Browse code

tls: added new session_keylog_enable and session_keylog_filename configuration params

Sergey Safarov authored on 21/06/2021 12:45:21
Showing 4 changed files
... ...
@@ -50,6 +50,8 @@ struct cfg_group_tls default_tls_cfg = {
50 50
 	STR_NULL, /* cipher_list (default value set in fix_tls_cfg) */
51 51
 	0, /* session_cache */
52 52
 	STR_STATIC_INIT("kamailio-tls-5.x.y"), /* session_id */
53
+	0, /* session_keylog_enable */
54
+	STR_STATIC_INIT("/var/lib/kamailio/session_keylog"), /* session_keylog_filename */
53 55
 	STR_NULL, /* config_file */
54 56
 	3, /* log  (L_DBG)*/
55 57
 	3, /* debug (L_DBG) */
... ...
@@ -177,6 +179,10 @@ cfg_def_t	tls_cfg_def[] = {
177 179
 		"enables or disables the session cache" },
178 180
 	{"session_id", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
179 181
 		"string used for the session id" },
182
+	{"session_keylog_enable", CFG_VAR_INT, 0, 1, 0, 0,
183
+		"enables export TLS/DTLS session keys" },
184
+	{"session_keylog_filename", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
185
+		"TLS/DTLS session filename" },
180 186
 	{"config", CFG_VAR_STR, 0, 0, fix_rel_pathname, 0,
181 187
 		"tls config file name (used for the per domain options)" },
182 188
 	{"log", CFG_VAR_INT | CFG_ATOMIC, 0, 1000, 0, 0,
... ...
@@ -55,6 +55,8 @@ struct cfg_group_tls {
55 55
 	str cipher_list;
56 56
 	int session_cache;
57 57
 	str session_id;
58
+	int session_keylog_enable;   /* enable logging of TLS/DTLS session keys*/
59
+	str session_keylog_filename; /* TLS/DTLS session keys filename */
58 60
 	str config_file;
59 61
 	int log;
60 62
 	int debug;
... ...
@@ -233,6 +233,8 @@ static param_export_t params[] = {
233 233
 	{"tls_debug",           PARAM_INT,    &default_tls_cfg.debug        },
234 234
 	{"session_cache",       PARAM_INT,    &default_tls_cfg.session_cache},
235 235
 	{"session_id",          PARAM_STR,    &default_tls_cfg.session_id   },
236
+	{"session_keylog_enable", PARAM_INT, &default_tls_cfg.session_keylog_enable},
237
+	{"session_keylog_filename", PARAM_STR, &default_tls_cfg.session_keylog_filename},
236 238
 	{"config",              PARAM_STR,    &default_tls_cfg.config_file  },
237 239
 	{"tls_disable_compression", PARAM_INT,
238 240
 										&default_tls_cfg.disable_compression},
... ...
@@ -233,6 +233,8 @@ static void tls_options(rpc_t* rpc, void* c)
233 233
 		"cipher_list",		&cfg_get(tls, tls_cfg, cipher_list),
234 234
 		"session_cache",	cfg_get(tls, tls_cfg, session_cache),
235 235
 		"session_id",		&cfg_get(tls, tls_cfg, session_id),
236
+		"session_keylog_enable",	&cfg_get(tls, tls_cfg, session_keylog_enable),
237
+		"session_keylog_filename",	&cfg_get(tls, tls_cfg, session_keylog_filename),
236 238
 		"config",			&cfg_get(tls, tls_cfg, config_file),
237 239
 		"log",				cfg_get(tls, tls_cfg, log),
238 240
 		"debug",			cfg_get(tls, tls_cfg, debug),