mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-25 17:10:23 +00:00
LibTLS+RequestServer: Add an option to dump TLS keys to a log file
This file allows us to decrypt TLS messages in wireshark, which can help immensely in debugging network stuff :^)
This commit is contained in:
parent
a796207b9f
commit
cb7becb067
Notes:
sideshowbarker
2024-07-17 19:05:53 +09:00
Author: https://github.com/alimpfard Commit: https://github.com/SerenityOS/serenity/commit/cb7becb067 Pull-request: https://github.com/SerenityOS/serenity/pull/12394
4 changed files with 28 additions and 2 deletions
|
@ -434,6 +434,10 @@
|
||||||
#cmakedefine01 TLS_DEBUG
|
#cmakedefine01 TLS_DEBUG
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef TLS_SSL_KEYLOG_DEBUG
|
||||||
|
#cmakedefine01 TLS_SSL_KEYLOG_DEBUG
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef TOKENIZER_TRACE_DEBUG
|
#ifndef TOKENIZER_TRACE_DEBUG
|
||||||
#cmakedefine01 TOKENIZER_TRACE_DEBUG
|
#cmakedefine01 TOKENIZER_TRACE_DEBUG
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -182,6 +182,7 @@ set(TERMINAL_DEBUG ON)
|
||||||
set(TEXTEDITOR_DEBUG ON)
|
set(TEXTEDITOR_DEBUG ON)
|
||||||
set(THREAD_DEBUG ON)
|
set(THREAD_DEBUG ON)
|
||||||
set(TLS_DEBUG ON)
|
set(TLS_DEBUG ON)
|
||||||
|
set(TLS_SSL_KEYLOG_DEBUG ON)
|
||||||
set(TOKENIZER_TRACE_DEBUG ON)
|
set(TOKENIZER_TRACE_DEBUG ON)
|
||||||
set(TTY_DEBUG ON)
|
set(TTY_DEBUG ON)
|
||||||
set(UCI_DEBUG ON)
|
set(UCI_DEBUG ON)
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <AK/Debug.h>
|
#include <AK/Debug.h>
|
||||||
|
#include <AK/Hex.h>
|
||||||
#include <AK/Random.h>
|
#include <AK/Random.h>
|
||||||
#include <LibCrypto/ASN1/DER.h>
|
#include <LibCrypto/ASN1/DER.h>
|
||||||
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
|
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
|
||||||
|
@ -136,6 +137,16 @@ bool TLSv12::compute_master_secret_from_pre_master_secret(size_t length)
|
||||||
dbgln("master key:");
|
dbgln("master key:");
|
||||||
print_buffer(m_context.master_key);
|
print_buffer(m_context.master_key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if constexpr (TLS_SSL_KEYLOG_DEBUG) {
|
||||||
|
auto file = MUST(Core::Stream::File::open("/home/anon/ssl_keylog", Core::Stream::OpenMode::Append | Core::Stream::OpenMode::Write));
|
||||||
|
VERIFY(file->write_or_error("CLIENT_RANDOM "sv.bytes()));
|
||||||
|
VERIFY(file->write_or_error(encode_hex({ m_context.local_random, 32 }).bytes()));
|
||||||
|
VERIFY(file->write_or_error(" "sv.bytes()));
|
||||||
|
VERIFY(file->write_or_error(encode_hex(m_context.master_key).bytes()));
|
||||||
|
VERIFY(file->write_or_error("\n"sv.bytes()));
|
||||||
|
}
|
||||||
|
|
||||||
expand_key();
|
expand_key();
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,9 +19,17 @@
|
||||||
|
|
||||||
ErrorOr<int> serenity_main(Main::Arguments)
|
ErrorOr<int> serenity_main(Main::Arguments)
|
||||||
{
|
{
|
||||||
TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd sigaction"));
|
if constexpr (TLS_SSL_KEYLOG_DEBUG)
|
||||||
|
TRY(Core::System::pledge("stdio inet accept unix cpath wpath rpath sendfd recvfd sigaction"));
|
||||||
|
else
|
||||||
|
TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd sigaction"));
|
||||||
|
|
||||||
signal(SIGINFO, [](int) { RequestServer::ConnectionCache::dump_jobs(); });
|
signal(SIGINFO, [](int) { RequestServer::ConnectionCache::dump_jobs(); });
|
||||||
TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd"));
|
|
||||||
|
if constexpr (TLS_SSL_KEYLOG_DEBUG)
|
||||||
|
TRY(Core::System::pledge("stdio inet accept unix cpath wpath rpath sendfd recvfd"));
|
||||||
|
else
|
||||||
|
TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd"));
|
||||||
|
|
||||||
// Ensure the certificates are read out here.
|
// Ensure the certificates are read out here.
|
||||||
[[maybe_unused]] auto& certs = DefaultRootCACertificates::the();
|
[[maybe_unused]] auto& certs = DefaultRootCACertificates::the();
|
||||||
|
@ -30,6 +38,8 @@ ErrorOr<int> serenity_main(Main::Arguments)
|
||||||
// FIXME: Establish a connection to LookupServer and then drop "unix"?
|
// FIXME: Establish a connection to LookupServer and then drop "unix"?
|
||||||
TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
|
TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
|
||||||
TRY(Core::System::unveil("/etc/timezone", "r"));
|
TRY(Core::System::unveil("/etc/timezone", "r"));
|
||||||
|
if constexpr (TLS_SSL_KEYLOG_DEBUG)
|
||||||
|
TRY(Core::System::unveil("/home/anon", "rwc"));
|
||||||
TRY(Core::System::unveil(nullptr, nullptr));
|
TRY(Core::System::unveil(nullptr, nullptr));
|
||||||
|
|
||||||
[[maybe_unused]] auto gemini = make<RequestServer::GeminiProtocol>();
|
[[maybe_unused]] auto gemini = make<RequestServer::GeminiProtocol>();
|
||||||
|
|
Loading…
Reference in a new issue