tls: openssl: add runtime enable/disable API for SSL key logging#3556
Open
VaibhavTekale1 wants to merge 38 commits into
Open
tls: openssl: add runtime enable/disable API for SSL key logging#3556VaibhavTekale1 wants to merge 38 commits into
VaibhavTekale1 wants to merge 38 commits into
Conversation
Add a generic DTLS wrapper to lws that is able to work using any of the supported tls libraries as the backed: openssl (and variants), mbedtls, gnutls, schannel Note that schannel is not able to work with webrtc due to schannel api's own limitations. You must use openssl or mbedtls for windows if you want to use dtls for webrtc.
Having added a member to lws_plugin_protocol, it's a good time to change the old struct initializer format to C9, since we'll have to visit them all anyway. Also modernize the event lib struct while we're at it.
lws-team
force-pushed
the
main
branch
17 times, most recently
from
c0616c1 to
d15a153
Compare
lws-team
force-pushed
the
main
branch
13 times, most recently
from
8e57b3d to
a686094
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
@lws-team
Summary
Add two new public APIs to enable and disable SSL key logging (SSLKEYLOGFILE)
at runtime, without requiring a context rebuild.
Previously, the keylog callback was only registered if
keylog_filewas setat context creation time (
lws_context_creation_info). This made it impossibleto toggle key logging on an already-running context.
Changes
New public APIs (
include/libwebsockets/lws-context-vhost.h)lws_set_keylog_file(struct lws *wsi, char *sslkeyfilepath)Enables SSL key logging. If
sslkeyfilepathis non-empty, that path is used;otherwise the
SSLKEYLOGFILEenvironment variable is consulted. The resolvedpath is written into
wsi->a.context->keylog_file.lws_reset_keylog_file(struct lws *wsi)Disables SSL key logging by clearing
wsi->a.context->keylog_file.TLS callback registration (
lib/tls/openssl/)openssl-client.c,openssl-server.c:SSL_CTX_set_keylog_callback()isnow registered unconditionally (subject to
LWS_HAVE_SSL_CTX_set_keylog_callbackand
LWS_WITH_TLS). Thelws_klog_dumpcallback itself gates on whetherkeylog_fileis set, so logging only occurs when explicitly enabled via thenew APIs.
Simplified the preprocessor condition in
openssl-server.cfrom(!defined(LWS_WITHOUT_CLIENT) || !defined(LWS_WITHOUT_SERVER))to justdefined(LWS_WITH_TLS), which is the meaningful guard for this code path.