(next_proto.data); #endif SSL_CTX_free(ctx); + set_keylog_file(NULL, NULL); X509_free(cert); sk_X509_CRL_pop_free(crls, X509_CRL_free); EVP_PKEY_free(key); |