-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSLKEYLOGFILE not working with curl-for-win build #13672
Comments
LibreSSL doesn't really support the keylog mechanism. The API exists since a number of things don't properly test and guard for it, but it is a noop. |
And I guess the reason to use LibreSSL on Windows is because it makes for easier builds? Or just a preference in general due to possible security considerations? |
- Revert to the legacy TLS 1.2 key logging code for LibreSSL. Prior to this change if the user specified a filename in the SSLKEYLOGFILE environment variable and was using LibreSSL 3.5.0+ then an empty file would be created and no keys would be logged. This is effectively a revert of e43474b which changed openssl.c to use SSL_CTX_set_keylog_callback for LibreSSL 3.5.0+. Unfortunately LibreSSL added that function only as a stub that doesn't actually do anything. Reported-by: Gonçalo Carvalho Fixes curl#13672 Closes #xxxx
Thanks, I missed that on review when we enabled support. I am proposing #13682 to revert to the legacy TLS 1.2 logging for LibreSSL. Is there a way we can extract TLS 1.3 secrets with LibreSSL?
There were a number of reasons, see curl/curl-for-win#44 /cc @vszakats |
From discussion #13665 the reporter @glslang is using the official curl for windows build 8.7.1 64-bit and SSLKEYLOGFILE is not working. A blank file is created and nothing is written.
I can reproduce with the same build. curl 8.7.1 with OpenSSL then SSLKEYLOGFILE works so I suspect this is an issue with how we coded it for LibreSSL
The text was updated successfully, but these errors were encountered: