[issue34271] Please support logging of SSL master secret by env variable SSLKEYLOGFILE
Johannes Frank added the comment: Yes, I didn't revisit the issue since, but Malcolm is right. Implemented in python 3.8. Thanks to all the contributors. On Sat, Feb 29, 2020 at 8:58 AM Malcolm Smith wrote: > > Malcolm Smith added the comment: > > It looks like this has now been done and released. Can the issue be closed? > > -- > nosy: +Malcolm Smith > > ___ > Python tracker > <https://bugs.python.org/issue34271> > ___ > -- ___ Python tracker <https://bugs.python.org/issue34271> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue34271] Please support logging of SSL master secret by env variable SSLKEYLOGFILe
New submission from Johannes Frank : As discussed on the EuroPython 2018 it would be a great improvement if the python SSL module would respect the SSLKEYLOGFILE environment variable to log the master secret and the client random for packet trace decryption. The pycurl module compiled against libopenssl 1.1.0h does already work. OpenSSL 1.1.1 will offer to register a callback that will log the keys. There is also c code available using LD_PRELOAD here: https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c It would be great if a call to the requests, aiohttp, urllib3 or asks library would lead to the keys logged if the environment variable is set from within python. Thank you -- assignee: christian.heimes components: SSL files: pycurl-get.py messages: 322632 nosy: christian.heimes, jmfrank63 priority: normal severity: normal status: open title: Please support logging of SSL master secret by env variable SSLKEYLOGFILe type: enhancement versions: Python 3.7 Added file: https://bugs.python.org/file47719/pycurl-get.py ___ Python tracker <https://bugs.python.org/issue34271> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue34271] Please support logging of SSL master secret by env variable SSLKEYLOGFILE
Change by Johannes Frank : -- title: Please support logging of SSL master secret by env variable SSLKEYLOGFILe -> Please support logging of SSL master secret by env variable SSLKEYLOGFILE ___ Python tracker <https://bugs.python.org/issue34271> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue34271] Please support logging of SSL master secret by env variable SSLKEYLOGFILE
Johannes Frank added the comment:
Hi Christian
I would be willing to give this a try, could you publish or send me that
more elaborate code?
Thanks Johannes
On Wed, 26 Sep 2018 at 09:25, Christian Heimes
wrote:
>
> Christian Heimes added the comment:
>
> Here is a horribly hacky and simple implementation. I have a more
> elaborate implementation that does correct locking and has no global state.
>
> static BIO *bio_keylog = NULL;
>
> static void keylog_callback(const SSL *ssl, const char *line)
> {
> BIO_printf(bio_keylog, "%s\n", line);
> (void)BIO_flush(bio_keylog);
> }
>
> int PySSL_set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
> {
> /* Close any open files */
> BIO_free_all(bio_keylog);
> bio_keylog = NULL;
>
> if (ctx == NULL || keylog_file == NULL) {
> /* Keylogging is disabled, OK. */
> return 0;
> }
>
> /*
> * Append rather than write in order to allow concurrent modification.
> * Furthermore, this preserves existing keylog files which is useful
> when
> * the tool is run multiple times.
> */
> bio_keylog = BIO_new_file(keylog_file, "a");
> if (bio_keylog == NULL) {
> BIO *b = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
> BIO_printf(b, "Error writing keylog file %s\n", keylog_file);
> BIO_free_all(b);
> return 1;
> }
>
> /* Write a header for seekable, empty files (this excludes pipes). */
> if (BIO_tell(bio_keylog) == 0) {
> BIO_puts(bio_keylog,
> "# SSL/TLS secrets log file, generated by OpenSSL\n");
> (void)BIO_flush(bio_keylog);
> }
> SSL_CTX_set_keylog_callback(ctx, keylog_callback);
> return 0;
> }
>
> --
> stage: -> needs patch
> versions: +Python 3.8 -Python 3.7
>
> ___
> Python tracker
> <https://bugs.python.org/issue34271>
> ___
>
--
___
Python tracker
<https://bugs.python.org/issue34271>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue34271] Please support logging of SSL master secret by env variable SSLKEYLOGFILE
Johannes Frank added the comment: Hello Christian, much appreciated. Thank you so much. Johannes -- ___ Python tracker <https://bugs.python.org/issue34271> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue17305] IDNA2008 encoding is missing
Change by Johannes Frank : -- nosy: +matrixise ___ Python tracker <https://bugs.python.org/issue17305> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
