X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=src%2Fsrc%2Ftls-openssl.c;h=689af87b1690467c8cd7d58e55dc48b27c2a3a35;hb=9c5e54499afef5167bee6ecdcbf8dd5f023f51e0;hp=169cf564f3e57a4111ef51be4222addeb4349a21;hpb=09fa60df6e9929364a2c0830eff1e0f4f27ba095;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 169cf564f..689af87b1 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -70,6 +70,7 @@ change this guard and punt the issue for a while longer. */ # define EXIM_HAVE_OPENSSL_CHECKHOST # define EXIM_HAVE_OPENSSL_DH_BITS # define EXIM_HAVE_OPENSSL_TLS_METHOD +# define EXIM_HAVE_OPENSSL_KEYLOG # else # define EXIM_NEED_OPENSSL_INIT # endif @@ -2302,16 +2303,28 @@ and initialize things. */ peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn)); -construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits); -tls_in.cipher = cipherbuf; - DEBUG(D_tls) { uschar buf[2048]; if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)) != NULL) debug_printf("Shared ciphers: %s\n", buf); + +#ifdef EXIM_HAVE_OPENSSL_KEYLOG + { + BIO * bp = BIO_new(BIO_s_mem()); + uschar * s; + int len; + SSL_SESSION_print_keylog(bp, SSL_get_session(server_ssl)); + len = (int) BIO_get_mem_data(bp, CSS &s); + debug_printf("%.*s", len, s); + BIO_free(bp); + } +#endif } +construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits); +tls_in.cipher = cipherbuf; + /* Record the certificate we presented */ { X509 * crt = SSL_get_certificate(server_ssl); @@ -2678,7 +2691,21 @@ if (rc <= 0) return NULL; } -DEBUG(D_tls) debug_printf("SSL_connect succeeded\n"); +DEBUG(D_tls) + { + debug_printf("SSL_connect succeeded\n"); +#ifdef EXIM_HAVE_OPENSSL_KEYLOG + { + BIO * bp = BIO_new(BIO_s_mem()); + uschar * s; + int len; + SSL_SESSION_print_keylog(bp, SSL_get_session(server_ssl)); + len = (int) BIO_get_mem_data(bp, CSS &s); + debug_printf("%.*s", len, s); + BIO_free(bp); + } +#endif + } peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));