diff options
author | Kai Engert <kaie@kuix.de> | 2016-04-21 17:46:49 +0200 |
---|---|---|
committer | Kai Engert <kaie@kuix.de> | 2016-04-21 17:46:49 +0200 |
commit | 8189af23f9ee951b4f5ca31d4e79693bc34d4ae5 (patch) | |
tree | 8f15c91e49beae28dd5ac7090444a55dd52642ca | |
parent | 72250b67ea555e2588be91449f9147f2f86e4b09 (diff) | |
download | nss-hg-8189af23f9ee951b4f5ca31d4e79693bc34d4ae5.tar.gz |
Bug 1183318, Allow applications to disable logging of TLS/SSL key material, r=martin.thomson
-rw-r--r-- | lib/ssl/ssl3con.c | 4 | ||||
-rw-r--r-- | lib/ssl/sslsock.c | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 5188f3316..8ae7dbaf0 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -6350,6 +6350,7 @@ sendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey) goto loser; } +#ifndef DISABLE_SSLKEYLOGFILE if (ssl_keylog_iob) { SECStatus extractRV = PK11_ExtractKeyValue(pms); if (extractRV == SECSuccess) { @@ -6381,6 +6382,7 @@ sendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey) } } } +#endif rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, isTLS ? enc_pms.len + 2 @@ -11674,6 +11676,7 @@ ssl3_SendNextProto(sslSocket *ss) static void ssl3_RecordKeyLog(sslSocket *ss) { +#ifndef DISABLE_SSLKEYLOGFILE SECStatus rv; SECItem *keyData; char buf[14 /* "CLIENT_RANDOM " */ + @@ -11724,6 +11727,7 @@ ssl3_RecordKeyLog(sslSocket *ss) return; fflush(ssl_keylog_iob); return; +#endif } /* called from ssl3_SendClientSecondRound diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 6ad8e5d97..12735557f 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -127,7 +127,11 @@ int ssl_lock_readers = 1; /* default true. */ char ssl_debug; char ssl_trace; FILE *ssl_trace_iob; + +#ifndef DISABLE_SSLKEYLOGFILE FILE *ssl_keylog_iob; +#endif + char lockStatus[] = "Locks are ENABLED. "; #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */ @@ -3361,6 +3365,7 @@ ssl_SetDefaultsFromEnvironment(void) SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); } #endif /* DEBUG */ +#ifndef DISABLE_SSLKEYLOGFILE ev = PR_GetEnvSecure("SSLKEYLOGFILE"); if (ev && ev[0]) { ssl_keylog_iob = fopen(ev, "a"); @@ -3374,6 +3379,7 @@ ssl_SetDefaultsFromEnvironment(void) SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); } } +#endif #ifndef NO_PKCS11_BYPASS ev = PR_GetEnvSecure("SSLBYPASS"); if (ev && ev[0]) { |