diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c index f5b91fa..5a6b7ea 100644 --- a/ssl/ssl_analyze.c +++ b/ssl/ssl_analyze.c @@ -219,7 +219,7 @@ static int create_ssl_ctx(handle,ctxp) ssl_decode_ctx *ctx=0; int r,_status; - if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password)) + if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile)) ABORT(r); *ctxp=(proto_ctx *)ctx; diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 7c3ee79..656343a 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -76,6 +76,7 @@ struct ssl_decode_ctx_ { SSL_CTX *ssl_ctx; SSL *ssl; r_assoc *session_cache; + FILE *ssl_key_log_file; #else char dummy; /* Some compilers (Win32) don't like empty structs */ @@ -132,10 +133,11 @@ static int password_cb(char *buf,int num,int rwflag,void *userdata) return(strlen(ssl_password)); } -int ssl_decode_ctx_create(dp,keyfile,pass) +int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile) ssl_decode_ctx **dp; char *keyfile; char *pass; + char *keylogfile; { #ifdef OPENSSL ssl_decode_ctx *d=0; @@ -169,6 +171,11 @@ int ssl_decode_ctx_create(dp,keyfile,pass) if(r_assoc_create(&d->session_cache)) ABORT(R_NO_MEMORY); + if(keylogfile && !(d->ssl_key_log_file=fopen(keylogfile, "r"))){ + fprintf(stderr,"Failed to open ssl key log file"); + ABORT(R_INTERNAL); + } + X509V3_add_standard_extensions(); *dp=d; @@ -539,9 +546,8 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) #ifdef OPENSSL int r,_status; int i; - EVP_PKEY *pk; - + if(ssl->cs->kex!=KEX_RSA) return(-1); diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h index 3ef9226..48acafe 100644 --- a/ssl/ssldecode.h +++ b/ssl/ssldecode.h @@ -51,7 +51,7 @@ #define CRDUMPD(a,b) P_(P_CR) {exdump(ssl,a,b);printf("\n");} int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx, - char *keyfile,char *password)); + char *keyfile,char *password,char *keylogfile)); int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp)); int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx)); int ssl_set_client_random PROTO_LIST((ssl_decoder *dp,