some improvements

fixed build of test of sslkeylogfile updated some function description reverted default value of Policy::allow_ssl_key_log_file to false
randombit · May 23, 2024 · 87589eb · 87589eb
1 parent c284815
commit 87589eb
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/src/examples/tls_ssl_key_log_file.cpp b/src/examples/tls_ssl_key_log_file.cpp
@@ -118,8 +118,8 @@ class BotanTLSCallbacksProxy : public Botan::TLS::Callbacks {
       void tls_alert(Botan::TLS::Alert alert) override { BOTAN_UNUSED(alert); }
 
       void tls_ssl_key_log_data(std::string_view label,
-                                const std::span<const uint8_t>& client_random,
-                                const std::span<const uint8_t>& secret) const override {
+                                std::span<const uint8_t> client_random,
+                                std::span<const uint8_t> secret) const override {
          parent.tls_ssl_key_log_data(label, client_random, secret);
       }
 
@@ -182,8 +182,8 @@ class DtlsConnection : public Botan::TLS::Callbacks {
       }
 
       void tls_ssl_key_log_data(std::string_view label,
-                                const std::span<const uint8_t>& client_random,
-                                const std::span<const uint8_t>& secret) const override {
+                                std::span<const uint8_t> client_random,
+                                std::span<const uint8_t> secret) const override {
          std::ofstream stream;
          stream.open("test.skl", std::ofstream::out | std::ofstream::app);
          stream << label << " " << Botan::hex_encode(client_random.data(), client_random.size()) << " "

diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h
@@ -566,6 +566,8 @@ class BOTAN_PUBLIC_API(2, 0) Callbacks {
        *
        * Useful to implement the SSLKEYLOGFILE for connection debugging as
        * specified in ietf.org/archive/id/draft-thomson-tls-keylogfile-00.html
+       * 
+       * Invoked if Policy::allow_ssl_key_log_file returns true.
        *
        * Default implementation simply ignores the inputs.
        *

diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
@@ -22,8 +22,7 @@
 namespace Botan::TLS {
 
 bool Policy::allow_ssl_key_log_file() const {
-   std::string data;
-   return Botan::OS::read_env_variable(data, "SSLKEYLOGFILE");
+   return false;
 }
 
 std::vector<Signature_Scheme> Policy::allowed_signature_schemes() const {

diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
@@ -33,6 +33,8 @@ class BOTAN_PUBLIC_API(2, 0) Policy {
    public:
       /**
       * Allow ssl key log file
+      * @note If function returns true, then Callbacks::tls_ssl_key_log_data
+      *       will be invoked containing secret information for logging purposes
       */
       virtual bool allow_ssl_key_log_file() const;