From 87589eb8d074b724e148348ac17a62079bb5f278 Mon Sep 17 00:00:00 2001
From: Alexey Volokitin <alexey.v@didww.com>
Date: Thu, 23 May 2024 11:19:20 +0300
Subject: [PATCH] some improvements

fixed build of test of sslkeylogfile
updated some function description
reverted default value of Policy::allow_ssl_key_log_file to false
---
 src/examples/tls_ssl_key_log_file.cpp | 8 ++++----
 src/lib/tls/tls_callbacks.h           | 2 ++
 src/lib/tls/tls_policy.cpp            | 3 +--
 src/lib/tls/tls_policy.h              | 2 ++
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/examples/tls_ssl_key_log_file.cpp b/src/examples/tls_ssl_key_log_file.cpp
index b0fc239edee..7d1f44a38f2 100644
--- a/src/examples/tls_ssl_key_log_file.cpp
+++ b/src/examples/tls_ssl_key_log_file.cpp
@@ -118,8 +118,8 @@ class BotanTLSCallbacksProxy : public Botan::TLS::Callbacks {
       void tls_alert(Botan::TLS::Alert alert) override { BOTAN_UNUSED(alert); }
 
       void tls_ssl_key_log_data(std::string_view label,
-                                const std::span<const uint8_t>& client_random,
-                                const std::span<const uint8_t>& secret) const override {
+                                std::span<const uint8_t> client_random,
+                                std::span<const uint8_t> secret) const override {
          parent.tls_ssl_key_log_data(label, client_random, secret);
       }
 
@@ -182,8 +182,8 @@ class DtlsConnection : public Botan::TLS::Callbacks {
       }
 
       void tls_ssl_key_log_data(std::string_view label,
-                                const std::span<const uint8_t>& client_random,
-                                const std::span<const uint8_t>& secret) const override {
+                                std::span<const uint8_t> client_random,
+                                std::span<const uint8_t> secret) const override {
          std::ofstream stream;
          stream.open("test.skl", std::ofstream::out | std::ofstream::app);
          stream << label << " " << Botan::hex_encode(client_random.data(), client_random.size()) << " "
diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h
index 7b1fccd5cef..1aeb7d7ba6a 100644
--- a/src/lib/tls/tls_callbacks.h
+++ b/src/lib/tls/tls_callbacks.h
@@ -566,6 +566,8 @@ class BOTAN_PUBLIC_API(2, 0) Callbacks {
        *
        * Useful to implement the SSLKEYLOGFILE for connection debugging as
        * specified in ietf.org/archive/id/draft-thomson-tls-keylogfile-00.html
+       * 
+       * Invoked if Policy::allow_ssl_key_log_file returns true.
        *
        * Default implementation simply ignores the inputs.
        *
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 70e43488f32..55f979a547f 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -22,8 +22,7 @@
 namespace Botan::TLS {
 
 bool Policy::allow_ssl_key_log_file() const {
-   std::string data;
-   return Botan::OS::read_env_variable(data, "SSLKEYLOGFILE");
+   return false;
 }
 
 std::vector<Signature_Scheme> Policy::allowed_signature_schemes() const {
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 1aa3863e1ee..259af56cf24 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -33,6 +33,8 @@ class BOTAN_PUBLIC_API(2, 0) Policy {
    public:
       /**
       * Allow ssl key log file
+      * @note If function returns true, then Callbacks::tls_ssl_key_log_data
+      *       will be invoked containing secret information for logging purposes
       */
       virtual bool allow_ssl_key_log_file() const;