Commits on Sep 20, 2024

1. client/server: support for KeyLog trait, SSLKEYLOGFILE …

   For debugging purposes it's quite helpful to be able to log session
   secrets to a file specified by the `SSLKEYLOGFILE`, for example to use
   with Wireshark to decrypt session traffic.
   
   This commit adds two methods to rustls-ffi for both client and server
   configurations to facilitate this:
   
   1. `rustls_server_config_builder_set_key_log_file()` and
      `rustls_client_config_builder_set_key_log_file()` enable using the
      Rustls `KeyLogFile` implementation of the `KeyLog` trait. This option
      simply honours the `SSLKEYLOGFILE` env var and spits out a NSS
      formatted key log file appropriate for use with Wireshark and other
      tools that support this format.
   
   2. `rustls_server_config_builder_set_key_log()` and
      `rustls_client_config_builder_set_key_log()` enable providing
      C callbacks that will be invoked to decide which secrets are logged,
      and to do the logging. This allows for fine-grained control over how
      secrets are logged and may be more appropriate for applications that
      already handle this task for other TLS backends (e.g. curl).
   
   The client and server examples are updated to optionally use these new
   features. If the `SSLKEYLOG` env. var is set, both will use the
   `_set_key_log_file()` fns to set up the standard file based key logging.
   If the `STDERRKEYLOG` env var is set then both will use the
   `_set_key_log()` fns to set up custom callbacks that will print the
   hex-encoded secret data to stderr as a simple demonstration.

   

   cpu committed Sep 20, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 4b251e4
   • Browse repository at this point

   Copy the full SHA

   4b251e4 View commit details

   Browse the repository at this point in the history