Merge pull request #2119 from nghttp2/nghttp-keylog

nghttp: Support SSLKEYLOGFILE
nghttp2 · Mar 25, 2024 · cd993a9 · cd993a9
2 parents f08e339 + d5cf562
commit cd993a9
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 15 deletions.
diff --git a/src/h2load.cc b/src/h2load.cc
@@ -87,15 +87,6 @@ bool recorded(const std::chrono::steady_clock::time_point &t) {
 }
 } // namespace
 
-namespace {
-std::ofstream keylog_file;
-void keylog_callback(const SSL *ssl, const char *line) {
-  keylog_file.write(line, strlen(line));
-  keylog_file.put('\n');
-  keylog_file.flush();
-}
-} // namespace
-
 Config::Config()
     : ciphers(tls::DEFAULT_CIPHER_LIST),
       tls13_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_"
@@ -2977,12 +2968,10 @@ int main(int argc, char **argv) {
 
   SSL_CTX_set_alpn_protos(ssl_ctx, proto_list.data(), proto_list.size());
 
-  auto keylog_filename = getenv("SSLKEYLOGFILE");
-  if (keylog_filename) {
-    keylog_file.open(keylog_filename, std::ios_base::app);
-    if (keylog_file) {
-      SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
-    }
+  if (tls::setup_keylog_callback(ssl_ctx) != 0) {
+    std::cerr << "Failed to setup keylog" << std::endl;
+
+    exit(EXIT_FAILURE);
   }
 
 #if defined(NGHTTP2_OPENSSL_IS_BORINGSSL) && defined(HAVE_LIBBROTLI)

diff --git a/src/nghttp.cc b/src/nghttp.cc
@@ -2322,6 +2322,14 @@ int communicate(
       goto fin;
     }
 #endif // NGHTTP2_OPENSSL_IS_BORINGSSL && HAVE_LIBBROTLI
+
+    if (tls::setup_keylog_callback(ssl_ctx) != 0) {
+      std::cerr << "[ERROR] Failed to setup keylog" << std::endl;
+
+      result = -1;
+
+      goto fin;
+    }
   }
   {
     HttpClient client{callbacks, loop, ssl_ctx};

diff --git a/src/tls.cc b/src/tls.cc
@@ -25,9 +25,11 @@
 #include "tls.h"
 
 #include <cassert>
+#include <cstring>
 #include <vector>
 #include <mutex>
 #include <iostream>
+#include <fstream>
 
 #include <openssl/crypto.h>
 #include <openssl/conf.h>
@@ -176,6 +178,32 @@ int cert_decompress(SSL *ssl, CRYPTO_BUFFER **out, size_t uncompressed_len,
 }
 #endif // NGHTTP2_OPENSSL_IS_BORINGSSL && HAVE_LIBBROTLI
 
+namespace {
+std::ofstream keylog_file;
+
+void keylog_callback(const SSL *ssl, const char *line) {
+  keylog_file.write(line, strlen(line));
+  keylog_file.put('\n');
+  keylog_file.flush();
+}
+} // namespace
+
+int setup_keylog_callback(SSL_CTX *ssl_ctx) {
+  auto keylog_filename = getenv("SSLKEYLOGFILE");
+  if (!keylog_filename) {
+    return 0;
+  }
+
+  keylog_file.open(keylog_filename, std::ios_base::app);
+  if (!keylog_file) {
+    return -1;
+  }
+
+  SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
+
+  return 0;
+}
+
 } // namespace tls
 
 } // namespace nghttp2
diff --git a/src/tls.h b/src/tls.h
@@ -106,6 +106,9 @@ int cert_decompress(SSL *ssl, CRYPTO_BUFFER **out, size_t uncompressed_len,
                     const uint8_t *in, size_t in_len);
 #endif // NGHTTP2_OPENSSL_IS_BORINGSSL && HAVE_LIBBROTLI
 
+// Setup keylog callback.  It returns 0 if it succeeds, or -1.
+int setup_keylog_callback(SSL_CTX *ssl_ctx);
+
 } // namespace tls
 
 } // namespace nghttp2