Google Git
Sign in
boringssl / boringssl.git / d28f59c27bac60d3206f0c302b7cb37f9cd88f43^! / . / include / openssl / ssl.h
commitd28f59c27bac60d3206f0c302b7cb37f9cd88f43[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Tue Nov 17 22:32:50 2015 -0500
committerAdam Langley <agl@google.com>Thu Nov 19 01:23:49 2015 +0000
treed4c7e0e7e0cb3db43279f45a8d2f987c4ba8ac4b
parentfba735cfd879514aa150ee02f0be37a283bfbdde [diff] [blame]
Switch the keylog BIO to a callback.

The keylog BIO is internally synchronized by the SSL_CTX lock, but an
application may wish to log keys from multiple SSL_CTXs. This is in
preparation for switching Chromium to use a separate SSL_CTX per profile
to more naturally split up the session caches.

It will also be useful for routing up SSLKEYLOGFILE in WebRTC. There,
each log line must be converted to an IPC up from the renderer
processes.

This will require changes in Chromium when we roll BoringSSL.

BUG=458365,webrtc:4417

Change-Id: I2945bdb4def0a9c36e751eab3d5b06c330d66b54
Reviewed-on: https://boringssl-review.googlesource.com/6514
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d59eb84..0791441 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -2683,13 +2683,15 @@
 /* SSL_set_msg_callback_arg sets the |arg| parameter of the message callback. */
 OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
 
-/* SSL_CTX_set_keylog_bio sets configures all SSL objects attached to |ctx| to
- * log session material to |keylog_bio|. This is intended for debugging use
- * with tools like Wireshark. |ctx| takes ownership of |keylog_bio|.
+/* SSL_CTX_set_keylog_callback configures a callback to log key material. This
+ * is intended for debugging use with tools like Wireshark. The |cb| function
+ * should log |line| followed by a newline, synchronizing with any concurrent
+ * access to the log.
  *
  * The format is described in
  * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. */
-OPENSSL_EXPORT void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio);
+OPENSSL_EXPORT void SSL_CTX_set_keylog_callback(
+    SSL_CTX *ctx, void (*cb)(const SSL *ssl, const char *line));
 
 enum ssl_renegotiate_mode_t {
   ssl_renegotiate_never = 0,
@@ -3738,9 +3740,9 @@
   uint8_t *ocsp_response;
   size_t ocsp_response_length;
 
-  /* If not NULL, session key material will be logged to this BIO for debugging
-   * purposes. The format matches NSS's and is readable by Wireshark. */
-  BIO *keylog_bio;
+  /* keylog_callback, if not NULL, is the key logging callback. See
+   * |SSL_CTX_set_keylog_callback|. */
+  void (*keylog_callback)(const SSL *ssl, const char *line);
 
   /* current_time_cb, if not NULL, is the function to use to get the current
    * time. It sets |*out_clock| to the current time. */