Mercurial > hg > nginx

diff src/event/ngx_event_openssl.c @ 8586:7621ffaa79b3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: added the "ssl_keys_file" directive.
author Vladimir Homutov <vl@nginx.com>
date Tue, 15 Sep 2020 22:44:46 +0300
parents 0875101c08f7
children 93be5658a250
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -255,6 +255,50 @@ ngx_ssl_init(ngx_log_t *log)
 }
 
 
+void
+ngx_ssl_keylogger(const ngx_ssl_conn_t *ssl_conn, const char *line)
+{
+    u_char                *p;
+    size_t                 len;
+    ssize_t                n;
+    ngx_connection_t      *c;
+    ngx_ssl_connection_t  *sc;
+
+    if (line == NULL) {
+        return;
+    }
+
+    len = ngx_strlen(line);
+
+    if (len == 0) {
+        return;
+    }
+
+    c = ngx_ssl_get_connection(ssl_conn);
+    sc = c->ssl;
+
+    p = ngx_alloc(len + 1, c->log);
+    if (p == NULL) {
+        return;
+    }
+
+    ngx_memcpy(p, line, len);
+    p[len] = '\n';
+
+    n = ngx_write_fd(sc->keylog->fd, p, len + 1);
+    if (n == -1) {
+        ngx_log_error(NGX_LOG_ALERT, c->log, ngx_errno,
+                      ngx_write_fd_n " to \"%s\" failed",
+                      sc->keylog->name.data);
+
+    } else if ((size_t) n != len + 1) {
+        ngx_log_error(NGX_LOG_ALERT, c->log, 0,
+                      ngx_write_fd_n " to \"%s\" was incomplete: %z of %uz",
+                      sc->keylog->name.data, n, len + 1);
+    }
+}
+
+
 ngx_int_t
 ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
 {
@@ -1516,6 +1560,8 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl
         return NGX_ERROR;
     }
 
+    sc->keylog = ssl->keylog;
+
     sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
     sc->buffer_size = ssl->buffer_size;