diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-12-30 22:51:18 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-12-30 22:51:18 +0000 |
| commit | 3c1f3b85aa4139ba062268ca958bab0dd0d64140 (patch) | |
| tree | 9de99a26ee250257293ff5b7c6dbac7c54bfa074 | |
| parent | 190404d75c168ce1e6dbf6ee08bdbbf62b365e4b (diff) | |
OpenSSL: Debug output TLS 1.3 keying
| -rw-r--r-- | doc/doc-txt/ChangeLog | 7 | ||||
| -rw-r--r-- | src/src/tls-openssl.c | 15 |
2 files changed, 20 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f78b2001e..d24b44c94 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -8,8 +8,8 @@ options, and new features, see the NewStuff file next to this ChangeLog. Exim version 4.93 ----------------- -AM/01 Bug 2359: GnuTLS: repeat lowlevel read and write operations while they return error - codes indicating retry. Under TLS1.3 this becomes required. +JH/01 OpenSSL: With debug enabled output keying information sufficient, server + side, to decode a TLS 1.3 packet capture. Exim version 4.92 @@ -180,6 +180,9 @@ JH/37 Bug 2341: Send "message delayed" warning MDNs (restricted to external and multiple senders' messages were queued, only one sender would get notified on each configured delay_warning cycle. +AM/01 Bug 2359: GnuTLS: repeat lowlevel read and write operations while they return error + codes indicating retry. Under TLS1.3 this becomes required. + Exim version 4.91 ----------------- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 8f888824f..692022063 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -91,6 +91,12 @@ change this guard and punt the issue for a while longer. */ # endif #endif +#ifndef LIBRESSL_VERSION_NUMBER +# if OPENSSL_VERSION_NUMBER >= 0x010101000L +# define OPENSSL_HAVE_KEYLOG_CB +# endif +#endif + #if !defined(EXIM_HAVE_OPENSSL_TLSEXT) && !defined(DISABLE_OCSP) # warning "OpenSSL library version too old; define DISABLE_OCSP in Makefile" # define DISABLE_OCSP @@ -774,6 +780,12 @@ DEBUG(D_tls) } } +static void +keylog_callback(const SSL *ssl, const char *line) +{ +DEBUG(D_tls) debug_printf("%.200s\n", line); +} + /************************************************* @@ -1768,6 +1780,9 @@ if (!RAND_status()) level. */ DEBUG(D_tls) SSL_CTX_set_info_callback(ctx, (void (*)())info_callback); +#ifdef OPENSSL_HAVE_KEYLOG_CB +DEBUG(D_tls) SSL_CTX_set_keylog_callback(ctx, (void (*)())keylog_callback); +#endif /* Automatically re-try reads/writes after renegotiation. */ (void) SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); |