Skip to content

sslkeylog: Allows toggling of SSL key logging on or off without restarting the application #3267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
VaibhavTekale1 wants to merge 11 commits into
base: main
Choose a base branch
from
+37 −4
Open

sslkeylog: Allows toggling of SSL key logging on or off without restarting the application #3267

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
79e55bd
openssl:support for user_ctx data structure to toggle SSL key logging…
Nov 6, 2024
72608b5
openssl:support for user_ctx data structure to toggle SSL key logging…
Nov 6, 2024
d07332f
sslkeylogfile:kept seperate function for sniffing
Nov 12, 2024
0373ac9
sslkeylog: added lws api which will take bool flag and wsi to start o…
Nov 27, 2024
e7d34cf
sslkeylog: added api in lws to start or stop logging ssl keys as per …
Nov 27, 2024
e2bbca5
sslkeylog: added api in lws to start or stop logging ssl keys as per …
Nov 27, 2024
b6e01aa
Update windows-init.c
VaibhavTekale1 Nov 27, 2024
8210ccb
sll_protocol may be be16
lws-team Jan 22, 2025
e0c312c
google-fuzzer: avoid warnings about c / c++ size diff
lws-team Jan 22, 2025
0c0bb07
Merge branch 'warmcat:main' into server-sshkeylog
VaibhavTekale1 Feb 3, 2025
06b2931
sshkeylog: enable or disable ssl key logging at run time
Mar 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions include/libwebsockets/lws-context-vhost.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1293,6 +1293,15 @@ lws_systemd_inherited_fd(unsigned int index,
LWS_VISIBLE LWS_EXTERN int
lws_context_is_being_destroyed(struct lws_context *context);

/* This API allows the user to disable SSL key logging. */
LWS_VISIBLE LWS_EXTERN void
lws_reset_keylog_file(struct lws *wsi);

/* This API allows the user to enable SSL key logging.
sslkeyfilepath : user can provide file name along with path in which ssl keys will get logged */
LWS_VISIBLE LWS_EXTERN void
lws_set_keylog_file(struct lws *wsi, char *sslkeyfilepath);

/*! \defgroup vhost-mounts Vhost mounts and options
* \ingroup context-and-vhost-creation
*
Expand Down
29 changes: 26 additions & 3 deletions lib/core-net/close.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@
#include "private-lib-core.h"
#include "private-lib-async-dns.h"

// to store key log file path
static char *klfl_env = NULL;

#if defined(LWS_WITH_CLIENT)
static int
lws_close_trans_q_leader(struct lws_dll2 *d, void *user)
Expand Down Expand Up @@ -1037,6 +1040,28 @@ __lws_close_free_wsi_final(struct lws *wsi)
__lws_free_wsi(wsi);
}

/* To stop logging SSL keys, reset the `keylog_file` data */
void lws_reset_keylog_file(struct lws *wsi)
{
klfl_env = NULL;
wsi->a.context->keylog_file[0] = '\0';
}

/* The file path, either from user input or the environment variable, will be assigned to the LWS context to initiate SSL key logging. */
void lws_set_keylog_file(struct lws *wsi, char *sslkeyfilepath)
{
/* The user input file path takes priority over the environment variable. */
if('\0' != sslkeyfilepath[0])
klfl_env = sslkeyfilepath;
else
klfl_env = getenv("SSLKEYLOGFILE");

/* To begin logging SSL keys, the key log file will be set in lws_context */
if (NULL != klfl_env && strlen(klfl_env) > 1){
lws_strncpy(wsi->a.context->keylog_file, klfl_env,
strlen(klfl_env)+1);
}
}

void
lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason, const char *caller)
Expand All @@ -1052,6 +1077,4 @@ lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason, const char *ca
lws_pt_unlock(pt);

lws_context_unlock(cx);
}


}
3 changes: 2 additions & 1 deletion lib/core/private-lib-core.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@

#include "lws_config.h"
#include "lws_config_private.h"

#include <stdbool.h>
#include <stdio.h>

#if defined(LWS_WITH_CGI) && defined(LWS_HAVE_VFORK) && \
!defined(NO_GNU_SOURCE_THIS_TIME) && !defined(_GNU_SOURCE)
Expand Down