diff options
author | Peter Hartmann <phartmann@blackberry.com> | 2013-03-22 13:55:13 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-03-22 19:52:26 +0100 |
commit | 1f180e9690a0a5f6cc849c1988ccda13de1b1e20 (patch) | |
tree | a3974827fac6352ab7b07445be4262617d9a9110 /src | |
parent | ab18bb84e45513e71d78681150a58db7b2e6afad (diff) |
SSL code: store SSL parameters for debugging, guarded by define
... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark.
For this to work, the define needs to be uncommented and QtNetwork
recompiled. This will create a file in /tmp/qt-ssl-keys which can
be fed into Wireshark.
A recent version of Wireshark is needed for this to work.
Change-Id: I4e41fd2e6122260cd96d443b1360edc71b08b5fd
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index e8f8b294c9..2b9c4b5bd2 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -55,6 +55,7 @@ ****************************************************************************/ //#define QSSLSOCKET_DEBUG +//#define QT_DECRYPT_SSL_TRAFFIC #include "qsslsocket_openssl_p.h" #include "qsslsocket_openssl_symbols_p.h" @@ -1403,6 +1404,40 @@ void QSslSocketBackendPrivate::continueHandshake() if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) configuration.peerSessionShared = true; +#ifdef QT_DECRYPT_SSL_TRAFFIC + if (ssl->session && ssl->s3) { + const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); + QByteArray masterKey(mk, ssl->session->master_key_length); + const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); + QByteArray clientRandom(random, SSL3_RANDOM_SIZE); + + // different format, needed for e.g. older Wireshark versions: +// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); +// QByteArray sessionID(sid, ssl->session->session_id_length); +// QByteArray debugLineRSA("RSA Session-ID:"); +// debugLineRSA.append(sessionID.toHex().toUpper()); +// debugLineRSA.append(" Master-Key:"); +// debugLineRSA.append(masterKey.toHex().toUpper()); +// debugLineRSA.append("\n"); + + QByteArray debugLineClientRandom("CLIENT_RANDOM "); + debugLineClientRandom.append(clientRandom.toHex().toUpper()); + debugLineClientRandom.append(" "); + debugLineClientRandom.append(masterKey.toHex().toUpper()); + debugLineClientRandom.append("\n"); + + QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); + QFile file(sslKeyFile); + if (!file.open(QIODevice::Append)) + qWarning() << "could not open file" << sslKeyFile << "for appending"; + if (!file.write(debugLineClientRandom)) + qWarning() << "could not write to file" << sslKeyFile; + file.close(); + } else { + qWarning("could not decrypt SSL traffic"); + } +#endif + // Cache this SSL session inside the QSslContext if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) { if (!sslContextPointer->cacheSession(ssl)) |