LibTLS: Remove key-logging debug feature

This attempted to save data into /home/anon even on Linux

AK/Debug.h.in

@@ -242,10 +242,6 @@
 #    cmakedefine01 TLS_DEBUG
 #endif
 
-#ifndef TLS_SSL_KEYLOG_DEBUG
-#    cmakedefine01 TLS_SSL_KEYLOG_DEBUG
-#endif
-
 #ifndef TOKENIZER_TRACE_DEBUG
 #    cmakedefine01 TOKENIZER_TRACE_DEBUG
 #endif

Meta/CMake/all_the_debug_macros.cmake

@@ -56,7 +56,6 @@ set(TEXTEDITOR_DEBUG ON)
 set(TIFF_DEBUG ON)
 set(TIME_ZONE_DEBUG ON)
 set(TLS_DEBUG ON)
-set(TLS_SSL_KEYLOG_DEBUG ON)
 set(TOKENIZER_TRACE_DEBUG ON)
 set(URL_PARSER_DEBUG ON)
 set(UTF8_DEBUG ON)

Meta/gn/secondary/AK/BUILD.gn

@@ -268,7 +268,6 @@ write_cmake_config("ak_debug_gen") {
     "TIFF_DEBUG=",
     "TIME_ZONE_DEBUG=",
     "TLS_DEBUG=",
-    "TLS_SSL_KEYLOG_DEBUG=",
     "TOKENIZER_TRACE_DEBUG=",
     "URL_PARSER_DEBUG=",
     "UTF8_DEBUG=",

Userland/Libraries/LibTLS/HandshakeClient.cpp

@@ -151,15 +151,6 @@ bool TLSv12::compute_master_secret_from_pre_master_secret(size_t length)
         print_buffer(m_context.master_key);
     }
 
-    if constexpr (TLS_SSL_KEYLOG_DEBUG) {
-        auto file = MUST(Core::File::open("/home/anon/ssl_keylog"sv, Core::File::OpenMode::Append | Core::File::OpenMode::Write));
-        MUST(file->write_until_depleted("CLIENT_RANDOM "sv));
-        MUST(file->write_until_depleted(encode_hex({ m_context.local_random, 32 })));
-        MUST(file->write_until_depleted(" "sv));
-        MUST(file->write_until_depleted(encode_hex(m_context.master_key)));
-        MUST(file->write_until_depleted("\n"sv));
-    }
-
     expand_key();
     return true;
 }

Userland/Services/RequestServer/main.cpp

@@ -18,19 +18,13 @@
 
 ErrorOr<int> serenity_main(Main::Arguments)
 {
-    if constexpr (TLS_SSL_KEYLOG_DEBUG)
-        TRY(Core::System::pledge("stdio inet accept thread unix cpath wpath rpath sendfd recvfd sigaction"));
-    else
-        TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd sigaction"));
+    TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd sigaction"));
 
 #ifdef SIGINFO
     signal(SIGINFO, [](int) { RequestServer::ConnectionCache::dump_jobs(); });
 #endif
 
-    if constexpr (TLS_SSL_KEYLOG_DEBUG)
-        TRY(Core::System::pledge("stdio inet accept thread unix cpath wpath rpath sendfd recvfd"));
-    else
-        TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd"));
+    TRY(Core::System::pledge("stdio inet accept thread unix rpath sendfd recvfd"));
 
     // Ensure the certificates are read out here.
     // FIXME: Allow specifying extra certificates on the command line, or in other configuration.
@@ -41,8 +35,6 @@ ErrorOr<int> serenity_main(Main::Arguments)
     TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
     TRY(Core::System::unveil("/etc/cacert.pem", "rw"));
     TRY(Core::System::unveil("/etc/timezone", "r"));
-    if constexpr (TLS_SSL_KEYLOG_DEBUG)
-        TRY(Core::System::unveil("/home/anon", "rwc"));
     TRY(Core::System::unveil(nullptr, nullptr));
 
     RequestServer::HttpProtocol::install();